Mercurial > p > roundup > code
diff roundup/actions.py @ 5606:5fc476d4e34c
Merge REST API changes
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Wed, 30 Jan 2019 18:11:02 +0100 |
| parents | ed02a1e0aa5d |
| children | 48a1f919f894 |
line wrap: on
line diff
--- a/roundup/actions.py Sun Nov 11 17:09:20 2018 +0000 +++ b/roundup/actions.py Wed Jan 30 18:11:02 2019 +0100 @@ -2,6 +2,7 @@ # Copyright (C) 2009 Stefan Seefeld # All rights reserved. # For license terms see the file COPYING.txt. +# Actions used in REST and XMLRPC APIs # from roundup.exceptions import Unauthorised @@ -40,7 +41,19 @@ _ = gettext -class Retire(Action): +class PermCheck(Action): + def permission(self, designator): + + classname, itemid = hyperdb.splitDesignator(designator) + perm = self.db.security.hasPermission + + if not perm('Retire', self.db.getuid(), classname=classname + , itemid=itemid): + raise Unauthorised(self._('You do not have permission to retire ' + 'or restore the %(classname)s class.') + %locals()) + +class Retire(PermCheck): def handle(self, designator): @@ -57,12 +70,13 @@ self.db.commit() - def permission(self, designator): +class Restore(PermCheck): + + def handle(self, designator): classname, itemid = hyperdb.splitDesignator(designator) - if not self.db.security.hasPermission('Edit', self.db.getuid(), - classname=classname, itemid=itemid): - raise Unauthorised(self._('You do not have permission to ' - 'retire the %(classname)s class.')%classname) - + # do the restore + self.db.getclass(classname).restore(itemid) + self.db.commit() +