def user_orders_storno(req, id):
check_login(req)
# TODO: check_token
check_referer(req, '/eshop/orders/%d' % id)
message = req.form.getfirst('message', '', uni)
order = Order(id)
if order.get(req) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if order.client_id != req.login.id:
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if order.set_state(req, STATE_STORNED, usernote=message) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
send_order_status(req, order)
redirect(req, '/eshop/orders/%d' % id)
def admin_news_enable(req, id):
check_login(req, "/log_in?referer=/admin/news")
match_right(req, module_rights)
check_referer(req, "/admin/news")
new = New(id)
if not new.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, "news_editor")) and (
not (new.author_id == req.login.id and new.public_date.year == 1970)
):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
n_state = int(req.uri.endswith("/enable"))
n_state = (n_state * 2) if new.public_date.year > 1970 else n_state
new.set_state(req, n_state)
redirect(req, "/admin/news")
