def update(id): post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() result = db.post.update_one({"_id": ObjectId(id)}, { '$set': { 'title': title, 'body': body, 'updated': datetime.now() } }) return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post)
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().user.find_one({'_id': ObjectId(user_id)})
def get_post(id, check_author=True): # 修正対象のpost_idのauthor_idがログインユーザと同じであるかチェック # postを検索 db = get_db() got_post = db.post.find_one({"_id": ObjectId(id)}) post = { 'id': str(got_post["_id"]), 'title': got_post["title"], 'body': got_post["body"], 'author_id': got_post["author_id"] } if post is None: abort(404, "Post id {0} doesn't exist".format(id)) if str(post['author_id']) != str(g.user['_id']): abort(403) return post
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.user.find_one({'username': username}) if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' if error is None: session.clear() session['user_id'] = str(user['_id']) return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def index(): db = get_db() posts = db.post.aggregate([{ "$lookup": { "from": "user", "localField": "author_id", "foreignField": "_id", "as": "userInfos" } }, { "$unwind": "$userInfos" }, { "$sort": { "updated": -1 } }, { "$project": { "id": "$_id", "title": "$title", "body": "$body", "updated": "$updated", "author_id": "$author_id", "username": "******", } }]) results = [] for post in posts: results.append({ "id": str(post["id"]), "title": post["title"], "body": post["body"], "author_id": post["author_id"], "username": post["username"], "updated": post["updated"] }) return render_template('blog/index.html', posts=results)
def create(): if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() post_id = db.post.insert({ 'title': title, 'body': body, 'author_id': g.user['_id'], 'updated': datetime.now() }) return redirect(url_for('blog.index')) return render_template('blog/create.html')
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' else: user = db.user.find_one({'username': username}) if user: error = 'User {} is already registered.'.format(user['username']) if error is None: user_id = db.user.insert({'username': username, 'password': generate_password_hash(password)}) return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def delete(id): get_post(id) db = get_db() result = db.post.delete_one({'_id': ObjectId(id)}) return redirect(url_for('blog.index'))