def category_edit(self): """ Edit category view. """ id = int(self.request.matchdict.get('id')) c = Category.by_id(id) if not c: return HTTPNotFound() """ Authorization check. """ if c.private and c.user_id is not authenticated_userid(self.request): return HTTPForbidden() form = CategoryEditForm(self.request.POST, c, csrf_context=self.request.session) if self.request.method == 'POST' and form.validate(): form.populate_obj(c) self.request.session.flash('Category %s updated' % (c.title), 'status') return HTTPFound(location=self.request.route_url('categories')) return {'title': 'Edit category', 'form': form, 'id': id, 'action': 'category_edit'}
def category_archive(self): """ Archive category, returns redirect. """ id = int(self.request.matchdict.get('id')) c = Category.by_id(id) if not c: return HTTPNotFound() """ Authorization check. """ if c.private and c.user_id is not authenticated_userid(self.request): return HTTPForbidden() c.archived = True DBSession.add(c) self.request.session.flash('Category %s archived' % (c.title), 'status') return HTTPFound(location=self.request.route_url('categories'))