def _section_helper(updatefn): rid = request.form['rid'].strip() title = request.form.get('title', '').strip() notes = request.form.get('notes', '').strip() sectidx = request.form.get('sectidx', '') subsectidx = request.form.get('subsectidx', '') r = Restaurant.get(rid) if not r: abort(404) #print 'sectidx:', sectidx, ' subsectidx:', subsectidx if sectidx: if not re.match('^-?\d+$', sectidx): abort(400) sectidx = int(sectidx) if sectidx >= len(r['menu']): print 'sectidx >=', len(r['menu']) abort(400) else: sectidx = -1 if subsectidx: if not re.match('^-?\d+$', subsectidx): abort(400) subsectidx = int(subsectidx) if 'subsections' in r['menu'][sectidx] and subsectidx >= len( r['menu'][sectidx]['subsections']): abort(400) else: subsectidx = -1 ret = updatefn(r, sectidx, subsectidx, title, notes) if ret: return ret Restaurant.save(r)
def _check_access(): if not current_user.is_authenticated(): abort(403) rid = request.form['rid'].strip() r = Restaurant.get(rid) if not r: return Errors(msg='Restaurant not found') if current_user.id != r['managed_by'].id: abort(403)
def root_home(rid=None): uid = None if current_user.is_admin else current_user.id args = dict(rlist=list(Restaurant.list_names_and_addresses(uid))) if rid: # TODO: check if r.managed_by == uid from bson.errors import InvalidId try: r = Restaurant.get(rid) if not r: logger.error('Restaurant ID not found: %s', rid) abort(404) args.update(restaurant=r) return render_template('/admin/root.html', **args) except InvalidId: logger.error('Invalid restaurant ID: %s', rid) abort(404) else: if current_user.is_admin or len(args['rlist']) > 1: return render_template('/admin/root.html', **args) else: return redirect('/admin/%s' % args['rlist'][0]['_id'])
def _save_helper(updatefn, **kwargs): rid = request.form.get('rid', '').strip() new = False r = None if rid: r = Restaurant.get(rid) if not r: abort(404) else: if kwargs.get('create_new', False): r, new = {}, True else: abort(404) ok, data = updatefn(r, request.form) if ok: data.update(status=STATUS_OK, rid=str(r['_id'])) if new: data['redirect'] = True if 'success_msg' in kwargs: data['success_msg'] = kwargs['success_msg'] else: data.update(status=STATUS_ERROR) return data