def permission_edit(id): perm = Permission.query.get_or_404(id) if not perm.owner_is(g.user): abort(403) form = PermissionForm(obj=perm) form.context.choices = available_client_owners() form.edit_obj = perm if request.method == 'GET': if perm.user: form.context.data = perm.user.userid else: form.context.data = perm.org.userid if form.validate_on_submit(): form.populate_obj(perm) perm.user = form.user perm.org = form.org db.session.commit() flash("Your permission has been saved", "info") return render_redirect(url_for('permission_list'), code=303) return render_form(form=form, title="Edit permission", formid="perm_edit", submit="Save changes", ajax=True)