def comment_edit(comment_id): comment = Comment.get_comment(comment_id) user = user_from_session_token() if not user: return redirect(url_for('auth.login')) elif comment.author.id != user.id: return "You can only edit your own comments!" if request.method == "GET": csrf_token = set_csrf_token(username=user.username) return render_template("comment/comment_edit.html", comment=comment, csrf_token=csrf_token) elif request.method == "POST": text = request.form.get("text") csrf = request.form.get("csrf") if is_valid_csrf(csrf, user.username): comment.text = text db.add(comment) db.commit() return redirect( url_for('topic.topic_details', topic_id=comment.topic.id)) else: return "CSRF error: tokens don't match!"
def comment_delete(comment_id): comment = Comment.get_comment(comment_id) user = user_from_session_token() if not user: return redirect(url_for('auth.login')) elif comment.author.id != user.id: return "You can only delete your own comments!" csrf = request.form.get("csrf") if is_valid_csrf(csrf, user.username): topic_id = comment.topic.id db.delete(comment) db.commit() return redirect(url_for('topic.topic_details', topic_id=topic_id)) else: return "CSRF error: tokens don't match!"