def delete_note_form(note_id):
form = DeleteNoteForm()
if form.validate_on_submit():
note = Note.query.get(note_id)
db.session.delete(note)
db.session.commit()
flash('You already delete the note use form!')
else:
abort(400)
return redirect(url_for('index_note'))
def delete_note(note_id):
form = DeleteNoteForm()
if form.validate_on_submit():
note = Note.query.get(note_id)
db.session.delete(note)
db.session.commit()
flash('Your note is deleted')
else:
abort(400)
return redirect(url_for('index'))
def delete_note(note_id):
form=DeleteNoteForm()
if form.validate_on_submit():
note=Note.query.get(note_id)
db.session.delete(note)
db.session.commit()
flash('Delete successful!')
else:
abort("400")
return redirect(url_for("index"))
def delete_note_route():
if not sesh.confirm_logged_in():
return redirect(url_for('login_route'))
found_user = user.find_by_id(ObjectId(sesh.get_user_id()))
if not found_user:
return redirect(url_for('login_route'))
delete_form = DeleteNoteForm()
if request.method == 'POST':
# pass on the note_id from the post
delete_form.note_id.data = request.form.get("note_id", None)
# validate - if not valid means missing note_id
if delete_form.validate():
# make sure the note belongs to the logged in user
note_belongs_to_user = note.belongs_to_user(
_id=ObjectId(delete_form.note_id.data),
user_id=ObjectId(sesh.get_user_id()))
if note_belongs_to_user:
# try the delete
if note.delete_note(_id=ObjectId(delete_form.note_id.data),
user_id=ObjectId(sesh.get_user_id())):
found_user = user.find_by_id(ObjectId(sesh.get_user_id()))
flash("Note deleted. +1 point", 'message')
# if delete failed:
else:
flash(
"Nothing changed - something went wrong deleting the note.",
'message')
# if note doesn't belong to user:
else:
flash(
"Nothing changed - that note isn't attached to your account.",
'message')
return redirect(url_for('dashboard_route'))
def delete_note(note_id):
""" delete a note if the user is verified, and redirect to users page """
# Make sure to do a form validation with DeleteForm to protect from CSRF attack
# Also check out raise Unauthorized
note = Note.query.get_or_404(note_id)
if session.get("user_id") != note.owner:
raise Unauthorized(description="You do not have permission!")
form = DeleteNoteForm()
if form.validate_on_submit():
db.session.delete(note)
db.session.commit()
return redirect(f"/users/{note.owner}")
# Further Study: Maybe refactor the validation function for logged in user
# def validate_session()
def get_user(username):
""" Shows information about the user at username if logged in """
if session.get("user_id") != username:
raise Unauthorized(description="You do not have permission!")
else:
user = User.query.get(username)
return render_template("show_user.html",
user=user,
delete_note_form=DeleteNoteForm(),
delete_user_form=DeleteUserForm())
def index():
form = DeleteNoteForm()
notes = Note.query.all()
return render_template('index.html', notes=notes, form=form)
def edit_note_route():
before_route_load()
if not sesh.confirm_logged_in():
return redirect(url_for('login_route'))
found_user = user.find_by_id(ObjectId(sesh.get_user_id()))
if not found_user:
return redirect(url_for('login_route'))
form = EditNoteForm()
delete_form = DeleteNoteForm()
found_note = None
note_exists_in_db = True
# if it's GET we're coming direct and have no posted id to load a note
# so we're creating a new note
if request.method == 'GET':
# we don't care if the form is valid, because it's blank
# we're not doing any DB calls
# we just want to set note_exists_in_db to False
note_exists_in_db = False
# if it's POST we're trying to insert or update a note
# or we're coming from dashboard to start editing
if request.method == 'POST':
# if we have a note_id, we're either:
# coming from dashboard and want to populate the form with the note details;
# or, we pressed "save" on this route and want to post an update to a note
# get the note_id, if it exists
note_id = request.form.get('note_id', None)
# if note_id exists and it's not set to "new_id":
if note_id and note_id != "new_id":
# try to find the note using the posted note_id
found_note = note.find_by_id(ObjectId(form.note_id.data))
# if we find the note:
if found_note:
note_exists_in_db = True
# get the edit_note flag, if it exists
edit_note = request.form.get('edit_note', None)
# if the edit note flag is set:
if edit_note and edit_note == "true":
# we came from dashboard
# we should populate the form and that's it
# set the form fields so the page shows correct values
form.note_id.data = found_note.get('_id', '')
delete_form.note_id.data = found_note.get('_id', '')
form.title.data = Markup(found_note.get('title',
'')).unescape()
form.content.data = Markup(found_note.get('content',
'')).unescape()
form.note_type.data = found_note.get('note_type', '')
# if the edit flag is not set:
else:
# we're trying to post an update
# we should update the db
# if form is valid:
if form.validate():
# try to update; if we succeed:
if note.update_note(
user_id=ObjectId(sesh.get_user_id()),
_id=ObjectId(found_note.get('_id', '')),
title=form.title.data,
note_type=form.note_type.data,
content=form.content.data):
found_user = user.find_by_id(
ObjectId(sesh.get_user_id()))
flash("Note saved! +1 point", 'message')
# if update fails:
else:
flash("Nothing changed - the note wasn't saved.",
'message')
# if form is not valid:
else:
flash(
"Nothing changed - fix the errors below and try to update again.",
'message')
# if we don't find the note
else:
flash(
"Something went wrong - Couldn't find a note using the form.note_id",
'message')
note_exists_in_db = False
# if we posted with a "new_id" note_id:
elif note_id and note_id == "new_id":
# we're trying to create a new note
# we want to attempt the insert logic
# if form is valid:
if form.validate():
# try to insert the note
inserted_id = note.insert_note(user_id=ObjectId(sesh.get_user_id()), \
title=form.title.data, \
note_type=form.note_type.data, \
content=form.content.data)
# if insertion succeeded:
if inserted_id:
# try to find the inserted note by the _id
found_note = note.find_by_id(ObjectId(inserted_id))
# if we found inserted note:
if found_note:
found_user = user.find_by_id(
ObjectId(sesh.get_user_id()))
flash("Note created! +3 points", 'message')
note_exists_in_db = True
# update hidden form fields to track _id
# so if we post again, we trigger update instead of insert
form.note_id.data = found_note.get('_id', '')
delete_form.note_id.data = found_note.get('_id', '')
# if we can't find inserted note:
else:
flash(
"Something went wrong - the note wasn't created.",
'message')
note_exists_in_db = False
# if insertion failed:
else:
flash("Nothing changed - the note wasn't created.",
'message')
note_exists_in_db = False
# if form is not valid:
else:
flash(
"Nothing changed - fix the errors below and try to create the note again.",
'message')
note_exists_in_db = False
# if we have no note_id:
elif not note_id:
flash("Something went wrong - missing form.note_id", 'message')
note_exists_in_db = False
return render_template('edit_note.html',
sesh=sesh,
user=found_user,
note=found_note,
note_exists_in_db=note_exists_in_db,
form=form,
delete_form=delete_form,
page_title='Edit Note')
def index_note():
form = DeleteNoteForm()
note = Note.query.all()
return render_template('index_note.html', note=note, form=form)