def admin_pages_mod(req, id): """Edit page could: * author of page, if still have pages_author right * admin with pages_modify right * admin with pages_listall right and right which must have page too """ check_login(req) match_right(req, module_rights) token = do_create_token(req, '/admin/pages/%d' % id) page = Page(id) if (not do_check_right(req, 'pages_modify')) \ and (not page.check_right(req)): raise SERVER_RETURN(state.HTTP_FORBIDDEN) if req.method == 'POST': check_token(req, req.form.get('token')) page.bind(req.form) error = page.mod(req) if error: return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, error=error, extra_rights=req.cfg.pages_extra_rights) # endif if not page.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, extra_rights=req.cfg.pages_extra_rights)
def admin_pagse_add(req): check_login(req) match_right(req, ('pages_author', 'pages_modify')) token = do_create_token(req, '/admin/pages/add') if req.method == 'POST': check_token(req, req.form.get('token')) page = Page() page.bind(req.form, req.login.id) error = page.add(req) if error: return generate_page(req, "admin/pages_mod.html", token=token, rights=rights, page=page, error=error) redirect(req, '/admin/pages/%d' % page.id) # end return generate_page(req, "admin/pages_mod.html", token=token, rights=rights)