def user_orders_storno(req, id): check_login(req) # TODO: check_token check_referer(req, '/eshop/orders/%d' % id) message = req.form.getfirst('message', '', uni) order = Order(id) if order.get(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) if order.client_id != req.login.id: raise SERVER_RETURN(state.HTTP_FORBIDDEN) if order.set_state(req, STATE_STORNED, usernote=message) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) send_order_status(req, order) redirect(req, '/eshop/orders/%d' % id)
def admin_news_enable(req, id): check_login(req, "/log_in?referer=/admin/news") match_right(req, module_rights) check_referer(req, "/admin/news") new = New(id) if not new.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if (not do_check_right(req, "news_editor")) and ( not (new.author_id == req.login.id and new.public_date.year == 1970) ): raise SERVER_RETURN(state.HTTP_FORBIDDEN) n_state = int(req.uri.endswith("/enable")) n_state = (n_state * 2) if new.public_date.year > 1970 else n_state new.set_state(req, n_state) redirect(req, "/admin/news")