def post(post_id): form = CommentForm() post = Post.objects(id=post_id).get_or_404() if form.validate_on_submit(): new_comment = Comment() new_comment.name = form.name.data new_comment.text = form.text.data new_comment.date = datetime.datetime.now() post.comments.append(new_comment) post.save() tags = post.tags comments = post.comments return with_sidebar_render('post.html', post=post, tags=tags, comments=comments, form=form)
def edit_post(id): post = Post.objects(id=id).get_or_404() permission = Permission(UserNeed(post.user.id)) if (permission.can() or admin_permission.can()): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() post.save() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)