def order(order_id):
o = Order.get(order_id)
# mark all comments as read
for c in o.comments:
c.unread = False
c.save()
return render_template('order/order.html', o=o)
def admin_order_set_status(order_id, new_status_code):
if not current_user.is_admin:
abort(403) # access denied
o = Order.get(order_id)
if not OrderStatus.get(new_status_code):
return abort(400) # bad request
o.status_id = new_status_code
o.save()
return redirect(url_for('admin_order', order_id=order_id))
def admin_order_resolve(order_id):
if not current_user.is_admin:
abort(403) # access denied
o = Order.get(order_id)
if not o:
abort(404)
if 'book_id' not in request.form:
abort(400)
o.status_id = 2 # resolved
o.book_id = request.form['book_id']
o.save()
return redirect(url_for('admin_orders'))
def comment_add(order_id):
text = request.form['text']
c = Comment()
o = Order.get(order_id)
if not o:
abort(404)
c.text = text
c.order_id = order_id
c.user_login = current_user.login
c.save()
if current_user.is_admin:
return redirect(url_for('admin_order', order_id=order_id))
return redirect(url_for('order', order_id=order_id))
def admin_order(order_id):
if not current_user.is_admin:
abort(403) # access denied
o = Order.get(order_id)
return render_template('admin/order.html', o=o)
