def edit(slug):
post = Post.query.filter(Post.slug == slug).first_or_404()
if not post.can_edit(current_user):
return login_manager.unauthorized()
form = PostForm(obj=post)
form.tag_names.data = post.tag_names
return render_template('posts_edit.html', form=form)
def destroy(slug):
post = Post.query.filter(Post.slug == slug).first_or_404()
if not post.can_edit(current_user):
return login_manager.unauthorized()
db.session.delete(post)
db.session.commit()
flash('Post deleted', 'success')
return redirect(url_for('admin.posts'))
def destroy(id):
user = User.query.get_or_404(id)
if not user.can_edit(current_user):
return login_manager.unauthorized()
db.session.delete(user)
db.session.commit()
flash('Account deleted', 'success')
return redirect('/')
def update(slug):
post = Post.query.filter(Post.slug == slug).first_or_404()
if not post.can_edit(current_user):
return login_manager.unauthorized()
form = PostForm()
if form.validate():
try:
form.update_post(post)
db.session.add(post)
db.session.commit()
return redirect(url_for('posts.show', slug=post.slug))
except IntegrityError:
db.session.rollback()
form.slug.errors.append('This slug is taken.')
return render_template('posts_edit.html', form=form)
def update(id):
user = User.query.get_or_404(id)
if not user.can_edit(current_user):
return login_manager.unauthorized()
form = UserForm()
if form.validate(current_user, user):
form.update_user(user)
try:
db.session.add(user)
db.session.commit()
flash('Account updated!', 'success')
return redirect('/')
except IntegrityError:
db.session.rollback()
form.username.errors.append('This name has been taken.')
return render_template('users_edit.html', form=form, user=user)
def decorated_view(*args, **kwargs):
if current_user.is_authenticated \
and not current_user.authorized_for(user_type):
return login_manager.unauthorized()
else:
return original_login_required(func)(*args, **kwargs)