#!/usr/bin/python
import datetime
+import dateutil
import email.utils
import tornado.web
class PublishHandler(auth.CacheMixin, base.BaseHandler):
+ @tornado.web.authenticated
+ def get(self, slug):
+ post = self.backend.blog.get_by_slug(slug, published=False)
+ if not post:
+ raise tornado.web.HTTPError(404)
+
+ # Check if current_user is allowed to edit the post
+ if not post.is_editable(self.current_user):
+ raise tornado.web.HTTPError(403)
+
+ # Is the post already published?
+ if post.is_published():
+ raise tornado.web.HTTPError(400, "Post is already published")
+
+ self.render("blog/publish.html", post=post)
+
@tornado.web.authenticated
def post(self, slug):
- post = self.backend.blog.get_by_slug(slug, published=not self.current_user)
+ post = self.backend.blog.get_by_slug(slug, published=False)
if not post:
raise tornado.web.HTTPError(404)
+ # Check if current_user is allowed to edit the post
+ if not post.is_editable(self.current_user):
+ raise tornado.web.HTTPError(403)
+
# Is the post already published?
if post.is_published():
raise tornado.web.HTTPError(400, "Post is already published")
- # XXX Check that we are only publishing our own posts
+ when = self.get_argument("when", None)
+ if when:
+ when = dateutil.parser.parse(when)
# Publish the post
with self.db.transaction():
- post.publish()
+ post.publish(when)
self.redirect("/post/%s" % post.slug)
projects / ipfire.org.git / blobdiff