def get_post(id):
if users.is_current_user_admin():
asked_post = BlogPost.get(id)
return jsonify(asked_post.to_json()) # dangerous
else:
return jsonify({})
def edit_post(id):
form = PostForm()
if users.is_current_user_admin() and form.validate_on_submit():
try:
tags = Tags()
categories = Categories()
updating_post = BlogPost.get(int(id))
title = request.json['title']
body = request.json['body']
raw_category = request.json['category']
editing_tags = request.json['tags']
raw_summary = request.json['summary']
tags_keys = tags.update(editing_tags, updating_post)
category_key = categories.update(raw_category,
updating_post.category)
updating_post.edit(title,
body,
datetime.now(),
tags_keys,
category_key,
raw_summary,
raw_answers=request.json['answers'])
except AttributeError:
abort(500)
return jsonify(updating_post.to_json()) # dangerous
def edit_post(id):
form = PostForm()
if users.is_current_user_admin() and form.validate_on_submit():
tags = Tags()
categories = Categories()
updating_post = BlogPost.get(int(id))
title = request.json['title']
body = request.json['body']
raw_category = request.json['category']
editing_tags = request.json['tags']
raw_summary = request.json['summary']
tags_keys = tags.update(editing_tags, updating_post)
category_key = categories.update(raw_category, updating_post.category)
updating_post.edit(title, body, datetime.now(), tags_keys,
category_key, raw_summary, raw_answers=request.json['answers'])
return jsonify(updating_post.to_json()) # dangerous
def get_post(id):
if users.is_current_user_admin():
asked_post = BlogPost.get(id)
return jsonify(asked_post.to_json()) # dangerous
else:
return jsonify({})
def delete_post(post_id):
if authenticate():
try:
post = BlogPost.get(BlogPost.id == post_id)
return render_template('blog/delete.html',post=post)
except BlogPost.DoesNotExist:
return redirect(url_for('blog'))
else:
flash('Not authorized to do that')
return redirect(url_for('blog'))
def delete_post_images(id, filename):
"""get images from a post with id"""
if users.is_current_user_admin():
asked_post = BlogPost.get(id)
if filename == '':
flash('No selected file')
abort(500)
if file and allowed_file(filename):
image_filename = secure_filename(filename)
asked_post.delete_blob_from_post(image_filename)
return jsonify(msg="file deleted")
def main():
if users.is_current_user_admin():
if request.method == 'GET': #all entitites
posts = Posts()
return jsonify(posts.to_json())
elif request.method == "POST":
form = PostForm()
if form.validate_on_submit(): #new entity
posts = Posts()
categories = Categories()
tags = Tags()
raw_post = request.get_json()
raw_category = raw_post["category"]
editing_tags = raw_post["tags"]
raw_summary = raw_post["summary"]
tag_keys = tags.update(editing_tags)
category_key = categories.update(raw_category)
post_id = posts.add(raw_title=raw_post["title"],
raw_body=raw_post["body"],
category_key=category_key,
tags_ids=tag_keys,
summary=raw_summary,
answers=raw_post["answers"]).id()
post = BlogPost.get(post_id)
if "images" in raw_post.keys() and raw_post["images"]:
for img in raw_post["images"]:
image_base64 = img["url"].split("base64,")[-1]
mime_type = img["url"].split("base64,")[0].replace(
'data:', '').replace(';', '')
image_filename = img["filename"].split("\\")[-1]
if allowed_file(image_filename):
image_filename = secure_filename(image_filename)
post.add_blob(base64.b64decode(image_base64),
image_filename, mime_type)
return jsonify(post.to_json()) # Needs check
else:
return jsonify(msg="missing token")
else:
return jsonify({})
def delete_post(id):
if users.is_current_user_admin():
posts = Posts()
tags = Tags()
categories = Categories()
updating_post = BlogPost.get(int(id))
categories.delete(updating_post.category)
posts.delete(updating_post.key)
tags.update([])
return jsonify(msg="OK")
def delete_post(id):
if users.is_current_user_admin():
posts = Posts()
tags = Tags()
categories = Categories()
updating_post = BlogPost.get(int(id))
categories.delete(updating_post.category)
posts.delete(updating_post.key)
tags.update(updating_post.get_tag_names())
return jsonify(msg="OK")
def get_post_images(id):
"""get images from a post with id"""
if users.is_current_user_admin():
asked_post = BlogPost.get(id)
if 'image' not in request.files:
abort(500)
file = request.files['image']
if file.filename == '':
flash('No selected file')
abort(500)
if file and allowed_file(file.filename):
image_filename = secure_filename(file.filename)
mime_type = file.content_type
image_key = asked_post.add_blob(file.read(), image_filename,
mime_type)
return jsonify(image_key=image_key)
def main():
if users.is_current_user_admin():
if request.method=='GET': #all entitites
posts = Posts()
return jsonify(posts.to_json())
elif request.method == "POST":
form = PostForm()
if form.validate_on_submit(): #new entity
posts = Posts()
categories = Categories()
tags = Tags()
raw_post = request.get_json()
raw_category = raw_post["category"]
editing_tags = raw_post["tags"]
raw_summary = raw_post["summary"]
tag_keys = tags.update(editing_tags)
category_key = categories.update(raw_category)
post_id = posts.add(raw_title=raw_post["title"],
raw_body=raw_post["body"],
category_key=category_key,
tags_ids=tag_keys,
summary=raw_summary,
answers=raw_post["answers"]).id()
post = BlogPost.get(post_id)
return jsonify(post.to_json()) # Needs check
else:
return jsonify(msg="missing token")
else:
return jsonify({})
def single_post(post_id):
if request.method == "POST" and request.form and request.form['_method']:
if authenticate():
if request.form['_method'] == "PUT" or request.form['_method'] == "PATCH":
post = request.form
error = False
title = request.form['title'].strip() if request.form['title'] != None else None
if title:
if re.search("^[ a-zA-Z0-9\,\?\!]+$", title) == None:
flash('Invalid characters detected in title')
error = True
else:
flash('Title cannot be empty')
error = True
content = request.form['content'].strip()
if content:
regex = re.compile('^[ a-zA-Z0-9\.\?\,\!\"\(\)]+$', re.MULTILINE)
content = content.replace("\r","")
num_matches = len(regex.findall(content))
num_lines = len(list(filter(remove_blanks,content.split("\n"))))
if num_matches != num_lines:
flash('Invalid characters detected in article body')
error = True
if not error:
try:
q = BlogPost.update(
title=request.form['title'],
content=request.form['content']
).where(BlogPost.id == post_id)
q.execute()
except IntegrityError:
flash('That title is already taken')
error = True
except BlogPost.DoesNotExist:
return redirect(url_for('blog'))
else:
flash('Article body cannot be empty')
error = True
if error:
return render_template('blog/edit.html', post=post)
else:
return redirect(url_for('single_post', post_id=post_id))
elif request.form['_method'] == "DELETE":
try:
post = BlogPost.get(BlogPost.id == post_id)
post.delete_instance()
flash('Successfully deleted the blog post')
return redirect(url_for('blog'))
except BlogPost.DoesNotExist:
return redirect(url_for('blog'))
else:
abort(405)
else:
flash('Not authorized to do that')
return redirect(url_for('blog'))
else:
try:
post = BlogPost.get(BlogPost.id == post_id)
if post.tags:
tags = post.tags.split(',')
return render_template('blog/show.html', post=post, tags=tags)
except BlogPost.DoesNotExist:
return redirect(url_for('blog'))
