def edit_post(id): """Edit existing blog post.""" post = Post.query.get_or_404(id) permission = Permission(UserNeed(post.user.id)) if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() db.session.commit() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def is_accessible(self): return current_user.is_authenticated and admin_permission.can()