def test_has_permission_to_delete_guest(): set_user(users.find_by_id(2)) # invited by normal1 entries.do_guest_entry(1, "name", "comment") # check... set_user(users.find_by_id(1)) # god assert entries.has_permission_to_delete_guest(1) set_user(users.find_by_id(2)) # normal1 assert entries.has_permission_to_delete_guest(1) set_user(users.find_by_id(3)) # normal2 assert not entries.has_permission_to_delete_guest(1) set_user(users.find_by_id(4)) # normal3 assert not entries.has_permission_to_delete_guest(1)
def remove_guest(guest_id): gu = entries.find_guest_by_id(guest_id) if not gu: logi('not found guest id: %d', guest_id) return abort(404) if not entries.has_permission_to_delete_guest(guest_id): logi('no permission to delete guest: %d', guest_id) return abort(403) logi('delete guest: %d', guest_id) entries.delete_guest_by_id(guest_id) info_message(message=u'%s の参加表明を取り消しました。' % gu['name'], title=u'更新ありがとうございます!') return redirect(url_for('schedule.schedule'))