def view(id): mail = Mail.find(id) if current_user().id == mail.receiver_id: mail.mark_read() if current_user().id in [mail.receiver_id, mail.sender_id]: return render_template("mail/detail.html", mail=mail) else: return redirect(url_for(".index"))
def view(id): mail = Mail.find(id) # 不是你自己收发的,肯定不能看 # 不是收的人,看了也不会变成已读状态 if current_user().id == mail.receiver_id: mail.mark_read() if current_user().id in [mail.receiver_id, mail.sender_id]: return render_template("mail/detail.html", mail=mail) else: return redirect(url_for('.index'))
def view(id): mail = Mail.find(id) # you cannot see if it is not sent or received by you # if you are not the receiver, message will not be marked as read if current_user().id == mail.receiver_id: mail.mark_read() if current_user().id in [mail.receiver_id, mail.sender_id]: return render_template("mail/detail.html", mail=mail) else: return redirect(url_for(".index"))
def view(id): mail = Mail.find(id) # 不是你自己收发的,你肯定不能看 # 不是收的人,那你看了也不会变成已读 if current_user().id == mail.receiver_id: mail.mark_read() if current_user().id in [mail.receiver_id, mail.sender_id]: return render_template("mail/detail.html", mail=mail) else: return redirect(url_for(".index"))
def update(mail_id): if Mail.check_token(): form = request.form m = Mail.find(mail_id) if current_user().id in [m.receiver_id, m.sender_id]: Mail.update(form) # redirect有必要加query吗 return redirect(url_for('.index')) else: abort(401)
def view(id): u = current_user() mail = Mail.find(id) if u.id == mail.receiver_id: mail.mark_read() if u.id in [mail.receiver_id, mail.sender_id]: return render_template('mail/detail.html', mail=mail) else: return redirect(url_for('.index'))
def edit(mail_id): user = current_user() if Mail.check_token(): # mail_id = int(request.args.get('id', -1)) m = Mail.find(mail_id) if current_user().id in [m.receiver_id, m.sender_id]: return render_template('mail/mail_edit.html', m=m, token=gg.token[user.id], user=user) else: abort(401)
def view(id): """ 注意安全问题,首先确定登录的用户是收件人,如果不是就不能标记已读; 另外只有当用户是收/发件人时,才能查看邮件详情 :param id: 传入的邮件id :return: 对应的邮件 """ mail = Mail.find(id) u = current_user() if u.id == mail.receiver_id: mail.mark_read() if u.id in [mail.receiver_id, mail.sender_id]: return render_template('mail/detail.html', mail=mail)
def view(id): mail = Mail.find(id) sender = User.find(mail.sender_id).username receiver = User.find(mail.receiver_id).username # 不是你自己收发的,你肯定不能看 # 不是收的人,那你看了也不会变成已读 user = current_user() if user.id == mail.receiver_id: mail.mark_read() if user.id in [mail.receiver_id, mail.sender_id]: return render_template("mail/detail.html", mail=mail, user=user, sender=sender, receiver=receiver) else: return redirect(url_for(".index"))
def view(mail_id): mail = Mail.find(id=mail_id) if (current_user().role != -1) and (current_user().id in [mail.receiver_id, mail.sender_id]): return render_template("mail/mail_detail.html", mail=mail) else: return redirect(url_for("routes_mail.index"))