def add(self, name=None, cls=None, read_groups=None, write_groups=None):
auth = request.identity
if 'a' not in auth.access(self):
return drink.unauthorized("Not authorized")
name = name or request.params.get('name').decode('utf-8')
if name in self:
return drink.unauthorized("%r is already defined!"%name)
if None == cls:
cls = request.params.get('class')
if not cls:
return drink.unauthorized("%r incorrect request!"%name)
with self._lock():
o = self._add(name, cls, auth.user.default_read_groups, auth.user.default_write_groups)
if o is None:
return drink.unauthorized("You can't create %r objects!"%name)
if request.is_ajax:
return o.struct()
else:
return drink.rdr(o.quoted_path+'edit')
def rm(self):
# TODO: ajaxify
name = drink.omni(request.GET.get('name'))
if not ('a' in request.identity.access(self) and 'w' in request.identity.access(self[name])):
return drink.unauthorized("Not authorized")
try:
parent_path = self.quoted_path
except AttributeError: # XXX: unclean
parent_path = '.'
with self._lock():
old_obj = self[name]
del self[name]
old_obj._update_lookup_engine(remove=True)
drink.transaction.commit()
return drink.rdr(parent_path)
