def course_delete(username, course_title):
"""
GET - show course deletion form
POST - delete the course from the database
"""
form = None
if g.user.is_authenticated():
if g.user.username == username:
form = CourseDeleteForm()
if form.validate_on_submit():
# user owns and can delete the course
course_id = [ c.course_id for c in g.user.get_courses()
if c.title == course_title and c.instructor_id == g.user.user_id]
Course.delete_course(int(course_id[0]))
g.user.update_courses()
flash('Course %s successfully deleted' % course_title)
return redirect(url_for('user_home', username=username))
else:
# there were errors on the form
return render_template('user/delete.html', form=form)
else:
# unauthorized user
flash('You can not delete a course you do not own.')
return redirect(url_for('user_home', username=g.user.username))
else:
# unauthenticated user
return redirect(url_for('login'))
