def delete(thread, cid): """Delete a comment.""" if not Comment.is_editable(thread, cid): flash("Permission denied; maybe you need to log in?") return redirect(url_for("account.login")) url = request.args.get("url") Comment.delete_comment(thread, cid) flash("Comment deleted!") return redirect(url or url_for("index"))
def quick_delete(token): """Quick-delete a comment. This is for the site admins: when a comment is posted, the admins' version of the email contains a quick deletion link in case of spam. The ``token`` here is in relation to that. It's a signed hash via ``itsdangerous`` using the site's secret key so that users can't forge their own tokens. """ data = Comment.validate_quick_delete_token(token) if data is None: flash("Permission denied: token not valid.") return redirect(url_for("index")) url = request.args.get("url") Comment.delete_comment(data["t"], data["c"]) flash("Comment has been quick-deleted!") return redirect(url or url_for("index"))
def delete(thread, cid): """Delete a comment.""" url = request.args.get("url") Comment.delete_comment(thread, cid) flash("Comment deleted!") return redirect(url or url_for("index"))