posts: add deletion
This commit is contained in:
parent
0d8dd70956
commit
3b188e3bab
|
@ -1,6 +1,7 @@
|
|||
from app import app, db
|
||||
from app.models.post import Post
|
||||
from app.utils.render import render
|
||||
from app.utils.check_csrf import check_csrf
|
||||
from app.forms.forum import CommentEditForm, AnonymousCommentEditForm
|
||||
from urllib.parse import urlparse
|
||||
from flask import redirect, url_for, abort, request
|
||||
|
@ -36,3 +37,21 @@ def edit_post(postid):
|
|||
return render('forum/edit_comment.html', comment=p, form=form)
|
||||
else:
|
||||
abort(404)
|
||||
|
||||
@app.route('/post/supprimer/<int:postid>', methods=['GET','POST'])
|
||||
@login_required
|
||||
@check_csrf
|
||||
def delete_post(postid):
|
||||
p = Post.query.filter_by(id=postid).first_or_404()
|
||||
|
||||
# TODO: Check whether privileged user has access to board
|
||||
if p.author != current_user and not current_user.priv("delete-posts"):
|
||||
abort(403)
|
||||
|
||||
for a in p.attachments:
|
||||
db.session.delete(a)
|
||||
db.session.commit()
|
||||
|
||||
db.session.delete(p)
|
||||
db.session.commit()
|
||||
return redirect(request.referrer)
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
{% endif %}
|
||||
| <a href="{{ request.path }}#{{ c.id }}">#</a>
|
||||
| <a href="{{ url_for('edit_post', postid=c.id, r=request.path) }}">Modifier</a>
|
||||
| <a href="#">Supprimer</a>
|
||||
| <a href="{{ url_for('delete_post', postid=c.id, csrf_token=csrf_token()) }}" onclick="return confirm('Le message sera supprimé')">Supprimer</a>
|
||||
</div>
|
||||
|
||||
{{ c.text|md }}
|
||||
|
|
Loading…
Reference in New Issue