def delete(comment_id): # comment_id = int(request.args.get('id')) t = Comment.find_by(id=comment_id) Comment.check_id(id=comment_id) Comment.remove(comment_id) # 不管如何,都需要返回json的数据,为了触发ajax中回调函数 return jsonify(t.json())
def comment_delete(request): u = current_user(request) comment_id = int(request.query.get('id', -1)) comment = Comment.find_by(id=comment_id) weibo = Weibo.find_by(id=comment.weibo_id) # 若当前用户为 comment 作者 或 相应的微博作者,允许删除 if u.id in (comment.user_id, weibo.user_id): comment.delete(comment.id) return redirect('/weibo/index?user_id={}'.format(u.id)) # 否则直接重定向到当前用户微博页面 else: return redirect('/weibo/index?user_id={}'.format(u.id))
def comment_update(request): u = current_user(request) comment_id = int(request.form().get('id', -1)) comment = Comment.find_by(id=comment_id) # 若当前用户为 comment 作者,允许更新 if comment.user_id == u.id: comment.content = request.form().get('content') comment.save() return redirect('/weibo/index?user_id={}'.format(comment.user_id)) # 否则返回 404 错误 else: return error(request)
def f(request): u = current_user(request) if 'id' in request.query: weibo_id = request.query['id'] else: weibo_id = request.json()['id'] c = Comment.find_by(id=int(weibo_id)) if c.user_id == u.id: return route_function(request) else: result = dict(message="fail") return json_response(result)
def f(request): log('comment_owner_required') u = current_user(request) comment = request.json() w = Weibo.find_by(id=int(comment['weibo_id'])) c = Comment.find_by(id=int(comment['id'])) if u.id != w.user_id and u.id != c.user_id: d = dict(message="无权操作") return json_response(d) else: log('评论更新', route_function) return route_function(request)
def comment_edit(request): u = current_user(request) comment_id = int(request.query.get('id', -1)) comment = Comment.find_by(id=comment_id) # 若当前用户为 comment 的作者,允许修改 if comment.user_id == u.id: body = template('comment_edit.html', id=comment.id, content=comment.content) return http_response(body) # 否则重定向到用户微博的主页 else: return redirect('/weibo/index?user_id={}'.format(comment.user_id))
def f(request): u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: comment_id = request.json()['id'] c = Comment.find_by(id=int(comment_id)) if c.user_id == u.id: return route_function(request) else: d = dict(message="403") return json_response(d)
def f(request): log('same_user_required_update') u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: comment_id = request.form()['id'] c = Comment.find_by(id=int(comment_id)) # 只有comment的拥有者可修改 if c.user_id == u.id: return route_function(request) else: return redirect('/weibo/index')
def wrapper(request): u = current_user(request) if 'weibo_id' in request.query and 'comment_id' in request.query: weibo_id = request.query['weibo_id'] comment_id = request.query['comment_id'] else: weibo_id = request.form()['weibo_id'] comment_id = request.form()['comment_id'] w = Weibo.one(id=int(weibo_id)) c = Comment.find_by(id=int(comment_id)) if w.user_id == u.id or c.user_id == u.id: return route_function(request) else: return redirect('/weibo/index')
def f(request): if 'id' in request.query: comment_id = int(request.query['id']) else: form = request.json() comment_id = int(form['id']) comment = Comment.find_by(id=comment_id) u = current_user(request) if u.id == comment.user_id: return api_function(request) else: d = dict(status=410, message="权限不足,请求无法执行") return json_response(d)
def f(): log('same_user_required') u = current_user() if 'id' in request.args: comment_id = request.args['id'] else: comment_id = request.get_json()['id'] c = Comment.find_by(id=int(comment_id)) w = Weibo.find_by(id=int(c.weibo_id)) log(comment_id, u.id, c.user_id) if c.user_id == u.id or w.user_id == u.id: return route_function() else: return redirect(url_for('weibo.index'))
def f(request): log('same_user_required_update') u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: comment_id = request.form()['id'] c = Comment.find_by(id=int(comment_id)) w = Weibo.find_by(id=c.weibo_id) # comment的拥有者或者comment所属weibo的发布者可删 if u.id in [c.user_id, w.user_id]: return route_function(request) else: return redirect('/weibo/index')
def f(request): u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: form = request.json() comment_id = form['id'] c = Comment.find_by(id=int(comment_id)) w = Weibo.find_by(id=c.weibo_id) if c.user_id == u.id or w.user_id == u.id: return route_function(request) else: d = dict(message="权限不足") return json_response(d)
def f(): u = current_user() if 'id' in request.args: comment_id = request.args['id'] else: comment_id = request.get_json()['id'] c = Comment.find_by(id=int(comment_id)) w = Weibo.find_by(id=c.weibo_id) if c.user_id == u.id: return route_function() elif w.user_id == u.id: return route_function() else: d = dict(message="用户无权限") return jsonify(d)
def f(): if 'id' in request.args: log('if true', request.args) comment_id = int(request.args['id']) else: log('if false') form: dict = request.json comment_id = int(form.get('id')) u = current_user() c = Comment.find_by(id=comment_id) w = Weibo.find_by(id=c.weibo_id) if c.user_id == u.id or w.user_id == u.id: return route_function() else: d = dict(remove=False, message="权限不足") return jsonify(d)
def f(request): u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: comment_id = request.json()['id'] c = Comment.find_by(id=int(comment_id)) weibo_id = c.weibo_id weibo = Weibo.find_by(id=int(weibo_id)) weibo_user_id = weibo.user_id error = {} if (c.user_id == u.id) or (weibo_user_id == u.id): return route_function(request) else: error['error_message'] = "权限不足:不是此微博或此评论用户" return json_response(error)
def f(request): log('comment_owner_required') u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: comment_id = request.json()['id'] c = Comment.find_by(id=int(comment_id)) w = Weibo.find_by(id=int(c.weibo_id)) if c.user_id == u.id: return route_function(request) elif w.user_id == u.id: return route_function(request) else: return error(request)
def f(request): log('comment_owner_required') u = current_user(request) if 'id' in request.query: comment_id = int(request.query['id']) else: form = request.json() comment_id = int(form['id']) t = Comment.find_by(id=comment_id) weibo_id = t.weibo_id w = Weibo.find_by(id=weibo_id) if t.user_id == u.id or w.user_id == u.id: return route_function(request) else: d = dict(message="还想改别人的评论?") return json_response(d)
def f(request): # log('weibo_owner_required') # 获取评论id form = request.form() if 'cid' in request.query: c_id = request.query['cid'] elif 'cid' in form: c_id = form['cid'] else: return redirect('/weibo/index') # 比对user id c = Comment.find_by(id=int(c_id)) u = current_user(request) if c.user_id == u.id: return route_function(request) else: return redirect('/weibo/index')
def f(): u = current_user() if 'id' in request.args: comment_id = request.args['id'] else: form = request.get_json() log('comment form', form) comment_id = form['id'] c = Comment.find_by(id=int(comment_id)) weibo_id = c.weibo_id w = Weibo.find_by(id=int(weibo_id)) # 用户id和评论用户id一致或与微博所有者id一致则可执行 if c.user_id == u.id or w.user_id == u.id: return route_function() else: d = dict( message="您没有此操作的权限!" ) return jsonify(d)
def comment_edit(request): c_id = int(request.query['cid']) c = Comment.find_by(id=c_id) return html_response('comment_edit.html', comment=c)
def edit(request): comment_id = int(request.query['id']) c = Comment.find_by(id=comment_id) body = RenderTemplate.render('comment_edit.html', comment=c) return html_response(body)