def group_edit(request): _ = get_localizer(request) group_model = GroupModel(request.db_session) permission_model = PermissionModel(request.db_session) group_name = request.matchdict['group_name'] group = group_model.get_by_name(group_name) if group is None: msg = _(u'Group %s does not exist') % group_name return HTTPNotFound(msg) group_permissions = [str(p.permission_id) for p in group.permissions] factory = FormFactory(_) GroupEditForm = factory.make_group_edit_form() form = GroupEditForm( request.params, permissions=group_permissions, group_name=group.group_name, display_name=group.display_name ) permissions = permission_model.get_list() form.permissions.choices = [ (str(p.permission_id), p.permission_name) for p in permissions ] if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() group_name = request.params['group_name'] display_name = request.params['display_name'] permissions = request.params.getall('permissions') by_name = group_model.get_by_name(group_name) if by_name is not None and group_name != group.group_name: msg = _(u'Group name %s already exists') % group_name form.group_name.errors.append(msg) validate_result = False if validate_result: with transaction.manager: group_model.update_group( group_id=group.group_id, group_name=group_name, display_name=display_name, ) group_model.update_permissions( group_id=group.group_id, permission_ids=permissions, ) group = group_model.get(group.group_id) msg = _(u"Group ${group_name} has been updated", mapping=dict(group_name=group.group_name)) request.add_flash(msg, 'success') url = request.route_url('admin.group_edit', group_name=group.group_name) return HTTPFound(location=url) return dict(form=form, group=group)