Exemplo n.º 1
0
    def post(self, comment_id):
        text = self.request.get('comment-text')
        params = dict(comment_text=text)

        comment = Comment.get_by_id(int(comment_id))
        if not comment:
            return self.abort(404, "No comment associated with request")

        post_id = comment.post.id()
        params['post_id'] = post_id

        if text:
            comment.content = text
            comment.put()

            self.redirect_to_uri("permalink", post_id=post_id)
        else:
            params['comment_error'] = "Comment cannot be empty"
            self.render_page(**params)
Exemplo n.º 2
0
def make_comment_change(self, comment_id, edit, delete):
    """Checks permissions and allows to edit/delete comment"""

    if edit and delete:
        log_request(self, "Request with edit & delete comment")
        return self.abort(400, "Edit and delete simultaneosly forbidden")

    if not self.user:
        return self.redirect_to_uri("signup")

    comment = Comment.get_by_id(int(comment_id))
    if not comment:
        return self.abort(404, "No comment associated with request")

    key = comment.key

    if comment.user.id() == self.user.key.id():
        if edit:
            return self.redirect_to_uri("comment_edit", comment_id=key.id())
        elif delete:
            comment.key.delete()
            return self.redirect_to_uri("permalink", post_id=comment.post.id())
    log_request(self, "User tried to change comment of another user")
    return self.abort(403, "You cannot change other user comments")
Exemplo n.º 3
0
 def get(self, comment_id):
     comment = Comment.get_by_id(int(comment_id))
     if not comment:
         return self.abort(404, "No comment associated with request")
     self.render_page(post_id=comment.post.id(), content=comment.content)