def post(id=None): if request.method == 'POST': setting = request.form.get('setting') post_id = request.form.get('value_0') value = request.form.get('value_1') if not setting or not post_id: abort(400) try: post_id = int(post_id) except: abort(400) post = Post(post_id=post_id) if not post.id: abort(400) if setting == 'delete': post.delete() flash(messages.post_deleted) if request.form.get('next'): return redirect(request.form['next']) return redirect(url_for('admin_post')) elif setting == 'public': if not value: abort(400) if value == 'True': post.set_public() flash(messages.post_marked_public) else: post.update('is_public', False) flash(messages.post_marked_private) return redirect(url_for('admin_post_id', id=post_id)) else: if id: post = Post(post_id=id) post = post.get_post() if not post: flash(messages.post_not_found) else: post = None return render_template('admin/post.html', post=post)