def add(self, name=None, cls=None, read_groups=None, write_groups=None): auth = request.identity if 'a' not in auth.access(self): return drink.unauthorized("Not authorized") name = name or request.params.get('name').decode('utf-8') if name in self: return drink.unauthorized("%r is already defined!"%name) if None == cls: cls = request.params.get('class') if not cls: return drink.unauthorized("%r incorrect request!"%name) with self._lock(): o = self._add(name, cls, auth.user.default_read_groups, auth.user.default_write_groups) if o is None: return drink.unauthorized("You can't create %r objects!"%name) if request.is_ajax: return o.struct() else: return drink.rdr(o.quoted_path+'edit')
def rm(self): # TODO: ajaxify name = drink.omni(request.GET.get('name')) if not ('a' in request.identity.access(self) and 'w' in request.identity.access(self[name])): return drink.unauthorized("Not authorized") try: parent_path = self.quoted_path except AttributeError: # XXX: unclean parent_path = '.' with self._lock(): old_obj = self[name] del self[name] old_obj._update_lookup_engine(remove=True) drink.transaction.commit() return drink.rdr(parent_path)