Exemplo n.º 1
0
def book_delete(book_id):
    if not current_user.is_admin:
        abort(403)
    b = Book.get(book_id)
    if not b:
        abort(404)
    b.delete()
    return redirect(url_for("admin_public"))
Exemplo n.º 2
0
def book_share(book_id):
    b = Book.get(book_id)
    if not b:
        abort(404)
    if b.added_by_login != current_user.login:
        abort(403)
    b.is_public = not b.is_public
    b.save()
    return redirect(url_for("main"))
Exemplo n.º 3
0
def admin_order_set_status(order_id, new_status_code):
    if not current_user.is_admin:
        abort(403)  # access denied
    o = Order.get(order_id)
    if not OrderStatus.get(new_status_code):
        return abort(400)  # bad request
    o.status_id = new_status_code
    o.save()
    return redirect(url_for('admin_order', order_id=order_id))
Exemplo n.º 4
0
def book_get(book_id):
    b = Book.get(book_id)
    if not b:
        abort(404)
    if not b.is_public:
        abort(403)
    if not current_user.has_book(b):
        current_user.books.append(b)
        current_user.save()
    return redirect(url_for("public"))
Exemplo n.º 5
0
def book_remove(book_id):
    b = Book.get(book_id)
    if not b:
        abort(404)
    if not b.is_public:
        abort(403)
    if current_user.has_book(b):
        current_user.books.remove(b)
        current_user.save()
    return redirect(url_for("main"))
Exemplo n.º 6
0
def comment_add(order_id):
    text = request.form['text']
    c = Comment()
    o = Order.get(order_id)
    if not o:
        abort(404)
    c.text = text
    c.order_id = order_id
    c.user_login = current_user.login
    c.save()
    if current_user.is_admin:
        return redirect(url_for('admin_order', order_id=order_id))
    return redirect(url_for('order', order_id=order_id))
Exemplo n.º 7
0
def admin_order_resolve(order_id):
    if not current_user.is_admin:
        abort(403)  # access denied
    o = Order.get(order_id)
    if not o:
        abort(404)
    if 'book_id' not in request.form:
        abort(400)
    o.status_id = 2  # resolved
    o.book_id = request.form['book_id']
    o.save()
    return redirect(url_for('admin_orders'))
Exemplo n.º 8
0
def admin_order(order_id):
    if not current_user.is_admin:
        abort(403)  # access denied
    o = Order.get(order_id)
    return render_template('admin/order.html', o=o)
Exemplo n.º 9
0
def abort_if_invalid_order_hash(order_hash):
    if not is_hex(order_hash) or len(order_hash[2:]) != 64:
        abort(404, message="Invalid order hash: {}".format(order_hash))
Exemplo n.º 10
0
def abort_if_unknown_exchange(trustlines, exchange_address):
    if (exchange_address not in trustlines.exchange_addresses
            and exchange_address not in trustlines.exchange_addresses):
        abort(404, "Unknown exchange: {}".format(exchange_address))
Exemplo n.º 11
0
 def _check_conflict(self, name):
     query = RoomAttribute.query.filter(db.func.lower(RoomAttribute.name) == name.lower())
     if self.attribute:
         query = query.filter(RoomAttribute.id != self.attribute.id)
     if query.has_rows():
         abort(422, messages={'name': [_('Name must be unique')]})
Exemplo n.º 12
0
 def _check_conflict(self, name):
     query = EquipmentType.query.filter(db.func.lower(EquipmentType.name) == name.lower())
     if self.equipment_type:
         query = query.filter(EquipmentType.id != self.equipment_type.id)
     if query.has_rows():
         abort(422, messages={'name': [_('Name must be unique')]})
Exemplo n.º 13
0
 def _check_invalid_times(self, availability):
     if any(bh['start_time'] >= bh['end_time'] for bh in availability['bookable_hours']):
         abort(422, messages={'bookable_hours': [_('Start time should not be later than end time')]})
Exemplo n.º 14
0
 def _check_conflict(self, name):
     query = Location.query.filter(~Location.is_deleted, db.func.lower(Location.name) == name.lower())
     if self.location:
         query = query.filter(Location.id != self.location.id)
     if query.has_rows():
         abort(422, messages={'name': [_('Name must be unique')]})
def handle_request_parsing_error(err):
    """
    Webargs error handler that uses Flask-RESTful's abort function
    to return a JSON error response to the client.
    """
    abort(StatusCode.UnprocessableEntity.value, errors=err.messages)
Exemplo n.º 16
0
def admin_orders():
    if not current_user.is_admin:
        abort(403)  # access denied
    ods = Order.get_all()
    return render_template('admin/orders.html', orders=ods)
Exemplo n.º 17
0
def admin_users():
    if not current_user.is_admin:
        abort(403)  # access denied
    users = User.get_all()
    return render_template('admin/users.html', users=users)
Exemplo n.º 18
0
def handle_request_parsing_error(err, req, schema, *, error_status_code,
                                 error_headers):
    """webargs error handler that uses Flask-RESTful's abort function to return
    a JSON error response to the client.
    """
    abort(error_status_code, errors=err.messages)
Exemplo n.º 19
0
def test_abort_with_message():
    with pytest.raises(HTTPException) as excinfo:
        abort(400, message='custom error message')
    assert excinfo.value.data['message'] == 'custom error message'
Exemplo n.º 20
0
def raise_old_password_was_wrong():
    """Raises a valid HTTPException"""
    return abort(
        422, exc=ValidationError("old password is not correct"), messages={"old_password": ["Was not correct"]}
    )
Exemplo n.º 21
0
def test_abort_with_message():
    with pytest.raises(HTTPException) as excinfo:
        abort(400, message='custom error message')
    assert excinfo.value.data['message'] == 'custom error message'
Exemplo n.º 22
0
def handle_request_parsing_error(err, req, schema, error_status_code,
                                 error_headers):
    abort(error_status_code, errors=err.messages)