def new_post(): form= PostForm() if form.validate(): post = Post(title=form.title.data, content= form.content.data, author=current_user) db.session.add(post) db.session.commit() flash('Your post has been created !', 'success') return redirect(url_for('main.home')) return render_template('create_post.html', title='New Post',form=form, legend='New Post')
def update_post(post_id): post = Post.query.get_or_404(post_id) if post.author != current_user: abort(403) form = PostForm() if request.method == 'POST': if form.validate(): post.title = form.title.data post.content = form.content.data db.session.commit() flash('Your content has been updated!', 'success') return redirect(url_for('post.post', post_id=post.id)) if request.method == 'GET': form.title.data = post.title form.content.data = post.content return render_template('create_post.html', title='Update Post', form=form, legend='Update Post')
def update_post(post_id): # get the post with id= post_id or 404 page post = Post.query.get_or_404(post_id) # if the author of the post != the current user if post.author != current_user: # forbieden page abort(403) form = PostForm() if form.validate(): post.title = form.title.data post.content = form.content.data db.session.commit() flash('Your Post has been Updated!', 'success') return redirect(url_for('posts.post', post_id=post.id)) elif request.method == 'GET': form.title.data = post.title form.content.data = post.content return render_template('create_post.html', title='Update Post', legend='Update Post', form=form)