def expenditure_edit(self): """ Edit expenditure. Method for both post and get request. """ id = int(self.request.matchdict.get('id')) e = Expenditure.by_id(id) if not e: return HTTPNotFound() """ Authorization check. """ if (e.category.private and e.category.user_id is not authenticated_userid(self.request)): return HTTPForbidden() form = ExpenditureEditForm(self.request.POST, e, csrf_context=self.request.session) private = self.request.params.get('private') if private: """ Check if there exists any categories. """ if not Category.first_private(self.request): self.request.session.flash(self.missing_priv_cat, 'error') return HTTPFound(location=self.request .route_url('expenditures')) form.category_id.query = Category.all_private(self.request) else: """ Check if there exists any categories. """ if not Category.first_active(): self.request.session.flash(self.missing_shared_cat, 'error') return HTTPFound(location=self.request .route_url('expenditures')) form.category_id.query = Category.all_active(self.request) if self.request.method == 'POST' and form.validate(): form.populate_obj(e) e.category_id = form.category_id.data.id self.request.session.flash('Expenditure %s updated' % (e.title), 'status') """ A bit ugly, but redirect the user based on private or not. """ if private: return HTTPFound(location= self.request .route_url('expenditures', _query={'private': 1})) return HTTPFound(location=self.request.route_url('expenditures')) form.category_id.data = e.category return {'title': 'Edit private expenditure' if private else 'Edit expenditure', 'form': form, 'id': id, 'action': 'expenditure_edit', 'private': private}
def expenditure_archive(self): """ Archive expenditure, returns redirect. """ id = int(self.request.matchdict.get('id')) e = Expenditure.by_id(id) if not e: return HTTPNotFound() """ Authorization check. """ if (e.category.private and e.category.user_id is not authenticated_userid(self.request)): return HTTPForbidden() e.archived = True DBSession.add(e) self.request.session.flash('Expenditure %s archived' % (e.title), 'status') return HTTPFound(location=self.request.route_url('expenditures'))