def publish() :
if not session.get('is_admin'):
return redirect(url_for('admin.login'))
article_id = int(request.args.get('articleId', 0))
if not article_id :
return abort(404)
draft = db_session.query(Draft).filter(Draft.article_id == article_id).first()
article = db_session.query(Article).filter(Article.id == article_id).first()
if draft :
if not article :
article = Article(draft.user_id, draft.user_name, draft.title, draft.content)
article.id = draft.article_id
db_session.add(article)
else :
article.title = draft.title
article.content = draft.content
db_session.delete(draft)
db_session.flush()
return redirect('/detail?articleId=' + str(article_id))
def publish():
if not session.get('is_admin'):
return redirect(url_for('admin.login'))
article_id = int(request.args.get('articleId', 0))
if not article_id:
return abort(404)
draft = db_session.query(Draft).filter(
Draft.article_id == article_id).first()
article = db_session.query(Article).filter(
Article.id == article_id).first()
if draft:
if not article:
article = Article(draft.user_id, draft.user_name, draft.title,
draft.content)
article.id = draft.article_id
db_session.add(article)
else:
article.title = draft.title
article.content = draft.content
db_session.delete(draft)
db_session.flush()
return redirect('/detail?articleId=' + str(article_id))
def delete_item_list(name):
item = Item.query.filter(Item.name == name).first()
db_session.delete(item)
db_session.commit()
return item
def delete_user(user_id):
""" Deletes a User """
user = User.query.get(user_id)
headers = request.headers
jwt_token = headers['X-Authorization']
# check for valid token
try:
decoded = jwt.decode(jwt_token, constants.SECRET_KEY)
except jwt.exceptions.InvalidTokenError:
return jsonify("token is not valid"), 400
if user is None:
return jsonify(Message="Not Found"), 404
# check to make sure user names match
if decoded['username'] != user.username:
return jsonify("you can only delete your own profile"), 401
db_session.delete(user)
db_session.commit()
return jsonify(success=True)
def delete_photo(photo_id):
""" Deletes a photo """
headers = request.headers
photo = Photo.query.get(photo_id)
if photo is None:
return jsonify(errors="Not Found"), 404
# authenticate user by jwtToken
jwt_token = headers['X-Authorization']
message = {}
# decode the jwtToken
try:
decoded = jwt.decode(jwt_token, constants.SECRET_KEY)
except jwt.exceptions.InvalidTokenError:
message['error'] = 'token is invalid'
return jsonify(message), 400
# validate the photo owner
if decoded['username'] != photo.user.username:
return jsonify("You can only delete your own photos"), 401
else:
db_session.delete(photo)
db_session.commit()
return jsonify(success=True), 202
def remove_post(post_id):
post = Post.query.get(post_id)
db_session.delete(post)
db_session.commit()