def delete_blog(blog_id): """Delete blog. :param id: blog id. """ blog = api_blog.get(blog_id) if blog.user != current_user: return jsonres(rv=None, metacode=403, msg=u'这不是您的,你不能删除', code=403) api_blog.delete(api_blog.get_or_404(blog_id)) return jsonres()
def delete_blogs(): """Delete blog. :param id: blog id. """ delIds = request.json for delId in delIds: blog = api_blog.get(delId) if blog.user != current_user: return jsonres(metacode=403, msg=u'有不是您的,不能删除', code=403) return jsonres()
def change_blog(blog_id, category): """Edit the blog. :param id: blog id. """ blog = api_blog.get(blog_id) if blog.user != current_user: flash(gettext('This is not your blog'), category='error') abort(403) blog_form = BlogForm(obj=blog) if blog_form.validate_on_submit(): flash(u'更新成功') api_blog.update(blog, **blog_form.data) return redirect(url_for('.detail_blog', blog_id=blog_id, category=category)) if request.method == 'POST': flash(u'更新失败,请检查', category='danger') return render_template('blog/create.html', blog_form=blog_form, category=category, action_url=url_for('.change_blog', blog_id=blog_id, category=category))
def change_blog(blog_id): """Edit the blog. :param id: blog id. """ blog = api_blog.get(blog_id) if blog.user != current_user: return jsonres(rv=None, metacode=403, msg=u'这不是您的,你不能修改', code=403) blog_form = BlogUpdateForm() #json方式,不能验证csrf_token blog_form.csrf_enabled = False if blog_form.validate_on_submit(): api_blog.update(blog, **blog_form.data) return jsonres() #构造表单验证错误,返回 return jsonres(msg=blog_form.errors, metacode=400, code=400)