def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
# Check if the user is the post creater. if not, show 403 forbidden
if blog_post.author != current_user:
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
flash('Post updated')
return redirect(url_for('blog_posts.blog_post', blog_post_id = blog_post.id))
elif request.method == "GET":
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html', title = 'Updating', form=form)
def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
# This will make sure that the user editing the blog post is the author.
if blog_post.author != current_user:
# Triggers an abort with 403 - Forbidden
abort(403)
# This part updates the blog post
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.content = form.content.data
# Just commit since the row already exists, just updated.
db.session.commit()
flash('Blog Post Updated!')
# Redirects user to the blog_post that was edited. Hence, the blog_post_id = blog_post.id
return redirect(url_for('blog_posts.blog_post', blog_post_id=blog_post.id))
elif request.method == 'GET':
form.title.data = blog_post.title
form.content.data = blog_post.content
return render_template('create_post.html', title="Update", form=form)
def update_post(blog_post_id):
# get post
blog_post = BlogPost.query.get_or_404(blog_post_id)
# validate user
if blog_post.author != current_user:
abort(403)
# create form and pass form data
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
flash('Blog Post Updated')
return redirect(
url_for('blog_posts.blog_post', blog_post_id=blog_post.id))
# display post already in db in the form
elif request.method == "GET":
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html',
title='Updating Post',
form=form)
def create_post():
form = BlogPostForm()
if form.validate_on_submit():
blog_post = Post(title=form.title.data,
text=form.text.data,
user_id=current_user.id)
db.session.add(blog_post)
db.session.commit()
flash('Blog Post Created')
return redirect(url_for('core.index'))
return render_template('create_post.html', form=form)
def create_post():
form = BlogPostForm()
if form.validate_on_submit():
post = BlogPost(title=form.title.data,
text=form.text.data,
user_id=current_user.id)
db.session.add(post)
db.session.commit()
flash('Blog post created!')
return redirect(url_for('blog_posts.blog_post', blog_post_id=post.id))
return render_template('create_post.html', form=form)
def create_post():
form = BlogPostForm()
if form.validate_on_submit():
blog_post = BlogPost(user_id=current_user.id,
title=form.title.data,
body=form.body.data)
db.session.add(blog_post)
db.session.commit()
flash("Post Successful")
return redirect(url_for("core.index"))
return render_template("create_post.html", form=form)
def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
if blog_post.author != current_user:
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
flash('Blog post updated')
return redirect(
url_for('blog_posts.blog_post', blog_post_id=blog_post.id))
elif request.method == 'GET':
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html', form=form)
def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
if blog_post.author != current_user:
# Forbidden, No Access
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
flash('Post Updated')
return redirect(
url_for('blog_posts.blog_post', blog_post_id=blog_post.id))
# Pass back the old blog post information so they can start again with
# the old text and title.
elif request.method == 'GET':
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html', title='Update', form=form)
def update_post(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
if blog_post.author != current_user:
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.body = form.body.data
db.session.commit()
flash("Update Successful")
return redirect(
url_for("blog_posts.blog_post", blog_post_id=blog_post.id))
elif request.method == "GET":
form.title.data = blog_post.title
form.body.data = blog_post.body
return render_template("create_post.html", form=form)
def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
if blog_post.author != current_user:
# if the logged in user is not the author of the post
# we throw 403 error,denying their access to updating the post
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
flash('Blog post updated!')
return redirect(
url_for('blog_posts.blog_post', blog_post_id=blog_post_id))
elif request.method == 'GET':
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html', title='Updating', form=form)
