def delete():
# TODO token与用户验证
topic_id = int(request.args.get('id'))
tp = Topic.find(topic_id)
print('删除 的 topic 是', tp)
t = Theme.find(tp.theme_id)
t.topic_num -= 1
t.save()
delete_file(local_image_director, tp.banner_img)
tp.delete()
return redirect(url_for('theme.detail'))
def edit():
id = int(request.args.get('id'))
topic = Topic.find(id)
board_id = int(request.args.get('board_id', -1))
token = new_csrf_token()
bs = Board.all()
return render_template('topic/edit.html',
topic=topic,
bs=bs,
token=token,
bid=board_id)
def topic_delete():
topic_id = int(request.args.get('id'))
t = Topic.find(topic_id)
user_id = t.user().id
u = current_user()
if u.username == 'admin':
print('删除的帖子id是', topic_id, type(topic_id))
Topic.delete(topic_id)
ts = Topic.topics_reverse_order(user_id)
user = User.find(user_id)
return render_template('admin/manage_topic.html', ts=ts, user=user)
def delete():
id = int(request.args.get('id'))
token = request.args.get('token')
u = current_user()
if u.id == 1 or u.id == Topic.find(id).user_id:
# 管理员或话题创建者才有权限
if token in csrf_tokens and csrf_tokens[token] == u.id:
# 验证token
Topic.delete(id)
Reply.delete_all(dict(topic_id=id))
csrf_tokens.pop(token)
return redirect(url_for('index.index'))
def delete(tid, token):
u = current_user()
if u is not None and csrf_tokens.get(token) == u.id:
csrf_tokens.pop(token)
topic = Topic.find(tid)
if u.id == topic.uid or u.role == 1:
topic.remove()
return redirect(url_for('.index'))
else:
abort(403)
else:
abort(403)
def delete():
id = int(request.args.get('id'))
token = request.args.get('token')
u = current_user()
topic = Topic.find(id)
# 判断 token 是否是我们给的
# print(u.id, token, csrf_tokens)
if token in csrf_tokens and csrf_tokens[token] == topic.user_id:
csrf_tokens.pop(token)
print('删除 topic 用户是', u, id)
topic.delete()
return redirect(url_for('.index'))
else:
abort(401)
def delete():
id = int(request.args.get('id'))
token = request.args.get('token')
u = current_user()
# 判断 token 是否是我们给的
if token in csrf_tokens and csrf_tokens[token] == u.id:
csrf_tokens.pop(token)
if u is not None:
t = Topic.find(id=id)
t.delete()
return redirect(url_for('.index'))
else:
abort(404)
else:
abort(403)
def delete():
u = current_user()
user_id = u.id
id = int(request.args.get('topic_id', -1))
t = Topic.find(id)
author_id = t.user_id
if user_id == author_id:
token = request.args.get('token', '')
if token in csrf_tokens:
Topic.delete(id)
t.reply_delete()
csrf_tokens.remove(token)
return redirect(url_for('.index'))
else:
abort(403)
else:
return redirect(url_for('index.index'))
def delete():
id = int(request.args.get('id'))
token = request.args.get('token')
u = current_user()
t = Topic.find(id)
# 判断token是否是我们给的
if token in csrf_tokens:
csrf_tokens.remove(token)
if u is not None and t.user_id == u.id:
Topic.delete(id)
rs = Reply.find_all(topic_id=id)
for r in rs:
Reply.delete(r.id)
return redirect(url_for('.index'))
else:
abort(404)
else:
abort(403)
def detail(id):
"""
话题详情页面
"""
c_u = current_user()
m = Topic.find(id)
topic_created_time = formatted_time(m.created_time)
token = new_csrf_token()
# 5 个最近无人回复的话题
ts = Topic.topic_noreply()
return render_template(
"topic/detail.html",
current_user=c_u,
topic=m,
ts=ts,
topic_created_time=topic_created_time,
token=token,
)
def detail(id):
m = Topic.find(id=id)
u = current_user()
# 传递 topic 的所有 reply 到 页面中
return render_template("topic/detail.html", topic=m, user=u)
def detail(id):
m = Topic.find(id=id)
author_profile = User.one(username=m.author)
# 传递 topic 的所有 reply 到 页面中
return render_template("topic/detail.html", topic=m, ap=author_profile)
def topic(self):
from models.topic import Topic
t = Topic.find(self.topic_id)
return t
def detail(id):
m = Topic.find(id)
# 传递 topic 的所有 reply 到 页面中
bs = Board.all()
return render_template("topic/detail.html", topic=m, bs=bs)
def detail(id):
m = Topic.find(id=id)
u = User.one(id=m.user_id)
# 传递 topic 的所有 reply 到 页面中
return render_template("topic/detail.html", topic=m, user=u)
