def book_delete(book_id): if not current_user.is_admin: abort(403) b = Book.get(book_id) if not b: abort(404) b.delete() return redirect(url_for("admin_public"))
def book_share(book_id): b = Book.get(book_id) if not b: abort(404) if b.added_by_login != current_user.login: abort(403) b.is_public = not b.is_public b.save() return redirect(url_for("main"))
def admin_order_set_status(order_id, new_status_code): if not current_user.is_admin: abort(403) # access denied o = Order.get(order_id) if not OrderStatus.get(new_status_code): return abort(400) # bad request o.status_id = new_status_code o.save() return redirect(url_for('admin_order', order_id=order_id))
def book_get(book_id): b = Book.get(book_id) if not b: abort(404) if not b.is_public: abort(403) if not current_user.has_book(b): current_user.books.append(b) current_user.save() return redirect(url_for("public"))
def book_remove(book_id): b = Book.get(book_id) if not b: abort(404) if not b.is_public: abort(403) if current_user.has_book(b): current_user.books.remove(b) current_user.save() return redirect(url_for("main"))
def comment_add(order_id): text = request.form['text'] c = Comment() o = Order.get(order_id) if not o: abort(404) c.text = text c.order_id = order_id c.user_login = current_user.login c.save() if current_user.is_admin: return redirect(url_for('admin_order', order_id=order_id)) return redirect(url_for('order', order_id=order_id))
def admin_order_resolve(order_id): if not current_user.is_admin: abort(403) # access denied o = Order.get(order_id) if not o: abort(404) if 'book_id' not in request.form: abort(400) o.status_id = 2 # resolved o.book_id = request.form['book_id'] o.save() return redirect(url_for('admin_orders'))
def admin_order(order_id): if not current_user.is_admin: abort(403) # access denied o = Order.get(order_id) return render_template('admin/order.html', o=o)
def abort_if_invalid_order_hash(order_hash): if not is_hex(order_hash) or len(order_hash[2:]) != 64: abort(404, message="Invalid order hash: {}".format(order_hash))
def abort_if_unknown_exchange(trustlines, exchange_address): if (exchange_address not in trustlines.exchange_addresses and exchange_address not in trustlines.exchange_addresses): abort(404, "Unknown exchange: {}".format(exchange_address))
def _check_conflict(self, name): query = RoomAttribute.query.filter(db.func.lower(RoomAttribute.name) == name.lower()) if self.attribute: query = query.filter(RoomAttribute.id != self.attribute.id) if query.has_rows(): abort(422, messages={'name': [_('Name must be unique')]})
def _check_conflict(self, name): query = EquipmentType.query.filter(db.func.lower(EquipmentType.name) == name.lower()) if self.equipment_type: query = query.filter(EquipmentType.id != self.equipment_type.id) if query.has_rows(): abort(422, messages={'name': [_('Name must be unique')]})
def _check_invalid_times(self, availability): if any(bh['start_time'] >= bh['end_time'] for bh in availability['bookable_hours']): abort(422, messages={'bookable_hours': [_('Start time should not be later than end time')]})
def _check_conflict(self, name): query = Location.query.filter(~Location.is_deleted, db.func.lower(Location.name) == name.lower()) if self.location: query = query.filter(Location.id != self.location.id) if query.has_rows(): abort(422, messages={'name': [_('Name must be unique')]})
def handle_request_parsing_error(err): """ Webargs error handler that uses Flask-RESTful's abort function to return a JSON error response to the client. """ abort(StatusCode.UnprocessableEntity.value, errors=err.messages)
def admin_orders(): if not current_user.is_admin: abort(403) # access denied ods = Order.get_all() return render_template('admin/orders.html', orders=ods)
def admin_users(): if not current_user.is_admin: abort(403) # access denied users = User.get_all() return render_template('admin/users.html', users=users)
def handle_request_parsing_error(err, req, schema, *, error_status_code, error_headers): """webargs error handler that uses Flask-RESTful's abort function to return a JSON error response to the client. """ abort(error_status_code, errors=err.messages)
def test_abort_with_message(): with pytest.raises(HTTPException) as excinfo: abort(400, message='custom error message') assert excinfo.value.data['message'] == 'custom error message'
def raise_old_password_was_wrong(): """Raises a valid HTTPException""" return abort( 422, exc=ValidationError("old password is not correct"), messages={"old_password": ["Was not correct"]} )
def handle_request_parsing_error(err, req, schema, error_status_code, error_headers): abort(error_status_code, errors=err.messages)