def dispatch_request(self, patient_id, **kwargs): patient = Patient.query.get_or_404(patient_id) if not patient.can_edit(current_user): abort(403) args = [] # TODO permissions if self.disease_group: disease_group_id = kwargs.pop('disease_group_id') disease_group = DiseaseGroup.query.get_or_404(disease_group_id) args.append(disease_group) obj = self.detail_service.get_object(patient, *args, **kwargs) if obj is None: return self.not_found(*args) form = DeleteForm() if not obj.can_edit(current_user) or not form.validate_on_submit(): abort(403) db.session.delete(obj) db.session.commit() flash('Deleted.', 'success') return self.deleted(patient, *args)
def delete_post(post_id): post = Post.query.get_or_404(post_id) if not post.can_edit(current_user): abort(403) delete_form = DeleteForm() if delete_form.validate_on_submit(): db.session.delete(post) db.session.commit() return redirect(url_for('news.view_posts')) else: abort(403)
def delete_patient(patient_id): patient = Patient.query.get_or_404(patient_id) # TODO probably shouldn't be able to delete a patient who belongs to non-editable units if not patient.can_edit(current_user): abort(403) form = DeleteForm() if form.validate_on_submit(): db.session.delete(patient) db.session.commit() flash('Patient deleted.', 'success') return redirect(url_for('patients.view_patient_list')) else: context = dict( patient=patient, patient_data=get_patient_data(patient) ) return render_template('patient/delete.html', **context)