Exemplo n.º 1
0
    def add(self, name=None, cls=None, read_groups=None, write_groups=None):
        auth = request.identity

        if 'a' not in auth.access(self):
            return drink.unauthorized("Not authorized")

        name = name or request.params.get('name').decode('utf-8')

        if name in self:
            return drink.unauthorized("%r is already defined!"%name)

        if None == cls:
            cls = request.params.get('class')
        if not cls:
            return drink.unauthorized("%r incorrect request!"%name)

        with self._lock():
            o = self._add(name, cls, auth.user.default_read_groups, auth.user.default_write_groups)
        if o is None:
            return drink.unauthorized("You can't create %r objects!"%name)

        if request.is_ajax:
            return o.struct()
        else:
            return drink.rdr(o.quoted_path+'edit')
Exemplo n.º 2
0
    def rm(self):
        # TODO: ajaxify
        name = drink.omni(request.GET.get('name'))
        if not ('a' in request.identity.access(self) and 'w' in request.identity.access(self[name])):
            return drink.unauthorized("Not authorized")
        try:
            parent_path = self.quoted_path
        except AttributeError: # XXX: unclean
            parent_path = '.'

        with self._lock():
            old_obj = self[name]
            del self[name]
            old_obj._update_lookup_engine(remove=True)
            drink.transaction.commit()

        return drink.rdr(parent_path)