Merge pull request #50 from ZeusWPI/feat/43/edit-orders

Edit orders
This commit is contained in:
Feliciaan De Palmenaer 2015-06-04 21:40:39 +02:00
commit 43a196248b

View file

@ -53,6 +53,8 @@ def order(id, form=None):
@login_required @login_required
def order_edit(id): def order_edit(id):
order = Order.query.filter(Order.id == id).first() order = Order.query.filter(Order.id == id).first()
if current_user.id is not order.courrier_id and not current_user.is_admin():
abort(401)
if order is None: if order is None:
abort(404) abort(404)
orderForm = OrderForm(obj=order) orderForm = OrderForm(obj=order)
@ -63,6 +65,7 @@ def order_edit(id):
return redirect(url_for('.order', id=order.id)) return redirect(url_for('.order', id=order.id))
return render_template('order_edit.html', form=orderForm, order_id=id) return render_template('order_edit.html', form=orderForm, order_id=id)
@order_bp.route('/<id>/create', methods=['POST']) @order_bp.route('/<id>/create', methods=['POST'])
def order_item_create(id): def order_item_create(id):
current_order = Order.query.filter(Order.id == id).first() current_order = Order.query.filter(Order.id == id).first()
@ -90,7 +93,6 @@ def order_item_create(id):
return order(id, form=form) return order(id, form=form)
@order_bp.route('/<order_id>/<item_id>/delete') @order_bp.route('/<order_id>/<item_id>/delete')
def delete_item(order_id, item_id): def delete_item(order_id, item_id):
item = OrderItem.query.filter(OrderItem.id == item_id).first() item = OrderItem.query.filter(OrderItem.id == item_id).first()