def edit(assessment_id):
assessment: Assessment = Assessment.query.filter_by(id=assessment_id).one()
if not current_user.owns(assessment) and not current_user.manages(
assessment.client):
abort(403)
if request.form:
form = AssessmentForm(request.form)
else:
form = AssessmentForm(**assessment.to_dict(),
auditors=assessment.auditors)
form.auditors.choices = User.get_choices(
User.user_type.in_(valid_auditors))
context = dict(assessment=assessment, form=form)
if form.validate_on_submit():
data = dict(form.data)
data.pop('csrf_token', None)
auditors = data.pop('auditors', [])
assessment.set(**data)
assessment.auditors.clear()
assessment.auditors.extend(auditors)
return redirect_back('.index')
return render_template('assessments/edit.html', **context)
def delete(assessment_id):
assessment = Assessment.query.filter_by(id=assessment_id).one()
if not current_user.owns(assessment) and not current_user.manages(
assessment.client):
abort(403)
assessment.delete()
return redirect_back('.index')
def delete(client_id: int):
client = Client.query.filter_by(id=client_id).one()
if not current_user.owns(client):
abort(403)
client.delete()
return redirect_back('.index')
def export(assessment_id):
assessment: Assessment = Assessment.query.filter_by(id=assessment_id).one()
if not current_user.owns(assessment) and not current_user.manages(
assessment.client):
abort(403)
return Response(assessment.to_json(max_nesting=5),
mimetype='application/json',
headers={
'Content-Disposition':
f'attachment;filename=assessment-{assessment_id}.json'
})
def change_owner(client_id: int):
client: Client = Client.query.filter_by(id=client_id).one()
if not current_user.owns(client):
abort(403)
form = ClientChangeOwnerForm()
form.owner.choices = User.get_choices(User.user_type.in_(valid_managers))
if form.validate_on_submit():
client.creator = form.owner.data
return redirect_back('.index')