def _edit_post(user, app, context): if context.method == 'get': btn = context.get_argument('btn', '') if btn == 'edit': p = model.get_post(context.get_argument('id'), published_only=False) if user.role >= store.ROLE_AUTHOR and p.ref != user.id: raise ApplicationError('Permission denied.') return { '__view__': 'manage_editor', 'post': p, 'categories': model.get_categories(), } return __get_post_list(user, context) if context.method == 'post': btn = context.get_argument('btn', '') id = context.get_argument('id', '') ok = False if btn == 'edit' and user.role >= store.ROLE_AUTHOR: p = model.get_post(id, False, False) if p and p.ref == user.id: title = context.get_argument('title') content = context.get_argument('content') category = model.get_category(context.get_argument('category')) tags = context.get_argument('tags') draft = context.get_argument('draft') == 'True' allow_comment = context.get_argument('allow_comment') == 'True' state = model.POST_PUBLISHED if draft: state = model.POST_DRAFT p = model.update_post(id, user, state, title, content, category, tags, allow_comment) return __json_result(False, p) elif btn == 'publish' and user.role >= store.ROLE_AUTHOR: p = model.get_post(id, False, False) if p and p.ref == user.id: ok = model.pending_post(id) elif btn == 'publish' and user.role <= store.ROLE_EDITOR: ok = model.publish_post(id) elif btn == 'unpublish' and user.role <= store.ROLE_EDITOR: ok = model.unpublish_post(id) elif btn == 'approve' and user.role <= store.ROLE_EDITOR: ok = model.approve_post(id) elif btn == 'delete' and user.role <= store.ROLE_EDITOR: ok = model.delete_post(id) elif btn == 'perm_delete' and user.role <= store.ROLE_EDITOR: ok = model.delete_post(id, permanent=True) elif btn == 'undelete' and user.role <= store.ROLE_EDITOR: ok = model.undelete_post(id) if not ok: logging.warning('Operation failed: %s, id=%s' % ( btn, id, )) return __get_post_list(user, context)
def update_post(): post = model.update_post(request.form) if post: if post.as_draft: return redirect(url_for('drafts')) else: return redirect(url_for('slug', slug=post.slug)) else: # todo: error message return redirect(url_for('edit_post', key=post.key()))
def _edit_post(user, app, context): if context.method=='get': btn = context.get_argument('btn', '') if btn=='edit': p = model.get_post(context.get_argument('id'), published_only=False) if user.role >= store.ROLE_AUTHOR and p.ref != user.id: raise ApplicationError('Permission denied.') return { '__view__' : 'manage_editor', 'post' : p, 'categories' : model.get_categories(), } return __get_post_list(user, context) if context.method=='post': btn = context.get_argument('btn', '') id = context.get_argument('id', '') ok = False if btn=='edit' and user.role >= store.ROLE_AUTHOR: p = model.get_post(id, False, False) if p and p.ref==user.id: title = context.get_argument('title') content = context.get_argument('content') category = model.get_category(context.get_argument('category')) tags = context.get_argument('tags') draft = context.get_argument('draft')=='True' allow_comment = context.get_argument('allow_comment')=='True' state = model.POST_PUBLISHED if draft: state = model.POST_DRAFT p = model.update_post(id, user, state, title, content, category, tags, allow_comment) return __json_result(False, p) elif btn=='publish' and user.role >= store.ROLE_AUTHOR: p = model.get_post(id, False, False) if p and p.ref==user.id: ok = model.pending_post(id) elif btn=='publish' and user.role <= store.ROLE_EDITOR: ok = model.publish_post(id) elif btn=='unpublish' and user.role <= store.ROLE_EDITOR: ok = model.unpublish_post(id) elif btn=='approve' and user.role <= store.ROLE_EDITOR: ok = model.approve_post(id) elif btn=='delete' and user.role <= store.ROLE_EDITOR: ok = model.delete_post(id) elif btn=='perm_delete' and user.role <= store.ROLE_EDITOR: ok = model.delete_post(id, permanent=True) elif btn=='undelete' and user.role <= store.ROLE_EDITOR: ok = model.undelete_post(id) if not ok: logging.warning('Operation failed: %s, id=%s' % (btn, id,)) return __get_post_list(user, context)