def delete_note_form(note_id): form = DeleteNoteForm() if form.validate_on_submit(): note = Note.query.get(note_id) db.session.delete(note) db.session.commit() flash('You already delete the note use form!') else: abort(400) return redirect(url_for('index_note'))
def delete_note(note_id): form = DeleteNoteForm() if form.validate_on_submit(): note = Note.query.get(note_id) db.session.delete(note) db.session.commit() flash('Your note is deleted') else: abort(400) return redirect(url_for('index'))
def delete_note(note_id): form=DeleteNoteForm() if form.validate_on_submit(): note=Note.query.get(note_id) db.session.delete(note) db.session.commit() flash('Delete successful!') else: abort("400") return redirect(url_for("index"))
def delete_note_route(): if not sesh.confirm_logged_in(): return redirect(url_for('login_route')) found_user = user.find_by_id(ObjectId(sesh.get_user_id())) if not found_user: return redirect(url_for('login_route')) delete_form = DeleteNoteForm() if request.method == 'POST': # pass on the note_id from the post delete_form.note_id.data = request.form.get("note_id", None) # validate - if not valid means missing note_id if delete_form.validate(): # make sure the note belongs to the logged in user note_belongs_to_user = note.belongs_to_user( _id=ObjectId(delete_form.note_id.data), user_id=ObjectId(sesh.get_user_id())) if note_belongs_to_user: # try the delete if note.delete_note(_id=ObjectId(delete_form.note_id.data), user_id=ObjectId(sesh.get_user_id())): found_user = user.find_by_id(ObjectId(sesh.get_user_id())) flash("Note deleted. +1 point", 'message') # if delete failed: else: flash( "Nothing changed - something went wrong deleting the note.", 'message') # if note doesn't belong to user: else: flash( "Nothing changed - that note isn't attached to your account.", 'message') return redirect(url_for('dashboard_route'))
def delete_note(note_id): """ delete a note if the user is verified, and redirect to users page """ # Make sure to do a form validation with DeleteForm to protect from CSRF attack # Also check out raise Unauthorized note = Note.query.get_or_404(note_id) if session.get("user_id") != note.owner: raise Unauthorized(description="You do not have permission!") form = DeleteNoteForm() if form.validate_on_submit(): db.session.delete(note) db.session.commit() return redirect(f"/users/{note.owner}") # Further Study: Maybe refactor the validation function for logged in user # def validate_session()
def get_user(username): """ Shows information about the user at username if logged in """ if session.get("user_id") != username: raise Unauthorized(description="You do not have permission!") else: user = User.query.get(username) return render_template("show_user.html", user=user, delete_note_form=DeleteNoteForm(), delete_user_form=DeleteUserForm())
def index(): form = DeleteNoteForm() notes = Note.query.all() return render_template('index.html', notes=notes, form=form)
def edit_note_route(): before_route_load() if not sesh.confirm_logged_in(): return redirect(url_for('login_route')) found_user = user.find_by_id(ObjectId(sesh.get_user_id())) if not found_user: return redirect(url_for('login_route')) form = EditNoteForm() delete_form = DeleteNoteForm() found_note = None note_exists_in_db = True # if it's GET we're coming direct and have no posted id to load a note # so we're creating a new note if request.method == 'GET': # we don't care if the form is valid, because it's blank # we're not doing any DB calls # we just want to set note_exists_in_db to False note_exists_in_db = False # if it's POST we're trying to insert or update a note # or we're coming from dashboard to start editing if request.method == 'POST': # if we have a note_id, we're either: # coming from dashboard and want to populate the form with the note details; # or, we pressed "save" on this route and want to post an update to a note # get the note_id, if it exists note_id = request.form.get('note_id', None) # if note_id exists and it's not set to "new_id": if note_id and note_id != "new_id": # try to find the note using the posted note_id found_note = note.find_by_id(ObjectId(form.note_id.data)) # if we find the note: if found_note: note_exists_in_db = True # get the edit_note flag, if it exists edit_note = request.form.get('edit_note', None) # if the edit note flag is set: if edit_note and edit_note == "true": # we came from dashboard # we should populate the form and that's it # set the form fields so the page shows correct values form.note_id.data = found_note.get('_id', '') delete_form.note_id.data = found_note.get('_id', '') form.title.data = Markup(found_note.get('title', '')).unescape() form.content.data = Markup(found_note.get('content', '')).unescape() form.note_type.data = found_note.get('note_type', '') # if the edit flag is not set: else: # we're trying to post an update # we should update the db # if form is valid: if form.validate(): # try to update; if we succeed: if note.update_note( user_id=ObjectId(sesh.get_user_id()), _id=ObjectId(found_note.get('_id', '')), title=form.title.data, note_type=form.note_type.data, content=form.content.data): found_user = user.find_by_id( ObjectId(sesh.get_user_id())) flash("Note saved! +1 point", 'message') # if update fails: else: flash("Nothing changed - the note wasn't saved.", 'message') # if form is not valid: else: flash( "Nothing changed - fix the errors below and try to update again.", 'message') # if we don't find the note else: flash( "Something went wrong - Couldn't find a note using the form.note_id", 'message') note_exists_in_db = False # if we posted with a "new_id" note_id: elif note_id and note_id == "new_id": # we're trying to create a new note # we want to attempt the insert logic # if form is valid: if form.validate(): # try to insert the note inserted_id = note.insert_note(user_id=ObjectId(sesh.get_user_id()), \ title=form.title.data, \ note_type=form.note_type.data, \ content=form.content.data) # if insertion succeeded: if inserted_id: # try to find the inserted note by the _id found_note = note.find_by_id(ObjectId(inserted_id)) # if we found inserted note: if found_note: found_user = user.find_by_id( ObjectId(sesh.get_user_id())) flash("Note created! +3 points", 'message') note_exists_in_db = True # update hidden form fields to track _id # so if we post again, we trigger update instead of insert form.note_id.data = found_note.get('_id', '') delete_form.note_id.data = found_note.get('_id', '') # if we can't find inserted note: else: flash( "Something went wrong - the note wasn't created.", 'message') note_exists_in_db = False # if insertion failed: else: flash("Nothing changed - the note wasn't created.", 'message') note_exists_in_db = False # if form is not valid: else: flash( "Nothing changed - fix the errors below and try to create the note again.", 'message') note_exists_in_db = False # if we have no note_id: elif not note_id: flash("Something went wrong - missing form.note_id", 'message') note_exists_in_db = False return render_template('edit_note.html', sesh=sesh, user=found_user, note=found_note, note_exists_in_db=note_exists_in_db, form=form, delete_form=delete_form, page_title='Edit Note')
def index_note(): form = DeleteNoteForm() note = Note.query.all() return render_template('index_note.html', note=note, form=form)