def admin_dashboard():
if not request.is_secure and config.env != "debug":
return redirect(request.url.replace("http://", "https://"))
user = blog_backend.get_logged_user(request.cookies)
if user == None:
return blog_backend.render_template(
"index.html",
content=blog_backend.render_template("admin_dashboard.html",
logged=False),
title="Login required")
if user.level > 0:
return "Forbidden"
response = make_response(
blog_backend.render_template(
"index.html",
content=blog_backend.render_template(
"admin_dashboard.html",
logged=True,
posts_list=blog_backend.sort(blog_backend.get_posts_list(),
"date", True),
users_list=blog_backend.sort(blog_backend.get_users_list(),
"level", False),
),
title="Dashboard"))
user.update_session_id(response)
return response
def post(post_id):
if not request.is_secure and config.env != "debug":
return redirect(request.url.replace("http://", "https://"))
post = blog_backend.Post(post_id)
if post.is_new_post:
post = None
user = blog_backend.get_logged_user(request.cookies)
title = "Not found"
if post != None:
title = post.title
if user:
post.logged_user = user.username
response = make_response(
blog_backend.render_template("index.html",
content=blog_backend.render_template(
"post.html", post=post, user=user),
title=title))
if user:
user.update_session_id(response)
return response
def delete_comment(post_id, comment_id):
if not request.is_secure and config.env != "debug":
return redirect(request.url.replace("http://", "https://"))
user = blog_backend.get_logged_user(request.cookies)
if user == None or user.blocked == True:
return "Forbidden"
post = blog_backend.Post(post_id)
post.delete_comment(user, int(comment_id))
return redirect(urljoin(config.url["post_url"], post_id))
def logout():
if not request.is_secure and config.env != "debug":
return redirect(request.url.replace("http://", "https://"))
user = blog_backend.get_logged_user(request.cookies)
if user != None:
user.session_id = None
user.save()
if "redirect_url" in request.args:
return redirect(request.args["redirect_url"], code=302)
else:
return redirect(config.url["index_url"], code=302)
def wrapped(*args, **kwds):
if not request.is_secure and config.env != "debug":
return redirect(request.url.replace("http://", "https://"))
user = blog_backend.get_logged_user(request.cookies)
if user == None:
return redirect(config.url["admin_dashboard_url"], code=302)
if user.level > 0:
return "Forbidden"
response = func(user, *args, **kwds)
user.update_session_id(response)
return response
def edit_profile():
if not request.is_secure and config.env != "debug":
return redirect(request.url.replace("http://", "https://"))
user = blog_backend.get_logged_user(request.cookies)
if user == None:
return redirect(config.url["index_url"], code=302)
if request.method == 'POST':
if request.form["username"] != user.username:
return "Forbidden"
redirect_url = config.url["index_url"]
user.hide_picture = bool(request.form.get("hide_picture"))
if len(request.form["name"]) > 0:
user.name = request.form["name"]
if user.level < 1:
user.bio = request.form["bio"]
redirect_url = config.url["admin_dashboard_url"]
user.save()
response = redirect(redirect_url, code=302)
user.update_session_id(response)
return response
else:
response = make_response(
blog_backend.render_template("index.html",
content=blog_backend.render_template(
"edit_profile.html",
user=user,
allow_bio_edit=user.level < 1,
),
title="Edit Profile"))
user.update_session_id(response)
return response