def delete_category(category_id):
if category_id == 1:
flash('Can not delete default category.', 'warning')
return redirect_back()
category = Category.query.get_or_404(category_id)
category.delete()
flash('Category deleted.', 'success')
return redirect_back(url_for('.manage_category'))
def change_theme(theme_name):
if theme_name not in current_app.config['BLOG_THEMES'].keys():
abort('404')
response = make_response(redirect_back())
response.set_cookie('theme', theme_name, max_age=30 * 24 * 60 * 60)
return response
def edit_profile_admin(user_id):
user = User.query.get_or_404(user_id)
form = EditProfileAdminForm(user=user)
if form.validate_on_submit():
user.name = form.name.data
role = Role.query.get(form.role.data)
if role.name == 'Locked':
user.lock()
user.role = role
user.bio = form.bio.data
user.website = form.website.data
user.confirmed = form.confirmed.data
user.active = form.active.data
user.location = form.location.data
user.username = form.username.data
user.email = form.email.data
db.session.commit()
flash('Profile updated.', 'success')
return redirect_back()
form.name.data = user.name
form.role.data = user.role_id
form.bio.data = user.bio
form.website.data = user.website
form.location.data = user.location
form.username.data = user.username
form.email.data = user.email
form.confirmed.data = user.confirmed
form.active.data = user.active
return render_template('admin/edit_profile.html', form=form, user=user)
def block_user(user_id):
user = User.query.get_or_404(user_id)
if user.role.name in ['Administrator', 'Moderator']:
flash('Permission denied.', 'warning')
else:
user.block()
flash('Account blocked.', 'info')
return redirect_back()
def delete_post(post_id):
post = Post.query.get_or_404(post_id)
if current_user != post.author and not current_user.can('MODERATE'):
abort(403)
db.session.delete(post)
db.session.commit()
flash('Post deleted.', 'success')
return redirect_back()
def unfollow(username):
user = User.query.filter_by(username=username).first_or_404()
if not current_user.is_following(user):
flash('Not follow yet.', 'info')
return redirect(url_for('.index', username=username))
current_user.unfollow(user)
flash('User unfollowed.', 'info')
return redirect_back()
def delete_article(username, article_id):
user = User.query.filter_by(username=username).first_or_404()
if user != current_user:
abort(403)
article = Article.query.get_or_404(article_id)
db.session.delete(article)
db.session.commit()
flash('Article deleted.', 'success')
return redirect_back()
def re_authenticate():
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def set_comment(post_id):
post = Post.query.get_or_404(post_id)
if post.can_comment:
post.can_comment = False
flash('Comment disabled.', 'success')
else:
post.can_comment = True
flash('Comment enabled.', 'success')
db.session.commit()
return redirect_back()
def follow(username):
user = User.query.filter_by(username=username).first_or_404()
if current_user.is_following(user):
flash('Already followed.', 'info')
return redirect(url_for('.index', username=username))
current_user.follow(user)
flash('User followed.', 'success')
if user.receive_follow_notification:
push_follow_notification(follower=current_user, receiver=user)
return redirect_back()
def edit_category(category_id):
if category_id == 1:
flash(u'禁止修改默认分类', 'warning')
category = Category.query.get_or_404(category_id)
form = CategoryForm()
if form.validate_on_submit():
category.name = form.name.data
db.session.commit()
flash('Category updated.', 'success')
return redirect_back()
form.name.data = category.name
return render_template('admin/edit_category.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user is not None and user.validate_password(form.password.data):
login_user(user, form.remember_me.data)
flash('Login success.', 'info')
return redirect_back()
flash('Invalid email or password.', 'warning')
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('blog.index'))
form = LoginForm()
if form.validate_on_submit():
username = form['username'].data
password = form['password'].data
remember = form['remember'].data
admin = Admin.query.first()
if admin:
if admin.username == username and admin.check_password(password):
flash('Login successfully', 'info')
login_user(user=admin, remember=remember)
return redirect_back()
else:
flash('Invalid username or password.', 'warning')
else:
flash('No account.', 'warning')
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('blog.index'))
form = LoginForm()
if form.validate_on_submit():
username = form.username.data
password = form.password.data
remember = form.remember.data
admin = Admin.query.first()
if admin:
if username == admin.username and admin.validate_password(
password):
login_user(admin, remember)
flash('欢迎回来', 'info')
return redirect_back()
flash('用户名或密码错误', 'warning')
else:
flash('没有用户', 'warning')
return render_template('auth/login.html', form=form)
def set_comment(post_id):
return redirect_back()
def delete_post(post_id):
post = Post.query.get_or_404(post_id)
db.session.delete(post)
db.session.commit()
flash('Post deleted.', 'success')
return redirect_back()
def delete_comment(comment_id):
comment = Comment.query.get_or_404(comment_id)
db.session.delete(comment)
db.session.commit()
flash('Comment deleted.', 'success')
return redirect_back()
def approve_comment(comment_id):
comment = Comment.query.get_or_404(comment_id)
comment.reviewed = True
db.session.commit()
flash('Comment published.', 'success')
return redirect_back()
def logout():
logout_user()
flash('Logout success.', 'info')
return redirect_back()
def logout():
logout_user()
flash('登出成功', 'info')
return redirect_back()
def unblock_user(user_id):
user = User.query.get_or_404(user_id)
user.unblock()
flash('Block canceled.', 'info')
return redirect_back()
def delete_tag(tag_id):
tag = Tag.query.get_or_404(tag_id)
db.session.delete(tag)
db.session.commit()
flash('Tag deleted.', 'info')
return redirect_back()
def lock_user(user_id):
user = User.query.get_or_404(user_id)
user.lock()
flash('Account locked.', 'info')
return redirect_back()
