def user_edit_password(): if request.method == 'GET': return redirect(url_for('user_profile')) form = PasswordForm(request.form) user = User.query.get(current_user.id) if not form.validate(): return render_template( 'auth/profile.html', user=user, usernameForm=UsernameForm(), passwordForm=form, ) with session_scope() as session: user = session.query(User).get(current_user.id) password = form.password.data.encode() salt = bcrypt.gensalt(rounds=10) phash = bcrypt.hashpw(password, salt) user.phash = phash.decode() session.commit() return redirect(url_for('user_profile'))
def auth_signup(): if request.method == 'GET': return render_template('auth/signup.html', form=SignUpForm()) form = SignUpForm(request.form) if not form.validate(): return render_template('auth/signup.html', form=form) user = User.query.filter_by(username=form.username.data).first() if user: return render_template('auth/signup.html', form=form, error='Username is taken') password = form.password.data.encode() salt = bcrypt.gensalt(rounds=10) phash = bcrypt.hashpw(password, salt) user = User(username=form.username.data, phash=phash.decode()) with session_scope() as session: session.add(user) session.flush() roles = Role.query.filter(Role.name.in_(['APPROVED', 'USER'])).all() session.bulk_save_objects( [UserRole(role_id=role.id, account_id=user.id) for role in roles]) session.commit() return redirect(url_for('auth_login'))
def comments_edit(post_id, comment_id): if request.method == 'GET': return redirect( f'{url_for("posts_details", post_id=post_id)}#{comment_id or ""}') comment = Comment.query.get(comment_id) if (comment.account_id != current_user.id or comment.deleted): return redirect(url_for('posts_details', post_id=post_id)) form = CommentForm(request.form) if not form.validate(): return redirect(url_for('posts_details', post_id=post_id)) parent = Comment.query.get(comment_id) if comment_id else None if parent and not str(parent.post_id) == post_id: return redirect(url_for('posts_details', post_id=post_id)) with session_scope() as session: comment.content = form.content.data session.commit() return redirect( f'{url_for("posts_details", post_id=post_id)}#{comment.id}')
def comments_create(post_id, comment_id): if request.method == 'GET': return redirect( f'{url_for("posts_details", post_id=post_id)}#{comment_id or ""}') form = CommentForm(request.form) if not form.validate(): return redirect(url_for('posts_details', post_id=post_id)) parent = Comment.query.get(comment_id) if comment_id else None if parent and (str(parent.post_id) != post_id or parent.deleted): return redirect(url_for('posts_details', post_id=post_id)) comment = Comment(form.content.data) comment.account_id = current_user.id comment.post_id = post_id comment.parent_id = comment_id with session_scope() as session: session.add(comment) session.commit() return redirect( f'{url_for("posts_details", post_id=post_id)}#{comment.id}')
def posts_delete(post_id): with session_scope() as session: post = Post.query.get(post_id) (session.query(Comment).filter(Comment.post_id == post_id).delete()) session.delete(post) session.commit() return redirect(url_for('posts_index'))
def insert_initial_values(*args, **kwargs): ROLE_NAMES = ['APPROVED', 'BANNED', 'MODERATOR', 'USER'] with session_scope() as session: roles = Role.query.filter(Role.name.in_(['APPROVED', 'USER'])).all() session.bulk_save_objects( [Role(name=role_name) for role_name in ROLE_NAMES]) session.commit()
def posts_submit(): form = PostForm(request.form) if not form.validate(): return render_template('posts/submit.html', form=form) with session_scope() as session: post = Post(form.title.data, form.content.data) post.account_id = current_user.id session.add(post) session.commit() return redirect(url_for('posts_index'))
def posts_edit(post_id): post = Post.query.get(post_id) form = PostForm(request.form) post.title = form.title.data post.content = form.content.data if not form.validate(): return render_template('posts/edit.html', post=post, form=form) with session_scope() as session: session.commit() return redirect(url_for('posts_details', post_id=post_id))
def user_delete(): if request.method == 'GET': return redirect(url_for('user_profile')) with session_scope() as session: user = User.query.get(current_user.id) (session.query(PostLike).filter( PostLike.account_id == current_user.id).delete()) session.delete(user) session.commit() logout_user() return redirect(url_for('posts_index'))
def comments_delete(post_id, comment_id): if request.method == 'GET': return redirect(url_for('posts_details', post_id=post_id)) with session_scope() as session: comment = Comment.query.get(comment_id) if (comment.account_id != current_user.id or comment.deleted): return redirect(url_for('posts_details', post_id=comment.post_id)) comment.deleted = True session.commit() return redirect( f'{url_for("posts_details", post_id=comment.post_id)}#{comment.id}' )
def posts_details(post_id): user_id = None if current_user and current_user.is_authenticated: user_id = current_user.id with session_scope() as session: query = (posts_with_aggregates( session, user_id=user_id).filter(Post.id == post_id)) (post, post.comments, post.likes, post.dislikes, post.popularity, post.userLike) = query.first() comments = (session.query(Comment).filter( Comment.post_id == post_id).outerjoin( User, User.id == Comment.account_id).limit(100).all()) return render_template('posts/details.html', post=post, commentTree=create_comment_tree(comments), form=CommentForm())
def posts_index(page=1, per_page=10, sort='popular'): user_id = None if current_user and current_user.is_authenticated: user_id = current_user.id sort = request.args.get('sort') or sort queryString = request.args.get('query') or '' orderBySort = { 'newest': desc(Post.date_created), 'oldest': asc(Post.date_created), 'popular': desc(text('popularity')) } with session_scope() as session: query = (posts_with_aggregates(session, user_id=user_id).filter( Post.title.ilike('%{}%'.format(queryString))).order_by( orderBySort[sort])) try: pagination = query.paginate( page=int(request.args.get('page') or page), per_page=int(request.args.get('per_page') or per_page), max_per_page=50) except: return render_template('posts/list.html', posts=None) posts = [ post for post, post.comments, post.likes, post.dislikes, post.popularity, post.userLike in pagination.items ] first = max(1, pagination.page - 2) last = min(pagination.pages, pagination.page + 2) + 1 return render_template('posts/list.html', posts=posts, page_range=range(first, last), pagination=pagination)
def posts_toggle_like(post_id, value): with session_scope() as session: oldLike = (session.query(PostLike).filter( PostLike.post_id == post_id, PostLike.account_id == current_user.id).first()) newLike = PostLike(value=PostLikeValue(int(value)), post_id=post_id, account_id=current_user.id) if not oldLike: session.add(newLike) elif newLike.value == oldLike.value: session.delete(oldLike) else: session.delete(oldLike) session.flush() session.add(newLike) session.commit() return redirect(request.referrer)
def user_edit_username(): if request.method == 'GET': return redirect(url_for('user_profile')) form = UsernameForm(request.form) user = User.query.get(current_user.id) if not form.validate(): return render_template( 'auth/profile.html', user=user, usernameForm=form, passwordForm=PasswordForm(), ) with session_scope() as session: username = form.username.data existingUser = session.query(User).filter( User.username == username).first() if (existingUser): form.username.errors.append('Username already exists') return render_template( 'auth/profile.html', user=user, usernameForm=form, passwordForm=PasswordForm(), ) user.username = username session.commit() return redirect(url_for('user_profile'))