def account(username):
if current_user.username != username:
abort(403)
form = DeleteAccountForm()
user = User.objects(username=username).first_or_404()
return render_template("users/account.html",
user=user,
form=form,
title="Account")
def dashboard():
if current_user.username != "admin":
abort(403)
users = User.objects()
posts = Post.objects()
categories = Categories.objects()
return render_template("admin/dashboard.html",
title="Dashboard",
users=users,
posts=posts,
categories=categories,)
def users_posts(username):
categories = Categories.objects()
form = SearchForm()
page = request.args.get('page', 1, type=int)
user = User.objects(username=username).first_or_404()
posts = Post.objects(author=user.id).order_by("-date_posted").paginate(
page=page, per_page=4)
return render_template("users/users_posts.html",
title=f"{user.username}'s Posts",
posts=posts,
heading=f"{user.username}'s Posts",
form=form,
categories=categories,
user=user)
def delete_account(username):
if request.method == "POST":
# find user in database and delete their details
user = User.objects(username=username).first()
posts = Post.objects(author=user)
comments = Comment.objects(comment_author=user)
user.delete()
posts.delete()
comments.delete()
flash("Account deleted successfully", "success")
return redirect(url_for("main.home"))
# if the users types this route into the url it will
# give an error so the account can only be deleted from the modal form
# on the users account page.
return abort(403)
def login():
# if the user has logged in and gets to
# this route they will be redirected home
if current_user.is_authenticated:
return redirect(url_for("posts.all_posts"))
form = LoginForm()
if form.validate_on_submit():
# Finds the user in the database by their username
user = User.objects(username=form.username.data).first()
# if user exists use bycrpt check passsword hashes
# function to check the passwords match
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember_user.data)
flash("You've been logged in successfully", "success")
return redirect(url_for("posts.all_posts"))
# if no user exists or wrong details lets
# user know and directs them back to the login page
else:
flash("Login Unsuccessful. Please check login details", "errors")
return redirect(url_for("users.login"))
return render_template("users/login.html", title="Login", form=form)
def validate_email(self, email):
if email.data != current_user.email:
user = User.objects(email=email.data).first()
if user is not None:
raise ValidationError("Email already in use.\
Please try another")
def validate_username(self, username):
if username.data != current_user.username:
user = User.objects(username=username.data).first()
if user is not None:
raise ValidationError("Username already in use.\
Please try another")
def validate_email(self, email):
user = User.objects(email=email.data).first()
if user is not None:
raise ValidationError("Email already signedup.")
def validate_username(self, username):
user = User.objects(username=username.data).first()
if user is not None:
raise ValidationError("Username already signedup.")