def delete_page(self, context):
self.load_visit(context)
page_context = self.new_page_context(context)
if context.group is None:
raise wsgi.PageNotAuthorized
try:
query = context.get_query()
key = odata.ParseURILiteral(query.get('id', '')).value
with context.group['Notices'].OpenCollection() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].GetEntity()
if (not (context.user and context.user == user) and
not (context.permissions & self.WRITE_PERMISSION)):
# only the owner or user with write permissions can delete
raise wsgi.PageNotAuthorized
page_context['id_attr'] = xml.EscapeCharData7(
odata.FormatURILiteral(entity['ID']), True)
page_context['title'] = entity['Title'].value
page_context['description'] = entity['Description'].value
page_context[self.csrf_token] = context.session.sid()
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
data = self.render_template(context, 'notices/del_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
def delete_action(self, context):
if context.environ['REQUEST_METHOD'].upper() != 'POST':
raise wsgi.MethodNotAllowed
self.load_visit(context)
# we must have both a user and a group
if context.group is None:
raise wsgi.PageNotAuthorized
try:
key = odata.ParseURILiteral(context.get_form_string('id')).value
with context.group['Notices'].OpenCollection() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].GetEntity()
if (not (context.user and context.user == user) and
not (context.permissions & self.WRITE_PERMISSION)):
# only the owner or user with write permissions can delete
raise wsgi.PageNotAuthorized
entity.Delete()
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
link = URI.from_octets("view").resolve(context.get_url())
return self.redirect_page(context, link, 303)
def edit_action(self, context):
if context.environ['REQUEST_METHOD'].upper() != 'POST':
raise wsgi.MethodNotAllowed
self.load_visit(context)
# we must have both a user and a group
if context.group is None:
raise wsgi.PageNotAuthorized
try:
key = odata.ParseURILiteral(context.get_form_string('id')).value
with context.group['Notices'].OpenCollection() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].GetEntity()
if not (context.user and context.user == user):
# only the owner can edit their post
raise wsgi.PageNotAuthorized
now = time.time()
entity['Title'].set_from_value(
context.get_form_string('title'))
entity['Description'].set_from_value(
context.get_form_string('description'))
entity['Updated'].set_from_value(now)
collection.update_entity(entity)
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
link = URI.from_octets("view").resolve(context.get_url())
return self.redirect_page(context, link, 303)
def consumer_del_page(self, context):
page_context = self.new_page_context(context)
owner = context.session.get_owner()
if owner is None:
# we require an owner to be logged in
raise wsgi.PageNotAuthorized
page_context['owner'] = owner
silo = owner['Silo'].GetEntity()
page_context['silo'] = silo
query = context.get_query()
cid = odata.ParseURILiteral(query.get('cid', '')).value
with silo['Consumers'].OpenCollection() as collection:
try:
consumer = collection[cid]
except KeyError:
raise wsgi.PageNotAuthorized
page_context['consumer'] = consumer
page_context[self.csrf_token] = context.session.sid()
data = self.render_template(context, 'consumers/del_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)