Feliciaan De Palmenaer
commit
43a196248b
1 changed files with 3 additions and 1 deletions
|
|
@ -53,6 +53,8 @@ def order(id, form=None):
|
||||||
@login_required
|
@login_required
|
||||||
def order_edit(id):
|
def order_edit(id):
|
||||||
order = Order.query.filter(Order.id == id).first()
|
order = Order.query.filter(Order.id == id).first()
|
||||||
|
if current_user.id is not order.courrier_id and not current_user.is_admin():
|
||||||
|
abort(401)
|
||||||
if order is None:
|
if order is None:
|
||||||
abort(404)
|
abort(404)
|
||||||
orderForm = OrderForm(obj=order)
|
orderForm = OrderForm(obj=order)
|
||||||
|
|
@ -63,6 +65,7 @@ def order_edit(id):
|
||||||
return redirect(url_for('.order', id=order.id))
|
return redirect(url_for('.order', id=order.id))
|
||||||
return render_template('order_edit.html', form=orderForm, order_id=id)
|
return render_template('order_edit.html', form=orderForm, order_id=id)
|
||||||
|
|
||||||
|
|
||||||
@order_bp.route('/<id>/create', methods=['POST'])
|
@order_bp.route('/<id>/create', methods=['POST'])
|
||||||
def order_item_create(id):
|
def order_item_create(id):
|
||||||
current_order = Order.query.filter(Order.id == id).first()
|
current_order = Order.query.filter(Order.id == id).first()
|
||||||
|
|
@ -90,7 +93,6 @@ def order_item_create(id):
|
||||||
return order(id, form=form)
|
return order(id, form=form)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@order_bp.route('/<order_id>/<item_id>/delete')
|
@order_bp.route('/<order_id>/<item_id>/delete')
|
||||||
def delete_item(order_id, item_id):
|
def delete_item(order_id, item_id):
|
||||||
item = OrderItem.query.filter(OrderItem.id == item_id).first()
|
item = OrderItem.query.filter(OrderItem.id == item_id).first()
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue