diff options
| author | Alexis Metaireau <alexis@notmyidea.org> | 2011-09-13 18:15:07 +0200 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2011-09-13 18:15:07 +0200 |
| commit | e13ceaf351d4b54dd2bc651d9f4385a8188b7418 (patch) | |
| tree | 9c09a2b80d7b2518abcc0d4380495c67a830194a /budget/web.py | |
| parent | a60b0c2b48540729df64c71bf82ff1238811e11d (diff) | |
| download | ihatemoney-mirror-e13ceaf351d4b54dd2bc651d9f4385a8188b7418.zip ihatemoney-mirror-e13ceaf351d4b54dd2bc651d9f4385a8188b7418.tar.gz ihatemoney-mirror-e13ceaf351d4b54dd2bc651d9f4385a8188b7418.tar.bz2 | |
REST API is now able to list stuff \o/
Diffstat (limited to 'budget/web.py')
| -rw-r--r-- | budget/web.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/budget/web.py b/budget/web.py index f72a686..61d67e5 100644 --- a/budget/web.py +++ b/budget/web.py @@ -2,6 +2,7 @@ from collections import defaultdict from flask import * from flaskext.mail import Mail, Message +import werkzeug # local modules from models import db, Project, Person, Bill @@ -239,7 +240,11 @@ def add_bill(): @main.route("/<project_id>/delete/<int:bill_id>") def delete_bill(bill_id): - bill = Bill.query.get_or_404(bill_id) + # fixme: everyone is able to delete a bill + bill = Bill.query.get(g.project, bill_id) + if not bill: + raise werkzeug.exceptions.NotFound() + db.session.delete(bill) db.session.commit() flash("The bill has been deleted") @@ -249,7 +254,11 @@ def delete_bill(bill_id): @main.route("/<project_id>/edit/<int:bill_id>", methods=["GET", "POST"]) def edit_bill(bill_id): - bill = Bill.query.get_or_404(bill_id) + # FIXME: Test this bill belongs to this project ! + bill = Bill.query.get(g.project, bill_id) + if not bill: + raise werkzeug.exceptions.NotFound() + form = get_billform_for(g.project, set_default=False) if request.method == 'POST' and form.validate(): form.save(bill) |