def handle_feedback_update(feedback_id):
"""
GET /feedback/<feedback-id>/update
Display a form to edit feedback — **Make sure that only the user who has written that feedback can see this form **
POST /feedback/<feedback-id>/update
Update a specific piece of feedback and redirect to /users/<username> — Make sure that only the user who has written that feedback can update it
"""
curr_username = session.get('user')
#someone is logged in
if curr_username:
#get the comment from the db
comment = Feedback.get(feedback_id)
#if the loggged in user is the same as the comment writer, then you can continue
if curr_username == comment.username:
#Most Common Path
form = FeedbackForm(obj=comment)
if form.validate_on_submit():
comment.update_from_serial(request.form)
return redirect(f'/users/{curr_username}')
else:
return render_template('edit_feedback_form.html', form=form)
#outlier path
else:
flash('Eyes on your own work!', 'warning')
return redirect(f'/users/{curr_username}')
#outlier path
else:
flash('Please Log in')
return redirect('/')
def delete_feedback(feedback_id):
"""POST /feedback/<feedback-id>/delete
Delete a specific piece of feedback and redirect to /users/<username> —
Make sure that only the user who has written that feedback can delete it
"""
curr_username = session.get('user')
if curr_username:
comment = Feedback.get(feedback_id)
if curr_username == comment.username:
comment.delete()
return redirect(f'/users/{curr_username}')
else:
return f"401! You're not authorized to do that {curr_username}!", 401
else:
flash("Log In Please.")
return redirect('/')
