def post(self, name=None, mapping_id=None): mapping = TagPermissionMap.get(self.session, id=mapping_id) if not mapping: return self.notfound() if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name): return self.forbidden() permission = mapping.permission tag = mapping.tag mapping.delete(self.session) Counter.incr(self.session, "updates") self.session.commit() AuditLog.log( self.session, self.current_user.id, "revoke_tag_permission", "Revoked permission with argument: {}".format(mapping.argument), on_tag_id=tag.id, on_permission_id=permission.id, ) return self.redirect("/tags/{}?refresh=yes".format(tag.name))
def get(self, name=None, mapping_id=None): mapping = TagPermissionMap.get(self.session, id=mapping_id) if not mapping: return self.notfound() if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name): return self.forbidden() self.render("permission-revoke-tag.html", mapping=mapping)
def get(self, name=None, mapping_id=None): mapping = TagPermissionMap.get(self.session, id=mapping_id) if not mapping: return self.notfound() if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name): return self.forbidden() self.render("permission-revoke-tag.html", mapping=mapping)
def post(self, name=None, mapping_id=None): mapping = TagPermissionMap.get(self.session, id=mapping_id) if not mapping: return self.notfound() if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name): return self.forbidden() permission = mapping.permission tag = mapping.tag mapping.delete(self.session) Counter.incr(self.session, "updates") self.session.commit() AuditLog.log(self.session, self.current_user.id, 'revoke_tag_permission', 'Revoked permission with argument: {}'.format(mapping.argument), on_tag_id=tag.id, on_permission_id=permission.id) return self.redirect('/tags/{}?refresh=yes'.format(tag.name))