def decorated_function(*args, **kwargs): if not current_user.can(permisssion): print "Can it?" print current_user.can(permisssion) abort(403) print "probably can" return f(*args, **kwargs)
def insert_contract(): form = ContractForm() page = request.args.get('page', 1, type=int) pagination = Contract.query.order_by(desc(Contract.timestamp)).outerjoin(Contract_Device).add_entity(Contract_Device).outerjoin(Contract_Device_Number)\ .add_entity(Contract_Device_Number).outerjoin(Device).add_entity(Device).outerjoin(Purchase).add_entity(Purchase)\ .paginate(page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'],error_out=False) contracts = pagination.items if form.validate_on_submit() and current_user.can(Permission.CONTRACT): contract = Contract(contract_number=form.contract_number.data,material_operator=form.material_operator.data,\ contract_date=form.contract_date.data,contract_value=form.contract_value.data,\ planned_arrival_date=form.planned_arrival_date.data) if not Contract.query.filter_by(contract_number=form.contract_number.data).first(): db.session.add(contract) db.session.commit() else: db.session.rollback() flash("您可能输入了重复的合同编号或者非法字符,请重新刷新网页") return redirect(url_for('.insert_contract')) elif form.validate_on_submit() and not current_user.can(Permission.PURCHASE) : flash('你没有权限写入合同') return redirect(url_for('.insert_contract')) return render_template('insert_contract.html', form=form, contracts=contracts,pagination=pagination)
def insert_contract_device(id): form = ContractDeviceForm() contract = Contract.query.filter_by(id=id).first() #已经添加的合同设备 if form.validate_on_submit() and current_user.can(Permission.CONTRACT_DEV): device_quantity=int(form.device_quantity.data) if device_quantity!=form.device_quantity.data: flash('设备数量必须为整数') return redirect(url_for('.insert_contract_subject',id=id)) contract_device = Contract_Device(contract_subject_matter=form.contract_subject_matter.data,model=form.model.data,supplier=form.supplier.data,\ unit_price=form.unit_price.data,device_quantity=form.device_quantity.data,\ settlement_amount=form.settlement_amount.data,\ remarks_contract_device=form.remarks_contract_device.data,\ contract_device=contract) #将表单信息插入devices表 db.session.add(contract_device) db.session.commit() #功能为提交一次合同设备内容,则根据设备数量n提交n个合同设备细项 for i in range(device_quantity): contract_device_number=Contract_Device_Number(serial_number=i+1, contract_device_number=contract_device) db.session.add(contract_device_number) db.session.commit() return redirect(url_for('.insert_contract_device',id=id)) elif form.validate_on_submit() and not current_user.can(Permission.CONTRACT_DEV) : flash('你没有权限写入合同设备') return redirect(url_for('.insert_contract_device',id=id)) contract_devices = Contract_Device.query.filter_by(contract_id=id).order_by(Contract_Device.timestamp.desc()).all() #.filter_by(XXX) return render_template('insert_contract_device.html', form=form, contract=contract,contract_devices=contract_devices)
def question(id): """show the questions""" answerForm = AnswerForm() commentForm = CommentForm() question = Question.query.filter_by(id=id).first_or_404() answer_id = request.args.get('answer_id', -1, type=int) comments = Comment.query.filter_by(answer_id=answer_id).order_by(Comment.timestamp.desc()) answer= Answer.query.filter_by(id=answer_id) if current_user.can(Permission.WRITE_ARTICLES) and \ answerForm.validate_on_submit(): answer = Answer(answer=answerForm.body.data, author=current_user._get_current_object(), authorname=current_user.username, question=question ) db.session.add(answer) return redirect(url_for('.question', id=id)) if current_user.can(Permission.WRITE_ARTICLES) and \ commentForm.validate_on_submit(): comment = Comment(comment=commentForm.body.data, author=current_user._get_current_object(), authorname=current_user.username, answer=answer) db.session.add(answer) return redirect(url_for('.question', id=id)) answers = Answer.query.filter_by(question_id=question.id).order_by(Answer.timestamp.desc()) asker = User.query.filter_by(id=question.author_id).first() return render_template("question.html", question=question, asker=asker, answerForm=answerForm, answers=answers, comments=comments, commentForm=commentForm, answer_id=answer_id)
def read_article(slug): article = Article.query.filter_by(slug=slug).first_or_404() # get the latest article # we have to account for article.ids that have been deleted # we have gaps between some ids index = 1 next_article = Article.query.filter_by(id=article.id + index).first() while next_article is None: index = index + 1 next_article = Article.query.filter_by(id=article.id + index).first() if next_article is not None: break else: next_article = Article.query.filter_by(id=article.id - index).first() # get related articles article_category = Category.query.filter_by(id=article.category_id).first() related_articles = article_category.posts.order_by(Article.post_date.desc()).limit(3) # comment shit comment_form = CommentForm(prefix='comment') if comment_form.validate_on_submit() and comment_form.submit.data: if current_user.can(Permission.COMMENT): comment = Comment( body=comment_form.body.data, author=current_user._get_current_object(), article=article ) db.session.add(comment) flash('Your comment has been posted!') return redirect(url_for('articles.read_article', slug=article.slug)) # elif comment_form.email.data: # flash('an email was entered') else: flash('please login to comment') comments = article.comments.filter_by(reply_to=None).order_by(Comment.timestamp.desc()).limit(20) reply_form = ReplyForm(prefix='reply') if reply_form.validate_on_submit() and reply_form.submit.data: if current_user.can(Permission.COMMENT): og_comment = Comment.query.filter_by(id=reply_form.comment_id.data).first() reply = Comment( body=reply_form.body.data, author=current_user._get_current_object(), article=article, reply_to=og_comment ) db.session.add(reply) flash('hey you posted a reply!') return redirect(url_for('articles.read_article', slug=article.slug)) else: flash('you must login in order to reply') return render_template('articles/view.html', article=article, next_article=next_article, related_articles=related_articles, comment_form=comment_form, comments=comments, reply_form=reply_form)
def moderate_delete(id): comment = Comment.query.get_or_404(id) if( not current_user.can(Permission.MODERATE_COMMENTS) ) and( current_user.id != comment.author_id ) and (current_user.id != Post.query.filter_by(id = comment.post_id).first().author_id): abort(403) else: db.session.delete(comment) db.session.commit() if ( current_user.can(Permission.MODERATE_COMMENTS)): return redirect(url_for('main.moderate', page= request.args.get('page',1,type=int))) else: return redirect(url_for('main.post',id = comment.post_id))
def index(): form = PostForm() page = request.args.get("page", 1, type=int) if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for(".index")) show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get("show_followed", "")) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config["FLASKY_POSTS_PER_PAGE"], error_out=False) posts = pagination.items return render_template("index.html", form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def upload_head(username): # get head_img_name by ajax head_img_name = request.args.get('head_img_name', '', type=str) # get user who is going to change his head_portrait user = User.query.filter_by(username=username).first() # user is None if user is None: flash(u'该用户不存在') return redirect(url_for('main.user_list')) # if you are not admin or self, can't change it if current_user != user and not current_user.can(Permission.ADMINISTER): flash(u'你没有权限修改他人的头像信息') return redirect('main.user', username=user.username) # upload image and get status img_src, status = upload_image('head', head_img_name) if status: # uploaded success tag = u'头像上传成功' # update to db user.head_portrait = img_src db.session.add(user) else: # uploaded failed tag = u'头像上传失败' flash(tag) return jsonify(result=json.dumps({'id':1, }, encoding='utf-8'))
def index(): show_followed = False form = PostForm() page_count = PageCount.query.get_or_404(1) if page_count.count is None: page_count.count = 1 else: page_count.count = int(page_count.count) + 1 flash("Site has experienced a breakdown, inconvenience is regretted! ") if current_user.can( Permission.WRITE_ARTICLE) and form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('main.index')) # posts = Post.query.order_by(Post.timestamp.desc()).all() if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query page = request.args.get('page', 1, type=int) pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POST_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', posts=posts, form=form, pagination=pagination, show_followed=show_followed, count=page_count.count)
def edit_report(id): task = '' if str(id).count('_') == 2: lab_id, st_id, task = str(id).split('_') lab_id = int(lab_id) st_id = int(st_id) else: lab_id, st_id, _, __ = [int(i) for i in str(id).split('_')] if not current_user.can(Permission.ADMIN): if not lab_id in current_user.list_of_labs_to_check(): return render_template('403.html') form = EditReportForm() student = get_student_name(current_app.config['DB'], st_id) report_fname, report = return_report_content(current_app.config['DB'], st_id, lab_id, task, current_app.config) form.report.data = report if form.validate_on_submit(): with open(report_fname, 'w') as report_f: report_f.write(request.form['report']) return redirect( url_for('main.report', id=str(lab_id) + '_' + str(st_id))) return render_template('edit_report.html', lab=lab_id, task=task, student=student, st_id=st_id, report=report, form=form)
def index(): nav = {} # add admin tasks if current_user.can(Permission.ADMINISTRATOR): nav['users'] = _("Users") return render_template('window.html', mainnav=nav.items())
def edit(id): post = Post.query.get_or_404(id) if current_user != post.author and not current_user.can(Permission.ADMINISTER): abort(403) form = EditForm() if form.data['submit']: post.title = form.title.data post.summary = form.summary.data post.body = form.body.data db.session.add(post) flash('The post has been updated.') return redirect(url_for('.post', id=post.id)) if form.data['delete']: db.session.delete(post) flash('The post has been updated.') return redirect(url_for('.index')) #return render_template('edit_post.html', form=form,delete_form=delete_form) if form.data['cancel']: return redirect(url_for('.index')) form.title.data = post.title form.summary.data = post.summary form.body.data = post.body return render_template('edit_post.html', form=form)
def decorated_function(bug_id): bugs = Bugs.get_by_bug_id(bug_id) if not (current_user == bugs.author and \ bugs.status_equal(Bug_Now_Status.CREATED)) and \ not current_user.can(Permission.ADMINISTER): abort(403) return f(bug_id)
def moderate_delete(id): comment = Comment.query.get_or_404(id) if (not current_user.can(Permission.MODERATE_COMMENTS)) and ( current_user.id != comment.author_id) and ( current_user.id != Post.query.filter_by(id=comment.post_id).first().author_id): abort(403) else: db.session.delete(comment) db.session.commit() if (current_user.can(Permission.MODERATE_COMMENTS)): return redirect( url_for('main.moderate', page=request.args.get('page', 1, type=int))) else: return redirect(url_for('main.post', id=comment.post_id))
def edit(id): post = Post.query.get_or_404(id) if post.category_id: category = Category.query.get_or_404(post.category_id) if current_user != post.author and not current_user.can(Permission.ADMINISTER): abort(403) # 这里使用 的 PostForm 表单类和首页中使用的是同一个。 form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.intro = form.intro.data post.body = form.body.data if form.category_name.data: category_name_exists = Category.query.filter_by(category_name=form.category_name.data).first() if not category_name_exists: category = Category(category_name=form.category_name.data) db.session.add(category) db.session.commit() post.category_id = category.id else: post.category_id = category_name_exists.id db.session.add(post) db.session.commit() flash('文章已提交 (。・`ω´・)') return redirect(url_for('.post', id=post.id)) form.title.data = post.title form.intro.data = post.intro form.body.data = post.body if post.category_id: category = Category.query.filter_by(id=post.category.id).first() form.category_name.data = category.category_name return render_template('edit_post.html', form=form)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body = form.body.data, author = current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type = int) #requset.args为请求的查询字符串 #get()中有三个参数,key, default, type #如果没有指定page,默认为1,type = init为了确保若参数无法转换为整数,返回默认值 show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page = current_app.config['FLASKY_POSTS_PER_PAGE'], error_out = False) #Post.timestamp.desc()为按时间戳降序排列 #paginate()方法接受三个参数,起始页,每一页的数目,错误标志,True为404,False为空列表 posts = pagination.items #迭代器,index.html中要用到 return render_template('index.html', form = form, posts = posts, show_followed = show_followed, pagination = pagination)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data,location=form.location.data,name=form.name.data, author=current_user._get_current_object()) db.session.add(post) f = request.files['avatar'] fname = secure_filename(f.filename) if fname != '': UPLOAD_FOLDER = '\\app\\static\\avatar\\' f.save(os.getcwd() + UPLOAD_FOLDER + post.name + "_" + fname) post.real_avatar = post.name + "_" + fname return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) # set show_followed as False first, then get show_followed from cookies show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) # what's followed_posts? the property? # if yes, show followed post, else show all posts if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['BLOG_POSTS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', form=form, posts=posts, pagination=pagination, show_followed=show_followed)
def edit_post(id): post = Post.query.get_or_404(id) if current_user != post.author and \ not current_user.can(Permission.ADMINISTER): abort(403) form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.body = form.body.data post.category = Category.query.get(form.category.data) if form.tags.data: for tag in post.tags.all(): post.tags.remove(tag) for tag in form.tags.data: post.tags.append(tag) else: form.tags.data = post.tags.all() db.session.add(post) db.session.commit() flash(u'文章已更新。') return redirect(url_for('.post', id=post.id)) form.title.data = post.title form.body.data = post.body form.tags.data = post.tags.all() form.category.data = post.category_id return render_template('add_post.html', form=form, title=u'编辑文章')
def _question(): form = request.form.get("postform") if current_user.can(Permission.WRITE_ARTICLES): post = Post(body=form, author=current_user._get_current_object()) db.session.add(post) db.session.commit() return redirect(url_for('.index'))
def _add_comment(): """ajax add comment HTML """ per_page = current_app.config['FLASKY_ANSWERS_PER_PAGE'] id = request.args.get('answer_id') answer = Answer.query.get_or_404(id) comment = request.args.get('comment') answers = Answer.query.get_or_404(id) page = 1 result = False if current_user.can(Permission.COMMENT): comment = Comment(body=comment, author=current_user._get_current_object(), answer_id=id) db.session.add(comment) db.session.commit() page = (answer.comments.count() - 1) / per_page + 1 result = True pagination = Comment.query.order_by( Comment.timestamp).filter_by(answer_id=id).paginate(page, per_page=per_page, error_out=False) macro_comment = get_template_attribute("_comments.html", "render_comments") macro_page = get_template_attribute("_page.html", "render_page") comments = pagination.items return jsonify({ 'result': result, 'comment_html': macro_comment(comments), 'page_html': macro_page(pagination), 'comments_timestamp': [comment.timestamp for comment in comments], 'comments_id': [comment.id for comment in comments] })
def edit(user_id): if current_user.id == user_id or current_user.can( Permission.UPDATE_OTHERS_INFORMATION): the_user = User.query.get_or_404(user_id) form = EditProfileForm() if form.validate_on_submit(): the_user.name = form.name.data the_user.major = form.major.data the_user.headline = form.headline.data the_user.about_me = form.about_me.data db.session.add(the_user) db.session.commit() flash(u'Information updatad', "info") return redirect(url_for('user.detail', user_id=user_id)) form.name.data = the_user.name form.major.data = the_user.major form.headline.data = the_user.headline form.about_me.data = the_user.about_me return render_template('user_edit.html', form=form, user=the_user, title=u"Edit information") else: abort(403)
def post(id): post = Post.query.get_or_404(id) form = CommentForm() if form.validate_on_submit(): comment = Comment(body=form.body.data, post=post, author=current_user._get_current_object()) db.session.add(comment) db.session.commit() flash('Your comment has been published.') return redirect(url_for('main.post', id=post.id) + '#comments') page = request.args.get('page', 1, type=int) if page == -1: page = (post.comments.count() - 1) / current_app.config['FLASKY_COMMENTS_PER_PAGE'] + 1 pagination = post.comments.order_by(Comment.timestamp.asc()).paginate( page, per_page=current_app.config['FLASKY_COMMENTS_PER_PAGE'], error_out=False) comments = pagination.items if current_user.is_anonymous: moderate = False else: if current_user.id == post.author_id or current_user.can( Permission.MODERATE_COMMENTS): moderate = True else: moderate = False return render_template('main/articles.html', posts=[post], form=form, comments=comments, pagination=pagination, moderate_set=moderate)
def delete_post_confirm(id): post = Post.query.get_or_404(id) if current_user != post.author and not current_user.can(Permission.ADMINISTER): abort(403) db.session.delete(post) db.session.commit() return redirect(url_for('main.index'))
def search(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query # search key values search_data = g.search_form.search.data if not search_data: search_data = request.args.get('search') if search_data: query = query.filter(Post.body.like('%{0}%'.format(search_data.encode('utf-8')))) pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', form=form, search_form=g.search_form, search_data=search_data, posts=posts, show_followed=show_followed, pagination=pagination)
def index(): form = PostForm() user = User() message = Message() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data,head=form.head.data, author=current_user._get_current_object()) #内容、标题、作者 db.session.add(post) flash("博客已发布") return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items[:] #分页显示 return render_template('index.html', form=form, posts=posts,user=current_user,message=message, show_followed=show_followed, pagination=pagination,current_time=datetime.utcnow())
def unanswer(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query print query.filter(Post.comments).count() print type(Post.comments) pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items # list topic topic_query = Topic.query.filter(Topic.id == TopicMapping.topic_id) topic_pagination = topic_query.order_by(Topic.add_time.asc()).paginate( 1, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'] * 5, error_out=False) topics = topic_pagination.items return render_template('unanswer.html', form=form, search_form=g.search_form, posts=posts, topics=topics, show_followed=show_followed, pagination=pagination)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) # redirs within blueprint can use this form, across needs 'bpname.index' page = request.args.get('page',1, type=int) # request's query string is available as request.args. When explicit # page isn't given, default=1. type=int ensures will be int. show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed','')) # choice of showing all or none stored in cookie # called show_followed. When set to nonempty string means only followed posts should be shown. # Cookies are stored in request obj as a request.cookies dict. # String val of cookie converted to Boolean if show_followed: query = current_user.followed_posts # uses user's followed posts property. else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) # paginate obj takes page num # as first required arg, then optional per_page defaults to 20 or whatever is config'd. Error_out: True issues 404 # if a page outside valid range requested, error_out:Flase returns empty list. looks like ?page=2. #posts = Post.query.order_by(Post.timestamp.desc()).all() # loads all posts posts = pagination.items return render_template('index.html', form=form, pagination=pagination, posts = posts, current_time = datetime.utcnow(), show_followed=show_followed)
def index(): form = QuestionForm() if current_user.can(Permission.ASK) and form.validate_on_submit(): question = Question(body=form.body.data, detail=form.detail.data, author=current_user._get_current_object()) db.session.add(question) db.session.flush() question_activity = Activity( verb="asked", object=question, actor_id=current_user.id, timestamp=question.timestamp ) db.session.add(question_activity) return redirect(url_for(".index")) page = request.args.get("page", 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get("show_followed", "")) if show_followed: query = current_user.followed_activities else: query = Activity.query pagination = query.order_by(Activity.timestamp.desc()).paginate( page, per_page=current_app.config["FLASKQ_ACTIVITIES_PER_PAGE"], error_out=False ) activities = pagination.items comment_form = CommentForm() return render_template( "index.html", form=form, activities=activities, show_followed=show_followed, pagination=pagination, comment_form=comment_form, )
def index(): from utils import cheese cheese() form = PostForm() if current_user.can( Permission.WRITE_ARTICLES) and form.validate_on_submit(): post = Post(body=form.body.data, author_id=current_user.id) #post.on_changed_body() db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def index(): form = PostForm() user = User() message = Message() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, head=form.head.data, author=current_user._get_current_object()) #内容、标题、作者 db.session.add(post) flash("博客已发布") return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items[:] #分页显示 return render_template('index.html', form=form, posts=posts, user=current_user, message=message, show_followed=show_followed, pagination=pagination, current_time=datetime.utcnow())
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) #requset.args为请求的查询字符串 #get()中有三个参数,key, default, type #如果没有指定page,默认为1,type = init为了确保若参数无法转换为整数,返回默认值 show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) #Post.timestamp.desc()为按时间戳降序排列 #paginate()方法接受三个参数,起始页,每一页的数目,错误标志,True为404,False为空列表 posts = pagination.items #迭代器,index.html中要用到 return render_template('index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def write_post(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit(): post = Post(title=form.title.data, body=form.body.data,author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('main.index', posts=[post])) return render_template('write_post.html', form=form)
def tags(): search_tags = request.args.get('search', None) page = request.args.get('page', 1, type=int) the_tags = Tag.query.outerjoin(book_tag).group_by( book_tag.c.tag_id).order_by(db.func.count( book_tag.c.book_id).desc()).limit(30).all() search_form = SearchForm() search_form.search.data = search_tags data = None pagination = None if search_tags: tags_list = [ s.strip() for s in search_tags.split(',') if len(s.strip()) > 0 ] if len(tags_list) > 0: the_books = Book.query if not current_user.can(Permission.UPDATE_BOOK_INFORMATION): the_books = Book.query.filter_by(hidden=0) the_books = the_books.filter( db.and_(*[ Book.tags.any(Tag.name.ilike(word)) for word in tags_list ])).outerjoin(Log).group_by(Book.id).order_by( db.func.count(Log.id).desc()) pagination = the_books.paginate(page, per_page=8) data = pagination.items return render_template('book_tag.html', tags=the_tags, title='Tags', search_form=search_form, books=data, pagination=pagination)
def index(): form = QuestionForm() if current_user.can(Permission.ASK) and \ form.validate_on_submit(): question = Question(body=form.body.data, detail=form.detail.data, author=current_user._get_current_object()) db.session.add(question) db.session.flush() question_activity = Activity(verb='asked', object=question, actor_id=current_user.id, timestamp=question.timestamp) db.session.add(question_activity) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_activities else: query = Activity.query pagination = query.order_by(Activity.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKQ_ACTIVITIES_PER_PAGE'], error_out=False) activities = pagination.items comment_form = CommentForm() return render_template('index.html', form=form, activities=activities, show_followed=show_followed, pagination=pagination, comment_form=comment_form)
def index(): search_word = request.args.get('search', None) search_form = SearchForm() page = request.args.get('page', 1, type=int) the_books = Book.query if not current_user.can(Permission.UPDATE_BOOK_INFORMATION): the_books = Book.query.filter_by(hidden=0) if search_word: search_word = search_word.strip() the_books = the_books.filter( db.or_(Book.title.ilike(u"%%%s%%" % search_word), Book.author.ilike(u"%%%s%%" % search_word), Book.isbn.ilike(u"%%%s%%" % search_word), Book.tags.any(Tag.name.ilike(u"%%%s%%" % search_word)), Book.subtitle.ilike( u"%%%s%%" % search_word))).outerjoin(Log).group_by( Book.id).order_by(db.func.count(Log.id).desc()) search_form.search.data = search_word else: the_books = Book.query.order_by(Book.id.desc()) pagination = the_books.paginate(page, per_page=8) result_books = pagination.items return render_template("book.html", books=result_books, pagination=pagination, search_form=search_form, title=u"书籍清单")
def show_quiz(id): form = None quiz = Quiz.query.get_or_404(id) if current_user.can(Permission.MANAGE_QUIZ): is_moderator = True form = CreateTaskForm() return render_template("quiz.html", quiz=quiz, is_moderator=is_moderator, form=form)
def index(): form = QuestionForm() if current_user.can(Permission.WRITE_QUESTIONS) and form.validate_on_submit(): question = Question(body=form.body.data, content=form.content.data, author=current_user._get_current_object()) db.session.add(question) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = 0 session['act'] = u'提出' if current_user.is_authenticated: show_followed = int(request.cookies.get('show_followed', '0')) if show_followed == 1: query = current_user.followed_questions elif show_followed == 2: query = current_user.followed_replys session['act'] = u'回答' pagination = query.order_by(Reply.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_REPLYS_PER_PAGE'], error_out=False) replys = pagination.items return render_template('index.html', form=form, replys=replys, show_followed=show_followed, pagination=pagination, act=session.get('act')) else: query = Question.query pagination = query.order_by(Question.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_QUESTIONS_PER_PAGE'], error_out=False) questions = pagination.items return render_template('index.html', form=form, questions=questions, show_followed=show_followed, pagination=pagination, act=session.get('act'))
def question(id): """ Shows question description etc, and maybe also creator info. Also has answer question form Todo: Delete button. Should it be a simple button with a POST and refresh, or should it be a form? :param id: :return: """ form = CreateAnswerForm() question = Question.query.get_or_404(id) # get gets things based on primary key, otherwise use .filter_by if form.validate_on_submit() and current_user.can(Permission.CREATE): # Add answer answer = Answer(author=current_user._get_current_object(), question=question, content=form.answer.data) db.session.add(answer) db.session.commit() return redirect(url_for('main.question', id=id)) elif form.validate_on_submit() and current_app.has_answered(id=id): # just in case flash("Sorry, you can't answer a question more than once") return redirect(url_for('main.question', id=id)) elif not question.visible and not current_user.is_administrator(): # just in case flash("That page isn't ready for the public yet, sorry!") return redirect(url_for("main.index")) else: creator = User.query.filter_by(id=question.creator_id).first() if question.solved: accepted = Answer.query.get_or_404(question.accepted_id) else: accepted = None # some way to find if a user has already answered the question return render_template("question.html", creator=creator, id=id, form=form, Permission=Permission, question=question, a=accepted)
def wrapper(*args, **kwargs): if not current_user.can(permission): abort(403) ''' 要return,否则会出现View function did not return a response错误 ''' return func(*args, **kwargs)
def new(): form = PostForm() if not current_user.can(Permission.WRITE_ARTICLES): abort(403) if form.validate_on_submit(): post = Post(body=form.body.data, title=form.title.data, viewed_count=0, author=current_user._get_current_object(), tags_txt=form.tags.data) db.session.add(post) tags = form.tags.data.split(';') for tag in tags: ttag = Tag.query.filter_by(content=tag).first() if ttag is not None: ttag.refer_count = ttag.refer_count + 1 else: ttag = Tag(content=tag, refer_count=1) post_tag = PostTag(post=post, tag=ttag) db.session.add(ttag) db.session.add(post_tag) flash(messages.post_create_ok) db.session.commit() return redirect(url_for('main.index', shows='home')) if None == form.body.data: form.body.data = '# 标题\n\n内容' if None == form.title.data: form.title.data = '输入博文名字' if None == form.tags.data: form.tags.data = '标签通过;隔开。' return render_template('edit.html', form=form)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) ## db.session.commit() return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', ''))#????????????? if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and \ form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object() ) #这里要用真正的用户对象因此调用_get_current_object()方法 db.session.add(post) return redirect(url_for('.index')) page = request.args.get( 'page', 1, type=int) #这里得到的是一个int型,也就是一个数字,默认1,1代表这个路由渲染第一页,当然也可以改成其他页 show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) #传入渲染的页数和每页的纪录数 #可选参数为 error_ out,当其设为 True 时(默认值),如果请求的页数超出了范围,则会返回 404 错误;如果 设为 False,页数超出范围时会返回一个空列表。 posts = pagination.items return render_template('index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def post_article(): if not current_user.can(Permission.WRITE_ARTICLES): abort(403) form = PostForm() if form.validate_on_submit(): #filter cover img coverFile = request.files['cover'] if coverFile and allowed_file(coverFile.filename): filename = secure_filename(coverFile.filename) coverFile.save(os.path.join(UPLOAD_FOLDER, filename)) cover = url_for('static', filename="upload/" + filename) else: body = form.editor1.data cover = re.findall(r"<img.+src=[\"|\']([^=]+)[\"|\'] *.*>", body) if len(cover) == 0: abort(403) else: cover = cover[0] post = Post(title=form.title.data, abstract=form.abstract.data, cover=cover, body=form.editor1.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('main.index')) return render_template('post_article.html', form=form)
def index(): form = PostForm() if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) # Выбор между отображением всех сообщений или только пренадлежащих # зарегистрированным пользователям. Берется из кук # per_page - число элементов на странице show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query # pagination = query.order_by( # Post.timestamp.desc() # ).paginate(page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) pagination = query.order_by( Post.timestamp.desc() ).paginate(page, per_page=20, error_out=False) posts = pagination.items return render_template( 'index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination )
def index(): #return render_template('index.html') form = PostForm() if current_user.can( Permission.WRITE_ARTICLES) and form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) page = request.args.get('page', 1, type=int) show_followed = False if current_user.is_authenticated: show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config.get('FLASK_POSTS_PER_PAGE', 10), error_out=False) #posts = Post.query.order_by(Post.timestamp.desc()).all() posts = pagination.items return render_template('index.html', form=form, posts=posts, Permission=Permission, pagination=pagination, show_followed=show_followed)
def index(): form = PostForm() #检查当前用户是否有写文章的权限 if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit(): post = Post(body=form.body.data, author=current_user._get_current_object()) db.session.add(post) return redirect(url_for('.index')) #posts = Post.query.order_by(Post.timestamp.desc()).all() #按时间戳进行降序排序(大到小排序) #return render_template('index.html', form=form, posts=posts) #分页(默认20条记录 paginate()方法 配置文件FLASKY_POSTS_PER_PAGE = 20 ) page = request.args.get('page', 1, type=int) # 显示所有博客文章 或 只显示所关注用户的博客文章 show_followed = False #默认显示所有文章 #如果cookie的show_followed字段中有值,则显示所关注用户的文章 if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts #限制只显示所关注用户的文章 else: query = Post.query #显示所有文章 #pagination = Post.query.order_by(Post.timestamp.desc()).paginate(page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) pagination = query.order_by(Post.timestamp.desc()).paginate(page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items #return render_template('index.html', form=form, posts=posts, pagination=pagination) return render_template('index.html', form=form, posts=posts, show_followed=show_followed, pagination=pagination)
def _add_comment(): """ajax add comment HTML """ per_page = current_app.config['FLASKY_ANSWERS_PER_PAGE'] id = request.args.get('answer_id') answer = Answer.query.get_or_404(id) comment =request.args.get('comment') answers = Answer.query.get_or_404(id) page = 1 result= False if current_user.can(Permission.COMMENT): comment = Comment(body=comment, author=current_user._get_current_object(), answer_id=id) db.session.add(comment) db.session.commit() page = (answer.comments.count()-1)/per_page + 1 result=True pagination = Comment.query.order_by(Comment.timestamp).filter_by(answer_id=id).paginate( page,per_page=per_page,error_out=False ) macro_comment = get_template_attribute("_comments.html", "render_comments") macro_page = get_template_attribute("_page.html", "render_page") comments = pagination.items return jsonify({'result': result, 'comment_html': macro_comment(comments), 'page_html': macro_page(pagination), 'comments_timestamp': [comment.timestamp for comment in comments], 'comments_id': [comment.id for comment in comments] })
def post(id): post = Post.query.get_or_404(id) post.viewed_count = post.viewed_count + 1 db.session.add(post) form = CommentForm() if not current_user.can(Permission.COMMENT): flash(messages.comment_cannot_access) else: if form.validate_on_submit(): comment = Comment(author_id=current_user.id, body=form.comment.data, post=post, agree_count=0, disagree_count=0) db.session.add(comment) db.session.commit() page = request.args.get('page', 1, type=int) pagination = Comment.query.filter_by(post_id=post.id).order_by( Comment.timestamp.desc()).paginate( page, per_page=current_app.config['COMMENTS_PER_PAGE'], error_out=False) comments = pagination.items return render_template('post.html', form=form, post=post, comments=comments, pagination=pagination)
def delete_sure(id): post = Post.query.get_or_404(id) if current_user != post.author and \ not current_user.can(Permission.ADMINISTER): abort(404) db.session.delete(post) return redirect(url_for('.index'))
def index(): form = PostForm() if form.validate_on_submit() and \ current_user.can(Permission.WRITE_ARTICLES): new_post = Post() new_post.body = form.body.data new_post.author = current_user._get_current_object() db.session.add(new_post) return redirect(url_for("main.index")) show_followed = False if current_user.is_authenticated(): show_followed = bool(request.cookies.get('show_followed', '')) if show_followed: query = current_user.followed_posts else: query = Post.query page = request.args.get('page', 1, type=int) pagination = query.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('index.html', form=form, posts=posts, pagination=pagination, showfollowed=show_followed)
def postdel(id): post = Post.query.get_or_404(id) if current_user != post.author and not current_user.can(Permission.ADMINISTER): abort(403) db.session.delete(post) db.session.commit() flash('The post has been deleted.') return redirect( url_for('.index') )
def delete(id): question = Question.query.get_or_404(id) if current_user != question.author and not current_user.can(Permission.ADMINISTER): abort(403) q = Question.query.filter_by(id=id).first() Potoca.query.filter_by(question_id=id).delete(synchronize_session=False) db.session.delete(q) return redirect(url_for('.index'))
def post_delete(id): post = Post.query.get_or_404(id) if current_user != post.author and \ not current_user.can(Permission.ADMINISTER): about(403) post.delete() flash(u'文章已删除') return redirect(url_for('.index'))
def delete(id): post = Post.query.get_or_404(id) if current_user != post.author and \ not current_user.can(Permission.ADMINISTER): abort(403) u = post.author Post.delete(post) return redirect(url_for('user.profile', username=u.username))
def delete_post(id): post = Post.query.get_or_404(id) if current_user !=post.author and not current_user.can(Permission.ADMINISTER): abort(403) db.session.delete(post) db.session.commit() flash('文章已被删除') return redirect(url_for('.index'))
def delete(id): post = Post.query.get_or_404(id) if current_user == post.author or \ current_user.can(Permission.ADMINISTER): db.session.delete(post) db.session.commit() flash(u'文章已删除!') return redirect(url_for('.user', username=current_user.username)) return redirect(url_for('.post', id=post.id))