def admin_dashboard(): if not request.is_secure and config.env != "debug": return redirect(request.url.replace("http://", "https://")) user = blog_backend.get_logged_user(request.cookies) if user == None: return blog_backend.render_template( "index.html", content=blog_backend.render_template("admin_dashboard.html", logged=False), title="Login required") if user.level > 0: return "Forbidden" response = make_response( blog_backend.render_template( "index.html", content=blog_backend.render_template( "admin_dashboard.html", logged=True, posts_list=blog_backend.sort(blog_backend.get_posts_list(), "date", True), users_list=blog_backend.sort(blog_backend.get_users_list(), "level", False), ), title="Dashboard")) user.update_session_id(response) return response
def post(post_id): if not request.is_secure and config.env != "debug": return redirect(request.url.replace("http://", "https://")) post = blog_backend.Post(post_id) if post.is_new_post: post = None user = blog_backend.get_logged_user(request.cookies) title = "Not found" if post != None: title = post.title if user: post.logged_user = user.username response = make_response( blog_backend.render_template("index.html", content=blog_backend.render_template( "post.html", post=post, user=user), title=title)) if user: user.update_session_id(response) return response
def delete_comment(post_id, comment_id): if not request.is_secure and config.env != "debug": return redirect(request.url.replace("http://", "https://")) user = blog_backend.get_logged_user(request.cookies) if user == None or user.blocked == True: return "Forbidden" post = blog_backend.Post(post_id) post.delete_comment(user, int(comment_id)) return redirect(urljoin(config.url["post_url"], post_id))
def logout(): if not request.is_secure and config.env != "debug": return redirect(request.url.replace("http://", "https://")) user = blog_backend.get_logged_user(request.cookies) if user != None: user.session_id = None user.save() if "redirect_url" in request.args: return redirect(request.args["redirect_url"], code=302) else: return redirect(config.url["index_url"], code=302)
def wrapped(*args, **kwds): if not request.is_secure and config.env != "debug": return redirect(request.url.replace("http://", "https://")) user = blog_backend.get_logged_user(request.cookies) if user == None: return redirect(config.url["admin_dashboard_url"], code=302) if user.level > 0: return "Forbidden" response = func(user, *args, **kwds) user.update_session_id(response) return response
def edit_profile(): if not request.is_secure and config.env != "debug": return redirect(request.url.replace("http://", "https://")) user = blog_backend.get_logged_user(request.cookies) if user == None: return redirect(config.url["index_url"], code=302) if request.method == 'POST': if request.form["username"] != user.username: return "Forbidden" redirect_url = config.url["index_url"] user.hide_picture = bool(request.form.get("hide_picture")) if len(request.form["name"]) > 0: user.name = request.form["name"] if user.level < 1: user.bio = request.form["bio"] redirect_url = config.url["admin_dashboard_url"] user.save() response = redirect(redirect_url, code=302) user.update_session_id(response) return response else: response = make_response( blog_backend.render_template("index.html", content=blog_backend.render_template( "edit_profile.html", user=user, allow_bio_edit=user.level < 1, ), title="Edit Profile")) user.update_session_id(response) return response