def view(request): session = DBSession() uid = request.params["uid"] delete_recursive = json.loads(request.params["recursive"]) ro = ResearchObject.get(session, uid) if ro.owner == request.unauthenticated_userid: ResearchObject.remove(session, ro, delete_recursive) return {}
def edit_init(request, session, tab): """Common init for all 'edit' views. Args: request: (Request) session: (DBSession) tab: (str) current tab in view Returns: (ResearchObject, dict of (str: any)): ro, view_params """ ro, view_params = view_init(request, session, tab) warn_links = [link for link in ro.out_links if link.type == 'produce'] error_links = [link for link in ro.in_links if link.type != 'contains'] view_params["warn_links"] = warn_links view_params["error_links"] = error_links if not view_params["allow_edit"]: msg = "Access to %s edition not granted for you" % ro.id request.session.flash(msg, 'warning') raise HTTPFound(location=request.route_url('home')) if 'back' in request.params: # request.session.flash("Edition stopped", 'success') loc = request.route_url('ro_view_%s' % tab, uid=ro.id) raise HTTPFound(location=loc) if 'update' in request.params: # edit project visibility public = 'visibility' in request.params ro.public = public if 'confirm_transfer' in request.params: if request.unauthenticated_userid != ro.owner: request.session.flash("Action non authorized for you", 'warning') raise HTTPFound(location=request.route_url('home')) user = User.get(session, request.params["new_owner"]) if user is None: msg = "User '%s' is unknown" % request.params["new_owner"] request.session.flash(msg, 'warning') raise HTTPFound(location=request.current_route_url()) ro.change_owner(session, user) loc = request.route_url("ro_view_home", uid=ro.id) transaction.commit() raise HTTPFound(location=loc) delete_recursive = "confirm_delete_recursive" in request.params if "confirm_delete" in request.params or delete_recursive: if ResearchObject.remove(session, ro, delete_recursive): transaction.commit() request.session.flash("RO '%s' deleted" % ro.id, 'success') else: request.session.flash("Failed to delete '%s'" % ro.id, 'warning') raise HTTPFound(location=request.route_url('home')) return ro, view_params