def topic_create():
# get current user (author)
user = user_from_session_token()
if request.method == "GET":
csrf_token = set_csrf_token(
username=user.username) # create CSRF token
return render_template("topic/create.html", csrf_token=csrf_token)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
csrf = request.form.get("csrf") # csrf from HTML
# only logged in users can create a topic
if not user:
return redirect(url_for('login'))
if not is_valid_csrf(csrf=csrf, username=user.username):
return "CSRF token is not valid!"
# create a Topic object
Topic.create(title=title, text=text, author=user)
return redirect(url_for('index'))
def comment_edit(comment_id):
comment = Comment.get_comment(comment_id)
user = user_from_session_token()
if not user:
return redirect(url_for('auth.login'))
elif comment.author.id != user.id:
return "You can only edit your own comments!"
if request.method == "GET":
csrf_token = set_csrf_token(username=user.username)
return render_template("comment/comment_edit.html",
comment=comment,
csrf_token=csrf_token)
elif request.method == "POST":
text = request.form.get("text")
csrf = request.form.get("csrf")
if is_valid_csrf(csrf, user.username):
comment.text = text
db.add(comment)
db.commit()
return redirect(
url_for('topic.topic_details', topic_id=comment.topic.id))
else:
return "CSRF error: tokens don't match!"
def topic_details(topic_id):
user = user_from_session_token()
topic = Topic.read(topic_id)
comments = Comment.read_all(topic)
csrf_token = set_csrf_token(username=user.username)
return render_template("topic/topic_details.html",
topic=topic,
user=user,
csrf_token=csrf_token,
comments=comments)
def topic_details(topic_id):
user = user_from_session_token()
topic = Topic.read(topic_id)
comments = Comment.read_all(topic)
csrf_token = set_csrf_token(username=user.username)
# START test background tasks (TODO: delete this code later)
# if os.getenv('REDIS_URL'):
# from tasks import get_random_num
# get_random_num()
# END test background tasks
return render_template("topic/details.html",
topic=topic,
user=user,
comments=comments,
csrf_token=csrf_token)
def topic_create():
user = user_from_session_token()
if request.method == "GET":
csrf_token = set_csrf_token(username=user.username)
return render_template("topic/create.html", csrf_token=csrf_token)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
csrf = request.form.get("csrf")
if not user:
return redirect(url_for('login'))
if not is_valid_csrf(csrf=csrf, username=user.username):
return "CSRF token is not valid!"
Topic.create(title=title, text=text, author=user)
return redirect(url_for('index'))
def topic_edit(topic_id):
topic = db.query(Topic).get(int(topic_id))
user = user_from_session_token()
if request.method == "GET":
csrf_token = set_csrf_token(username=user.username)
return render_template("topic/edit.html",
topic=topic,
csrf_token=csrf_token)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
if not user:
return redirect(url_for('login'))
elif topic.author.id != user.id:
return "You are not the author!"
else:
Topic.update(topic_id, title, text)
return redirect(url_for('topic.topic_details', topic_id=topic_id))