def category_edit(self):
""" Edit category view. """
id = int(self.request.matchdict.get('id'))
c = Category.by_id(id)
if not c:
return HTTPNotFound()
""" Authorization check. """
if c.private and c.user_id is not authenticated_userid(self.request):
return HTTPForbidden()
form = CategoryEditForm(self.request.POST, c,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
form.populate_obj(c)
self.request.session.flash('Category %s updated' %
(c.title), 'status')
return HTTPFound(location=self.request.route_url('categories'))
return {'title': 'Edit category',
'form': form,
'id': id,
'action': 'category_edit'}
def category_archive(self):
""" Archive category, returns redirect. """
id = int(self.request.matchdict.get('id'))
c = Category.by_id(id)
if not c:
return HTTPNotFound()
""" Authorization check. """
if c.private and c.user_id is not authenticated_userid(self.request):
return HTTPForbidden()
c.archived = True
DBSession.add(c)
self.request.session.flash('Category %s archived' %
(c.title), 'status')
return HTTPFound(location=self.request.route_url('categories'))
