def edit_post(post_id): if not current_user.has_edit_news_permission: abort(403) post = Post.query.get_or_404(post_id) if not post.can_edit(current_user): abort(403) form = PostForm(obj=post) if form.validate_on_submit(): form.populate_obj(post) db.session.commit() return redirect(url_for('news.view_post', post_id=post.id)) delete_form = DeleteForm() context = dict( post=post, form=form, delete_form=delete_form, ) return render_template('edit_post.html', **context)
def add_post(): if not current_user.has_edit_news_permission: abort(403) form = PostForm() if form.validate_on_submit(): post = Post() post.published = datetime.now() form.populate_obj(post) db.session.add(post) db.session.commit() return redirect(url_for('news.view_post', post_id=post.id)) context = dict( form=form, ) return render_template('edit_post.html', **context)