def creditor_restore(self): """ Restore creditor, returns redirect. """ id = int(self.request.matchdict.get("id")) c = Creditor.by_id(id) if not c: return HTTPNotFound() """ Authorization check. """ if c.private and c.user_id is not authenticated_userid(self.request): return HTTPForbidden() c.archived = False DBSession.add(c) self.request.session.flash("Creditor %s restored" % (c.title), "status") return HTTPFound(location=self.request.route_url("creditors_archived"))
def creditor_edit(self): """ Edit creditor. """ id = int(self.request.matchdict.get("id")) c = Creditor.by_id(id) if not c: return HTTPNotFound() """ Authorization check. """ if c.private and c.user_id is not authenticated_userid(self.request): return HTTPForbidden() form = CreditorEditForm(self.request.POST, c, csrf_context=self.request.session) if self.request.method == "POST" and form.validate(): form.populate_obj(c) self.request.session.flash("Creditor %s updated" % (c.title), "status") return HTTPFound(location=self.request.route_url("creditors")) return {"title": "Edit creditor", "form": form, "id": id, "action": "creditor_edit"}