def edit_post(id):
if not current_user:
return redirect(url_for('main.login'))
post = Post.query.get_or_404(id)
if current_user != post.user:
abort(403)
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def edit_post(id):
# 此处验证用login_required装饰器代替
"""
if not g.current_user:
return redirect(url_for('main.login'))
"""
post = Post.query.get_or_404(id)
# 此处使用用户权限进行限制访问
"""
if current_user != post.user:
abort(403)
"""
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
if form.title.data == post.title and form.text.data == post.text:
flash('no changes detected!', category='message')
else:
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def edit_post(id):
post = Post.query.get_or_404(id)
permission = Permission(UserNeed(post.user.id))
print permission.can()
# We want admins to be able to edit any post
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def post(post_id):
form = CommentForm()
if form.validate_on_submit():
new_comment = Comment()
new_comment.name = form.name.data
new_comment.text = form.text.data
new_comment.post_id = post_id
new_comment.date = datetime.now()
db.session.add(new_comment)
db.session.commit()
return redirect(url_for('.post', post_id=post_id))
post = Post.query.get_or_404(post_id)
# 添加阅读量
post.read = post.read + 1
db.session.add(post)
db.session.commit()
tags = post.tags
comments = post.comments.order_by(Comment.date.desc()).all()
# 是否有编辑权限
permission = Permission(UserNeed(post.user.id))
is_edit = permission.can() or admin_permission.can()
if g.is_login:
form.name.data = current_user.username
return render_template('post.html',
post=post,
tags=tags,
is_edit=is_edit,
comments=comments,
form=form)
def edit(id):
post = Post.query.get_or_404(id)
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.cover = form.cover.data
post.video = form.video.data
post.summary = form.summary.data
post.text = form.text.data
post.update_date = datetime.now()
del post.tags[:] # 删除所有标签
del post.photos[:] # 删除所有图片
if form.tags.data.strip():
tagStrList = form.tags.data.split(',')
for tagStr in tagStrList: # 对标签循环
tagStr = tagStr.strip()
tag = Tag.query.filter_by(title=tagStr).first()
if not tag: # 标签不存在时新增
tag = Tag(tagStr)
post.tags.append(tag)
for photo_url in form.photos.data:
if photo_url != '':
photo = Photo(photo_url)
post.photos.append(photo)
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
type = post.type
form.cover.data = post.cover
form.text.data = post.text
form.title.data = post.title
form.summary.data = post.summary
form.type.data = type
photos = [photo.url for photo in post.photos]
form.summary.data = post.summary
tags = []
for tag in post.tags:
tags.append(tag.title)
form.tags.data = ','.join(tags)
return render_template("edit_{}.html".format(type), form=form, post=post, photos=photos)
abort(403)
def edit_post(id):
post = Post.objects(id=id).get_or_404()
permission = Permission(UserNeed(post.user.id))
if (permission.can() or admin_permission.can()):
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
post.save()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def edit_post(id):
post = Post.query.get_or_404(id)
permission = Permission(UserNeed(post.user.id))
# We want admins to be able to edit any post
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def is_accessible(self):
return current_user.is_authenticated() and admin_permission.can()
def is_accessible(self):
return current_user.is_authenticated() and admin_permission.can()
def is_accessible(self):
try:
return current_user.is_authenticated() and admin_permission.can()
except Exception as e:
return e