def delete(id):
if not g.user:
abort(403)
post = get_post(id)
if request.method == 'GET':
session['token'] = create_token()
return render_template('posts/delete.html', post=post)
if not validate_token():
return redirect(url_for('posts.delete', id=post.id))
if request.form['action'] != 'delete':
return redirect(url_for('posts.show', id=post.id))
app.logger.info('Deleting post %d', post.id)
for comment in post.comments:
db.session.delete(comment)
db.session.delete(post)
db.session.commit()
flash('Post deleted!', 'success')
return redirect(url_for('index'))
def edit(id):
if not g.user:
abort(403)
post = get_post(id)
res, tags = preprocess(post, True)
if res:
return res
post.title = request.form['title']
post.content = request.form['content']
post.tags = tags
db.session.commit()
app.logger.info('Edited post %d', post.id)
flash('Post edited successfully.', 'success')
return redirect(url_for('posts.show', id=post.id))
def create():
try:
post_id = int(request.form['post_id'])
except ValueError:
abort(400)
post = get_post(post_id)
if g.user:
comment = Comment(request.form['content'], post, user=g.user)
else:
comment = Comment(request.form['content'], post,
username=request.form['username'])
if not request.form['username']:
if g.json:
return jsonify(status='error',
message='You have to add a name.',
token=create_token())
flash('You have to add a name.', 'error')
session['token'] = create_token()
return render_template('comments/edit.html', comment=comment,
post=post, edit=False)
res = preprocess(comment, post=post)
if res:
return res
db.session.add(comment)
db.session.commit()
app.logger.info('Created comment %d', comment.id)
if g.json:
return jsonify(status='success', message='Comment added.',
token=create_token(), id=comment.id)
flash('Comment created.', 'success')
return redirect(url_for('posts.show', id=post_id))
def show(id):
post = get_post(id)
session['token'] = create_token()
return render_template('posts/show.html', post=post)
