def comment_delete(comment_id):
comment = db.query(Comment).get(int(comment_id)) # get comment from db by ID
# get current user
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token, verified=True).first()
# check if user logged in & if user is author
if not user:
return redirect(url_for('auth.login'))
elif comment.author.id != user.id:
return "You can only delete your own comments!"
# check CSRF tokens
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
# if it validates, delete the comment
topic_id = comment.topic.id # save the topic ID in a variable before you delete the comment
db.delete(comment)
db.commit()
return redirect(url_for('topic.topic_details', topic_id=topic_id))
else:
return "CSRF error: tokens don't match!"
def task_delete(task_id):
task = db.query(Task).get(int(task_id))
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if request.method == "GET":
return "helo"
if not user:
return redirect(url_for('login'))
if request.form['action'] == 'delete':
task_id = task.id
db.delete(task)
db.commit()
if request.form['action'] == 'completed':
user.completed += 1
db.commit()
task_id = task.id
db.delete(task)
db.commit()
return redirect(url_for('tasks', task_id=task_id))
def topic_delete(comment_id):
comment = db.query(Comment).get(int(comment_id))
if request.method == "GET":
db.delete(comment)
db.commit()
return redirect(url_for('index', comment=comment))
def topic_delete(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
if request.method == "GET":
return render_template("topic/delete.html", topic=topic)
elif request.method == "POST":
# get current user (author)
user = user_from_session_token()
# check if user is logged in and user is author
if not user:
return redirect(url_for('login'))
elif topic.author_id != user.id:
return "You are not the author!"
else: # if user IS logged in and current user IS author
# delete topic
db.delete(topic)
db.commit()
return redirect(url_for('index'))
def comment_delete(comment_id):
comment = Comment.get_comment(comment_id)
user = user_from_session_token()
if not user:
return redirect(url_for('auth.login'))
elif comment.author.id != user.id:
return "You can only delete your own comments!"
csrf = request.form.get("csrf")
if is_valid_csrf(csrf, user.username):
topic_id = comment.topic.id
db.delete(comment)
db.commit()
return redirect(url_for('topic.topic_details', topic_id=topic_id))
else:
return "CSRF error: tokens don't match!"
def topic_delete(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
if request.method == "GET":
return render_template("topic/topic_delete.html", topic=topic)
elif request.method == "POST":
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# check if user is logged in and user is author
if not user:
return redirect(url_for('auth.login'))
elif topic.author.id != user.id:
return "You are not the author!"
else: # if user IS logged in and current user IS author
# delete topic
db.delete(topic)
db.commit()
return redirect(url_for('topic.index'))
def topic_delete(topic_id):
topic = Topic.read(topic_id)
if request.method == "GET":
return render_template("topic/topic_delete.html", topic=topic)
elif request.method == "POST":
user = user_from_session_token()
if not user:
return redirect(url_for('auth.login'))
elif topic.author_id != user.id:
return "You are not the author!"
else:
comments = Comment.read_all(topic)
for comment in comments:
db.delete(comment)
db.delete(topic)
db.commit()
return redirect(url_for('topic.index'))
def card_delete(card_id):
card = db.query(Card).get(int(card_id)) # get card from db by ID
if request.method == "GET":
return render_template("card/card_delete.html", card=card)
elif request.method == "POST":
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# check if user is logged in and user is author
if not user:
return redirect(url_for('auth.login'))
elif card.author_id != user.id:
return "You are not the author!"
else: # if user IS logged in and current user IS author
# delete topic
db.delete(card)
db.commit()
return redirect(url_for('card/card.dashboard'))
def upload():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
img = db.query(Image).filter_by(author_id=user.id).first()
image_url = request.json.get('image_url')
if user.image_count >= 1:
db.delete(img)
db.commit
user.image_count += 1
db.commit()
if image_url:
newImage = Image(author=user, image_url=image_url)
newImage.insert()
return jsonify(newImage.to_dict)
else:
return jsonify({"success": False, "message": "fdfdfdfdfdfdfd"})
def topic_delete(topic_id):
topic = db.query(Topic).get(int(topic_id))
db.delete(topic)
db.commit()
return redirect(url_for("index"))