def course_delete(username, course_title): """ GET - show course deletion form POST - delete the course from the database """ form = None if g.user.is_authenticated(): if g.user.username == username: form = CourseDeleteForm() if form.validate_on_submit(): # user owns and can delete the course course_id = [ c.course_id for c in g.user.get_courses() if c.title == course_title and c.instructor_id == g.user.user_id] Course.delete_course(int(course_id[0])) g.user.update_courses() flash('Course %s successfully deleted' % course_title) return redirect(url_for('user_home', username=username)) else: # there were errors on the form return render_template('user/delete.html', form=form) else: # unauthorized user flash('You can not delete a course you do not own.') return redirect(url_for('user_home', username=g.user.username)) else: # unauthenticated user return redirect(url_for('login'))