def edit_post(post_id):
if not current_user.has_edit_news_permission:
abort(403)
post = Post.query.get_or_404(post_id)
if not post.can_edit(current_user):
abort(403)
form = PostForm(obj=post)
if form.validate_on_submit():
form.populate_obj(post)
db.session.commit()
return redirect(url_for('news.view_post', post_id=post.id))
delete_form = DeleteForm()
context = dict(
post=post,
form=form,
delete_form=delete_form,
)
return render_template('edit_post.html', **context)
def add_post():
if not current_user.has_edit_news_permission:
abort(403)
form = PostForm()
if form.validate_on_submit():
post = Post()
post.published = datetime.now()
form.populate_obj(post)
db.session.add(post)
db.session.commit()
return redirect(url_for('news.view_post', post_id=post.id))
context = dict(
form=form,
)
return render_template('edit_post.html', **context)
