def moderatePostsDisable(id):
if not current_user.admin():
abort(403)
post = Post.query.get_or_404(id)
post.disabled = True
flash("Post is disabled.", 'success')
return redirect(url_for('.moderatePosts'))
def editProfileAdmin(id):
# Retrieve user or 404 code
user = User.query.get_or_404(id)
if current_user.username != user.username and not current_user.admin():
abort(403)
# Create form object
form = EditProfile()
# If request method is POST (the form was submitted)
if request.method == "POST":
if checkBtn("cancel", form):
# If cancel button is pressed, issue a redirect to profile page
return redirect(url_for('.profile', username=user.username))
elif checkBtn("submit", form):
# If submit button is pressed, update about me.
user.about_me = form.about_me.data
# Flash message
flash("The profile has been successfully updated.", 'success')
# Issue redirect
return redirect(url_for('.profile', username=user.username))
# Set initial value
form.about_me.data = user.about_me
# Render template
return render_template("blog/editProfile.html",
title="Blog - User's Profile",
year=year,
form=form,
user=user)
def editComment(id):
# Get comment from database (if it doesn't exist return 404 code)
comment = Comment.query.filter_by(id=id).first_or_404()
# Create form object
form = CommentForm()
# Issue 403 or forbidden code if user is not owner and is not administrator
if current_user.username != comment.author.username and not current_user.admin(
):
abort(403)
# If request method is POST (form submitted)
if request.method == "POST":
if checkBtn("cancel", form):
# If cancel btn was pressed, return redirect to comment's post (don't forget to go to comments part of the post)
return redirect(url_for('.post', id=comment.post.id) + '#comments')
elif checkBtn("submit", form):
# If submit was pressed, update content of comment and redirect back
comment.body = form.body.data
return redirect(url_for('.post', id=comment.post.id) + '#comments')
# Set initial values
form.body.data = comment.body
# Render template
return render_template("blog/editComment.html",
title="Edit Comment for post " + comment.post.title,
year=year,
comment=comment,
form=form)
def posts(username):
# Get pagination page.
page = request.args.get("page", 1, type=int)
# Get the user from the database and if the username doesn't exist,
# return a 404 error code.
user = User.query.filter_by(username=username).first_or_404()
# Create pagination object.
pagination = Post.query.order_by(
Post.date_posted.desc()).filter_by(author=user)
if not user.id == current_user.id and not current_user.admin():
pagination = pagination.filter_by(disabled=False, published=True)
pagination = pagination.paginate(
page, per_page=current_app.config["ITEMS_PER_PAGE"], error_out=True)
# Get the Post objects out of the paginated results
posts = pagination.items
# Render a template that is like the index page but slightly different (no search)
first_letter = username[0].upper()
username = first_letter + username[1:]
return render_template("blog/someonesPosts.html",
title="Blog - %s's posts" % username,
year=year,
posts=posts,
pagination=pagination,
user=user)
def edit(id):
project = Project.query.get_or_404(id)
if not current_user.admin() and project.author.username != current_user.username:
abort(403)
form = ProjectForm()
defaultOption = int(project.status)
if form.validate_on_submit():
project.title = form.title.data
project.description = form.description.data
project.vid_url = form.vid_url.data
project.parts = form.parts.data
project.steps = form.steps.data
project.status = form.status.data
project.code = form.code.data
project.document_html = generate_document_html(project)
if int(form.status.data) != defaultOption and int(form.status.data) == 1:
flash("You have now published your project! Now everyone (including users that are not logged in) can see it!", 'success')
flash("If at any time you want to make it a Draft again, then click on Draft!", 'info')
db.session.add(project)
db.session.commit()
return redirect(url_for('.edit', id=project.id))
form.status.default = defaultOption
form.process()
form.title.data = project.title
form.description.data = project.description
form.vid_url.data = project.vid_url
form.parts.data = project.parts
form.steps.data = project.steps
form.code.data = project.code
return render_template('projects/edit.html', title="Projects - Edit Project", year=year, form=form, project=project)
def getPagination(page):
pagination = Post.query.order_by(Post.date_posted.desc()).filter(
((Post.disabled == False) & (Post.published == True))
| (Post.author_id == current_user.id) | current_user.admin()).paginate(
page,
per_page=current_app.config["ITEMS_PER_PAGE"],
error_out=True)
return pagination
def decorated_view(*args, **kwargs):
if 'Employer' in roles and current_user.employer():
return view(*args, **kwargs)
elif 'Admin' in roles and current_user.admin():
return view(*args, **kwargs)
elif 'Freelancer' in roles and current_user.freelancer():
return view(*args, **kwargs)
else:
return render_template('errors/404.html'), 404
def edit(id):
# Retrieve post from database (issue 404 error is post doesn't exist)
post = Post.query.get_or_404(id)
# Create form object
form = PostForm()
# Issue a 403 (forbidden) error if post author is not the logged in user
if current_user.username != post.author.username and not current_user.admin(
):
abort(403)
# If request method is POST (a form was submitted)
if request.method == "POST":
if checkBtn("cancel", form):
# If cancel button was pressed
# Redirect the user to the page with the post in it
return redirect(url_for('.post', id=id))
elif checkBtn("submit", form):
# If the submit button was pressed, update post
post.title = form.title.data
post.body = form.body.data
post.tags = parseMultiplePost(form)
post.published = form.published.data
post.date_posted = datetime.utcnow()
# Update the summary (first 80 words)
post.changedBody()
if bool(
re.search(r'!.*\[.+\]', post.body, re.DOTALL)
or '</iframe>' in post.body
or re.search(r'<img .*src=".+".*>', post.body, re.DOTALL)):
post.disabled = True
else:
post.disabled = False
# Redirect the user to the page with the post in it
return redirect(url_for('.post', id=id))
# Set initial values of the fields with the post data
form.title.data = post.title
form.body.data = post.body
# Get list of tag ids by calling the unparseMultiplePost function (it was defined earlier)
form.tags.data = unparseMultiplePost(post)
form.published.data = post.published
# Render edit page template
return render_template("blog/edit.html",
title="Edit Post - " + post.title,
year=year,
post=post,
form=form)
def filteredPosts():
# Get pagination page
page = request.args.get("page")
# Get search query
q = request.args.get("q")
# Create form objects
post_form = PostForm()
search_form = SearchForm()
# Do the exact same as the index page
if post_form.validate_on_submit():
tags = parseMultiplePost(post_form)
post = Post(title=post_form.title.data,
body=post_form.body.data,
author=current_user._get_current_object(),
tags=tags,
published=post_form.published.data)
post.changedBody()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', id=post.id))
elif search_form.validate_on_submit():
return redirect(url_for('.filteredPosts', q=search_form.search.data))
# This bit is slightly different
# Search the database using Whoosh and paginate the results
pagination = Post.query.whoosh_search(q, 50).filter(
db.or_((Post.disabled == False and Post.published == True),
Post.author_id == current_user.id,
current_user.admin())).paginate(
page,
per_page=current_app.config["ITEMS_PER_PAGE"],
error_out=True)
# Get the Post objects out of the paginated results
posts = pagination.items
# Render the template as in the index route above but add another template variable
# called filtered so that the template knows that it is the filtered posts.
return render_template("blog/index.html",
title="Blog - Home Page",
year=year,
post_form=post_form,
search_form=search_form,
posts=posts,
pagination=pagination,
filtered=True)
def draft(id):
# Retrieve post from database (issue 404 error is post doesn't exist)
post = Post.query.get_or_404(id)
# Issue a 403 (forbidden) error if post author is not the logged in user
if post.author.username != current_user.username and not current_user.admin(
):
abort(403)
# Change status of post
post.published = False
# Flash a message that says that the post is a draft
flash("Your post is now a draft.", 'info')
# Issue a redirect to the page that requested this page.
return redirect(session["last_url"])
def moderatePosts():
if not current_user.admin():
abort(403)
page = int(request.args.get("page", 1))
# Create a pagination object to add pagination
pagination = Post.query.order_by(Post.date_posted.desc()).paginate(
page, per_page=current_app.config["ITEMS_PER_PAGE"], error_out=True)
# Get the Post objects out of the paginated results
posts = pagination.items
return render_template("blog/moderate.html",
title="Blog - Moderate Posts",
year=year,
posts=posts,
pagination=pagination)
def post(id):
# Retrieve the post and if id doesn't exist yet, return a 404 status code.
post = Post.query.get_or_404(id)
# If the post isn't public and the author is not the current user
if (post.disabled == True or post.published == False
) and post.author != current_user and not current_user.admin():
# Return a 403 status code (forbidden)
abort(403)
# Create a Comment for object
form = CommentForm()
# If a form is submitted (method will be POST)
if request.method == "POST":
if checkBtn("cancel", form):
# If cancel button is pressed, JavaScript will hide comment form
# (it's in a kind of accordion)
pass
elif checkBtn("submit", form):
# If the Save button is pressed, save comment to database
comment = Comment(body=form.body.data,
post=post,
author=current_user._get_current_object())
# Add comment to database (database will be committed at end of each request)
# The reason I committed the database manually above is because I needed to retrive
# the id of it (id doesn't exist until database is committed)
db.session.add(comment)
# Issue redirect to same page (last method used must be GET)
return redirect(url_for('.post', id=post.id) + "#comments")
# Retrieve the post's comments
comments = post.comments.order_by(Comment.date_posted.asc())
# Render template
return render_template("blog/post.html",
title="Post - " + post.title,
year=year,
post=post,
form=form,
comments=comments)
def editComment(id):
# Get comment from database (if it doesn't exist return 404 code)
comment = ProjectComment.query.filter_by(id=id).first_or_404()
# Create form object
form = CommentForm()
# Issue 403 or forbidden code if user is not owner and is not administrator
if current_user.username != comment.author.username and not current_user.admin():
abort(403)
# If request method is POST (form submitted)
if form.validate_on_submit():
# If submit was pressed, update content of comment and redirect back
comment.body = form.body.data
return redirect(url_for('.project', id=comment.project.id) + '#comments')
# Set initial values
form.body.data = comment.body
return render_template('projects/editComment.html', title="Projects - Edit Comment from Project {0}".format(comment.project.title), year=year, form=form, comment=comment)
def index():
if current_user.is_authenticated:
projects = Project.query.filter(db.or_(Project.status == True, Project.author == current_user, current_user.admin())).all()
else:
projects = Project.query.filter_by(status=True).all()
return render_template('projects/index.html', title="Projects", year=year, projects=projects)