96 lines
2.9 KiB
Python
96 lines
2.9 KiB
Python
from app import app, db
|
|
from app.models.user import Member
|
|
from app.models.post import Post
|
|
from app.models.attachment import Attachment
|
|
from app.models.topic import Topic
|
|
from app.models.program import Program
|
|
from app.utils.render import render
|
|
from app.utils.check_csrf import check_csrf
|
|
from app.forms.forum import CommentEditForm, AnonymousCommentEditForm
|
|
from wtforms import BooleanField
|
|
from urllib.parse import urlparse
|
|
from flask import redirect, url_for, abort, request
|
|
from flask_login import login_required, current_user
|
|
|
|
@app.route('/post/<int:postid>', methods=['GET','POST'])
|
|
@login_required
|
|
def edit_post(postid):
|
|
# TODO: Maybe not safe
|
|
referrer = urlparse(request.args.get('r', default = '/', type = str)).path
|
|
print(referrer)
|
|
|
|
p = Post.query.filter_by(id=postid).first_or_404()
|
|
|
|
# Check permissions. TODO: Allow guests to edit their posts
|
|
if current_user.is_anonymous or not current_user.can_edit_post(p):
|
|
abort(403)
|
|
|
|
if p.type == "comment":
|
|
class CommentForm(CommentEditForm):
|
|
pass
|
|
for a in p.attachments:
|
|
setattr(CommentForm, f'a{a.id}', BooleanField(f'a{a.id}'))
|
|
setattr(CommentForm, 'attachment_list',
|
|
{ f'a{a.id}': a for a in p.attachments })
|
|
|
|
form = CommentForm()
|
|
if form.validate_on_submit():
|
|
p.text = form.message.data
|
|
|
|
# Remove attachments
|
|
for id, a in form.attachment_list.items():
|
|
if form[id].data:
|
|
a.delete()
|
|
|
|
# Add new attachments
|
|
attachments = []
|
|
for file in form.attachments.data:
|
|
if file.filename != "":
|
|
a = Attachment(file, p)
|
|
attachments.append((a, file))
|
|
db.session.add(a)
|
|
|
|
db.session.add(p)
|
|
db.session.commit()
|
|
|
|
for a, file in attachments:
|
|
a.set_file(file)
|
|
|
|
return redirect(referrer)
|
|
|
|
form.message.data = p.text
|
|
return render('forum/edit_comment.html', comment=p, form=form)
|
|
else:
|
|
abort(404)
|
|
|
|
@app.route('/post/supprimer/<int:postid>', methods=['GET','POST'])
|
|
@login_required
|
|
@check_csrf
|
|
def delete_post(postid):
|
|
p = Post.query.filter_by(id=postid).first_or_404()
|
|
|
|
if current_user.is_anonymous or not current_user.can_delete_post(p):
|
|
abort(403)
|
|
|
|
if isinstance(p.author, Member):
|
|
amount = -3 if request.args.get('penalty') == 'True' else -1
|
|
p.author.add_xp(amount)
|
|
db.session.add(p.author)
|
|
|
|
p.delete()
|
|
db.session.commit()
|
|
return redirect(request.referrer)
|
|
|
|
@app.route('/post/entete/<int:postid>', methods=['GET'])
|
|
@login_required
|
|
@check_csrf
|
|
def set_post_topcomment(postid):
|
|
comment = Post.query.filter_by(id=postid).first_or_404()
|
|
|
|
if current_user.can_set_topcomment(comment):
|
|
comment.thread.top_comment = comment
|
|
db.session.add(comment.thread)
|
|
db.session.commit()
|
|
|
|
return redirect(request.referrer)
|