def edit(slug): post = Post.query.filter(Post.slug == slug).first_or_404() if not post.can_edit(current_user): return login_manager.unauthorized() form = PostForm(obj=post) form.tag_names.data = post.tag_names return render_template('posts_edit.html', form=form)
def destroy(slug): post = Post.query.filter(Post.slug == slug).first_or_404() if not post.can_edit(current_user): return login_manager.unauthorized() db.session.delete(post) db.session.commit() flash('Post deleted', 'success') return redirect(url_for('admin.posts'))
def destroy(id): user = User.query.get_or_404(id) if not user.can_edit(current_user): return login_manager.unauthorized() db.session.delete(user) db.session.commit() flash('Account deleted', 'success') return redirect('/')
def update(slug): post = Post.query.filter(Post.slug == slug).first_or_404() if not post.can_edit(current_user): return login_manager.unauthorized() form = PostForm() if form.validate(): try: form.update_post(post) db.session.add(post) db.session.commit() return redirect(url_for('posts.show', slug=post.slug)) except IntegrityError: db.session.rollback() form.slug.errors.append('This slug is taken.') return render_template('posts_edit.html', form=form)
def update(id): user = User.query.get_or_404(id) if not user.can_edit(current_user): return login_manager.unauthorized() form = UserForm() if form.validate(current_user, user): form.update_user(user) try: db.session.add(user) db.session.commit() flash('Account updated!', 'success') return redirect('/') except IntegrityError: db.session.rollback() form.username.errors.append('This name has been taken.') return render_template('users_edit.html', form=form, user=user)
def decorated_view(*args, **kwargs): if current_user.is_authenticated \ and not current_user.authorized_for(user_type): return login_manager.unauthorized() else: return original_login_required(func)(*args, **kwargs)