def edit(event_id): event = db.Event.get_or_404(event_id) with Grant(event, current_user, 'update'): form = Event_Form(request.form, obj=event) if form.validate_on_submit(): form.populate_obj(event) event.save() return redirect(url_for('calendar.show', event_id=event_id)) return render_template("calendar/edit.html", form=form)
def test_deny_authenticated_show(self): g = Grant(self.obj1, self.anon_user, 'show') self.assertRaises(PermissionDenied, g.__enter__())
def test_deny_nonfriend_notify(self): g = Grant(self.obj1, self.user2, 'notify') self.assertRaises(PermissionDenied, g.__enter__())
def test_deny_nonowner_update(self): g = Grant(self.obj1, self.user1, 'update') self.assertRaises(PermissionDenied, g.__enter__())