Tituya
/
PCv5
forked from devs/PCv5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
PCv5/app/routes/posts/edit.py

52 lines
1.5 KiB
Python
Raw Blame History

from app import app, db
from app.models.post import Post
from app.utils.render import render
from app.utils.check_csrf import check_csrf
from app.forms.forum import CommentEditForm, AnonymousCommentEditForm
from urllib.parse import urlparse
from flask import redirect, url_for, abort, request
from flask_login import login_required, current_user
@app.route('/post/<int:postid>', methods=['GET','POST'])
@login_required
def edit_post(postid):
# TODO: Maybe not safe
referrer = urlparse(request.args.get('r', default = '/', type = str)).path
print(referrer)
p = Post.query.filter_by(id=postid).first_or_404()
# Check permissions. TODO: Allow guests to edit their posts
if current_user.is_anonymous or not current_user.can_edit_post(p):
abort(403)
if p.type == "comment":
form = CommentEditForm()
if form.validate_on_submit():
p.text = form.message.data
if form.submit.data:
db.session.add(p)
db.session.commit()
return redirect(referrer)
form.message.data = p.text
return render('forum/edit_comment.html', comment=p, form=form)
else:
abort(404)
@app.route('/post/supprimer/<int:postid>', methods=['GET','POST'])
@login_required
@check_csrf
def delete_post(postid):
p = Post.query.filter_by(id=postid).first_or_404()
if current_user.is_anonymous or not current_user.can_delete_post(p):
abort(403)
p.delete()
db.session.commit()
return redirect(request.referrer)
Reference in New Issue View Git Blame Copy Permalink