Exemplo n.º 1
0
def moderatePostsDisable(id):
    if not current_user.admin():
        abort(403)
    post = Post.query.get_or_404(id)
    post.disabled = True
    flash("Post is disabled.", 'success')
    return redirect(url_for('.moderatePosts'))
Exemplo n.º 2
0
def editProfileAdmin(id):
    # Retrieve user or 404 code
    user = User.query.get_or_404(id)

    if current_user.username != user.username and not current_user.admin():
        abort(403)
    # Create form object
    form = EditProfile()

    # If request method is POST (the form was submitted)
    if request.method == "POST":
        if checkBtn("cancel", form):
            # If cancel button is pressed, issue a redirect to profile page
            return redirect(url_for('.profile', username=user.username))
        elif checkBtn("submit", form):
            # If submit button is pressed, update about me.
            user.about_me = form.about_me.data

            # Flash message
            flash("The profile has been successfully updated.", 'success')

            # Issue redirect
            return redirect(url_for('.profile', username=user.username))
    # Set initial value
    form.about_me.data = user.about_me

    # Render template
    return render_template("blog/editProfile.html",
                           title="Blog - User's Profile",
                           year=year,
                           form=form,
                           user=user)
Exemplo n.º 3
0
def editComment(id):
    # Get comment from database (if it doesn't exist return 404 code)
    comment = Comment.query.filter_by(id=id).first_or_404()

    # Create form object
    form = CommentForm()

    # Issue 403 or forbidden code if user is not owner and is not administrator
    if current_user.username != comment.author.username and not current_user.admin(
    ):
        abort(403)

    # If request method is POST (form submitted)
    if request.method == "POST":
        if checkBtn("cancel", form):
            # If cancel btn was pressed, return redirect to comment's post (don't forget to go to comments part of the post)
            return redirect(url_for('.post', id=comment.post.id) + '#comments')
        elif checkBtn("submit", form):
            # If submit was pressed, update content of comment and redirect back
            comment.body = form.body.data
            return redirect(url_for('.post', id=comment.post.id) + '#comments')

    # Set initial values
    form.body.data = comment.body

    # Render template
    return render_template("blog/editComment.html",
                           title="Edit Comment for post " + comment.post.title,
                           year=year,
                           comment=comment,
                           form=form)
Exemplo n.º 4
0
def posts(username):
    # Get pagination page.
    page = request.args.get("page", 1, type=int)

    # Get the user from the database and if the username doesn't exist,
    # return a 404 error code.
    user = User.query.filter_by(username=username).first_or_404()

    # Create pagination object.
    pagination = Post.query.order_by(
        Post.date_posted.desc()).filter_by(author=user)

    if not user.id == current_user.id and not current_user.admin():
        pagination = pagination.filter_by(disabled=False, published=True)

    pagination = pagination.paginate(
        page, per_page=current_app.config["ITEMS_PER_PAGE"], error_out=True)

    # Get the Post objects out of the paginated results
    posts = pagination.items

    # Render a template that is like the index page but slightly different (no search)
    first_letter = username[0].upper()
    username = first_letter + username[1:]
    return render_template("blog/someonesPosts.html",
                           title="Blog - %s's posts" % username,
                           year=year,
                           posts=posts,
                           pagination=pagination,
                           user=user)
Exemplo n.º 5
0
def edit(id):
    project = Project.query.get_or_404(id)
    if not current_user.admin() and project.author.username != current_user.username:
        abort(403)
    form = ProjectForm()
    defaultOption = int(project.status)
    if form.validate_on_submit():
        project.title = form.title.data
        project.description = form.description.data
        project.vid_url = form.vid_url.data
        project.parts = form.parts.data
        project.steps = form.steps.data
        project.status = form.status.data
        project.code = form.code.data
        project.document_html = generate_document_html(project)
        if int(form.status.data) != defaultOption and int(form.status.data) == 1:
            flash("You have now published your project! Now everyone (including users that are not logged in) can see it!", 'success')
            flash("If at any time you want to make it a Draft again, then click on Draft!", 'info')
        db.session.add(project)
        db.session.commit()
        return redirect(url_for('.edit', id=project.id))
    form.status.default = defaultOption
    form.process()
    form.title.data = project.title
    form.description.data = project.description
    form.vid_url.data = project.vid_url
    form.parts.data = project.parts
    form.steps.data = project.steps
    form.code.data = project.code
    return render_template('projects/edit.html', title="Projects - Edit Project", year=year, form=form, project=project)
Exemplo n.º 6
0
def getPagination(page):
    pagination = Post.query.order_by(Post.date_posted.desc()).filter(
        ((Post.disabled == False) & (Post.published == True))
        | (Post.author_id == current_user.id) | current_user.admin()).paginate(
            page,
            per_page=current_app.config["ITEMS_PER_PAGE"],
            error_out=True)
    return pagination
Exemplo n.º 7
0
 def decorated_view(*args, **kwargs):
     if 'Employer' in roles and current_user.employer():
         return view(*args, **kwargs)
     elif 'Admin' in roles and current_user.admin():
         return view(*args, **kwargs)
     elif 'Freelancer' in roles and current_user.freelancer():
         return view(*args, **kwargs)
     else:
         return render_template('errors/404.html'), 404
Exemplo n.º 8
0
def edit(id):
    # Retrieve post from database (issue 404 error is post doesn't exist)
    post = Post.query.get_or_404(id)

    # Create form object
    form = PostForm()

    # Issue a 403 (forbidden) error if post author is not the logged in user
    if current_user.username != post.author.username and not current_user.admin(
    ):
        abort(403)

    # If request method is POST (a form was submitted)
    if request.method == "POST":
        if checkBtn("cancel", form):
            # If cancel button was pressed
            # Redirect the user to the page with the post in it
            return redirect(url_for('.post', id=id))
        elif checkBtn("submit", form):
            # If the submit button was pressed, update post
            post.title = form.title.data
            post.body = form.body.data
            post.tags = parseMultiplePost(form)
            post.published = form.published.data
            post.date_posted = datetime.utcnow()

            # Update the summary (first 80 words)
            post.changedBody()

            if bool(
                    re.search(r'!.*\[.+\]', post.body, re.DOTALL)
                    or '</iframe>' in post.body
                    or re.search(r'<img .*src=".+".*>', post.body, re.DOTALL)):
                post.disabled = True
            else:
                post.disabled = False

            # Redirect the user to the page with the post in it
            return redirect(url_for('.post', id=id))

    # Set initial values of the fields with the post data
    form.title.data = post.title
    form.body.data = post.body

    # Get list of tag ids by calling the unparseMultiplePost function (it was defined earlier)
    form.tags.data = unparseMultiplePost(post)
    form.published.data = post.published

    # Render edit page template
    return render_template("blog/edit.html",
                           title="Edit Post - " + post.title,
                           year=year,
                           post=post,
                           form=form)
Exemplo n.º 9
0
def filteredPosts():
    # Get pagination page
    page = request.args.get("page")

    # Get search query
    q = request.args.get("q")

    # Create form objects
    post_form = PostForm()
    search_form = SearchForm()

    # Do the exact same as the index page
    if post_form.validate_on_submit():
        tags = parseMultiplePost(post_form)
        post = Post(title=post_form.title.data,
                    body=post_form.body.data,
                    author=current_user._get_current_object(),
                    tags=tags,
                    published=post_form.published.data)
        post.changedBody()
        db.session.add(post)
        db.session.commit()
        return redirect(url_for('.post', id=post.id))
    elif search_form.validate_on_submit():
        return redirect(url_for('.filteredPosts', q=search_form.search.data))

    # This bit is slightly different
    # Search the database using Whoosh and paginate the results
    pagination = Post.query.whoosh_search(q, 50).filter(
        db.or_((Post.disabled == False and Post.published == True),
               Post.author_id == current_user.id,
               current_user.admin())).paginate(
                   page,
                   per_page=current_app.config["ITEMS_PER_PAGE"],
                   error_out=True)

    # Get the Post objects out of the paginated results
    posts = pagination.items

    # Render the template as in the index route above but add another template variable
    # called filtered so that the template knows that it is the filtered posts.
    return render_template("blog/index.html",
                           title="Blog - Home Page",
                           year=year,
                           post_form=post_form,
                           search_form=search_form,
                           posts=posts,
                           pagination=pagination,
                           filtered=True)
Exemplo n.º 10
0
def draft(id):
    # Retrieve post from database (issue 404 error is post doesn't exist)
    post = Post.query.get_or_404(id)

    # Issue a 403 (forbidden) error if post author is not the logged in user
    if post.author.username != current_user.username and not current_user.admin(
    ):
        abort(403)

    # Change status of post
    post.published = False

    # Flash a message that says that the post is a draft
    flash("Your post is now a draft.", 'info')

    # Issue a redirect to the page that requested this page.
    return redirect(session["last_url"])
Exemplo n.º 11
0
def moderatePosts():
    if not current_user.admin():
        abort(403)

    page = int(request.args.get("page", 1))

    # Create a pagination object to add pagination
    pagination = Post.query.order_by(Post.date_posted.desc()).paginate(
        page, per_page=current_app.config["ITEMS_PER_PAGE"], error_out=True)

    # Get the Post objects out of the paginated results
    posts = pagination.items

    return render_template("blog/moderate.html",
                           title="Blog - Moderate Posts",
                           year=year,
                           posts=posts,
                           pagination=pagination)
Exemplo n.º 12
0
def post(id):
    # Retrieve the post and if id doesn't exist yet, return a 404 status code.
    post = Post.query.get_or_404(id)

    # If the post isn't public and the author is not the current user
    if (post.disabled == True or post.published == False
        ) and post.author != current_user and not current_user.admin():
        # Return a 403 status code (forbidden)
        abort(403)

    # Create a Comment for object
    form = CommentForm()

    # If a form is submitted (method will be POST)
    if request.method == "POST":
        if checkBtn("cancel", form):
            # If cancel button is pressed, JavaScript will hide comment form
            # (it's in a kind of accordion)
            pass
        elif checkBtn("submit", form):
            # If the Save button is pressed, save comment to database
            comment = Comment(body=form.body.data,
                              post=post,
                              author=current_user._get_current_object())

            # Add comment to database (database will be committed at end of each request)
            # The reason I committed the database manually above is because I needed to retrive
            # the id of it (id doesn't exist until database is committed)
            db.session.add(comment)

            # Issue redirect to same page (last method used must be GET)
            return redirect(url_for('.post', id=post.id) + "#comments")
    # Retrieve the post's comments
    comments = post.comments.order_by(Comment.date_posted.asc())

    # Render template
    return render_template("blog/post.html",
                           title="Post - " + post.title,
                           year=year,
                           post=post,
                           form=form,
                           comments=comments)
Exemplo n.º 13
0
def editComment(id):
    # Get comment from database (if it doesn't exist return 404 code)
    comment = ProjectComment.query.filter_by(id=id).first_or_404()

    # Create form object
    form = CommentForm()

    # Issue 403 or forbidden code if user is not owner and is not administrator
    if current_user.username != comment.author.username and not current_user.admin():
        abort(403)

    # If request method is POST (form submitted)
    if form.validate_on_submit():
        # If submit was pressed, update content of comment and redirect back
        comment.body = form.body.data
        return redirect(url_for('.project', id=comment.project.id) + '#comments')
    
    # Set initial values
    form.body.data = comment.body

    return render_template('projects/editComment.html', title="Projects - Edit Comment from Project {0}".format(comment.project.title), year=year, form=form, comment=comment)
Exemplo n.º 14
0
def index():
    if current_user.is_authenticated:
        projects = Project.query.filter(db.or_(Project.status == True, Project.author == current_user, current_user.admin())).all()
    else:
        projects = Project.query.filter_by(status=True).all()
    return render_template('projects/index.html', title="Projects", year=year, projects=projects)