from app import app, db from app.models.post import Post from app.models.attachment import Attachment from app.utils.render import render from app.utils.check_csrf import check_csrf from app.forms.forum import CommentEditForm, AnonymousCommentEditForm from wtforms import BooleanField from urllib.parse import urlparse from flask import redirect, url_for, abort, request from flask_login import login_required, current_user @app.route('/post/', methods=['GET','POST']) @login_required def edit_post(postid): # TODO: Maybe not safe referrer = urlparse(request.args.get('r', default = '/', type = str)).path print(referrer) p = Post.query.filter_by(id=postid).first_or_404() # Check permissions. TODO: Allow guests to edit their posts if current_user.is_anonymous or not current_user.can_edit_post(p): abort(403) if p.type == "comment": class CommentForm(CommentEditForm): pass for a in p.attachments: setattr(CommentForm, f'a{a.id}', BooleanField(f'a{a.id}')) setattr(CommentForm, 'attachment_list', { f'a{a.id}': a for a in p.attachments }) form = CommentForm() if form.validate_on_submit(): p.text = form.message.data # Remove attachments for id, a in form.attachment_list.items(): if form[id].data: a.delete() # Add new attachments attachments = [] for file in form.attachments.data: if file.filename != "": a = Attachment(file, p) attachments.append((a, file)) db.session.add(a) db.session.add(p) db.session.commit() for a, file in attachments: a.set_file(file) return redirect(referrer) form.message.data = p.text return render('forum/edit_comment.html', comment=p, form=form) else: abort(404) @app.route('/post/supprimer/', methods=['GET','POST']) @login_required @check_csrf def delete_post(postid): p = Post.query.filter_by(id=postid).first_or_404() if current_user.is_anonymous or not current_user.can_delete_post(p): abort(403) p.delete() db.session.commit() return redirect(request.referrer)