def comment_delete(comment_id): comment = db.query(Comment).get(int(comment_id)) # get comment from db by ID # get current user session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token, verified=True).first() # check if user logged in & if user is author if not user: return redirect(url_for('auth.login')) elif comment.author.id != user.id: return "You can only delete your own comments!" # check CSRF tokens csrf = request.form.get("csrf") if validate_csrf(csrf, user.username): # if it validates, delete the comment topic_id = comment.topic.id # save the topic ID in a variable before you delete the comment db.delete(comment) db.commit() return redirect(url_for('topic.topic_details', topic_id=topic_id)) else: return "CSRF error: tokens don't match!"
def task_delete(task_id): task = db.query(Task).get(int(task_id)) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() if request.method == "GET": return "helo" if not user: return redirect(url_for('login')) if request.form['action'] == 'delete': task_id = task.id db.delete(task) db.commit() if request.form['action'] == 'completed': user.completed += 1 db.commit() task_id = task.id db.delete(task) db.commit() return redirect(url_for('tasks', task_id=task_id))
def topic_delete(comment_id): comment = db.query(Comment).get(int(comment_id)) if request.method == "GET": db.delete(comment) db.commit() return redirect(url_for('index', comment=comment))
def topic_delete(topic_id): topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID if request.method == "GET": return render_template("topic/delete.html", topic=topic) elif request.method == "POST": # get current user (author) user = user_from_session_token() # check if user is logged in and user is author if not user: return redirect(url_for('login')) elif topic.author_id != user.id: return "You are not the author!" else: # if user IS logged in and current user IS author # delete topic db.delete(topic) db.commit() return redirect(url_for('index'))
def comment_delete(comment_id): comment = Comment.get_comment(comment_id) user = user_from_session_token() if not user: return redirect(url_for('auth.login')) elif comment.author.id != user.id: return "You can only delete your own comments!" csrf = request.form.get("csrf") if is_valid_csrf(csrf, user.username): topic_id = comment.topic.id db.delete(comment) db.commit() return redirect(url_for('topic.topic_details', topic_id=topic_id)) else: return "CSRF error: tokens don't match!"
def topic_delete(topic_id): topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID if request.method == "GET": return render_template("topic/topic_delete.html", topic=topic) elif request.method == "POST": # get current user (author) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # check if user is logged in and user is author if not user: return redirect(url_for('auth.login')) elif topic.author.id != user.id: return "You are not the author!" else: # if user IS logged in and current user IS author # delete topic db.delete(topic) db.commit() return redirect(url_for('topic.index'))
def topic_delete(topic_id): topic = Topic.read(topic_id) if request.method == "GET": return render_template("topic/topic_delete.html", topic=topic) elif request.method == "POST": user = user_from_session_token() if not user: return redirect(url_for('auth.login')) elif topic.author_id != user.id: return "You are not the author!" else: comments = Comment.read_all(topic) for comment in comments: db.delete(comment) db.delete(topic) db.commit() return redirect(url_for('topic.index'))
def card_delete(card_id): card = db.query(Card).get(int(card_id)) # get card from db by ID if request.method == "GET": return render_template("card/card_delete.html", card=card) elif request.method == "POST": # get current user (author) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # check if user is logged in and user is author if not user: return redirect(url_for('auth.login')) elif card.author_id != user.id: return "You are not the author!" else: # if user IS logged in and current user IS author # delete topic db.delete(card) db.commit() return redirect(url_for('card/card.dashboard'))
def upload(): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() img = db.query(Image).filter_by(author_id=user.id).first() image_url = request.json.get('image_url') if user.image_count >= 1: db.delete(img) db.commit user.image_count += 1 db.commit() if image_url: newImage = Image(author=user, image_url=image_url) newImage.insert() return jsonify(newImage.to_dict) else: return jsonify({"success": False, "message": "fdfdfdfdfdfdfd"})
def topic_delete(topic_id): topic = db.query(Topic).get(int(topic_id)) db.delete(topic) db.commit() return redirect(url_for("index"))