def create_post():
form = BlogPostForm()
if form.validate_on_submit():
blog_post = BlogPost(title=form.title.data,
text=form.text.data,
user_id=current_user.id)
db.session.add(blog_post)
db.session.commit()
return redirect(url_for('core.index'))
return render_template('create_post.html', form=form)
def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
if current_user != blog_post.author:
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
return redirect(
url_for('blog_posts.blog_post', blog_post_id=blog_post_id))
elif request.method == 'GET':
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html', form=form)
def update(blog_post_id):
blog_post = BlogPost.query.get_or_404(blog_post_id)
if blog_post.author != current_user:
# Forbidden, No Access
abort(403)
form = BlogPostForm()
if form.validate_on_submit():
blog_post.title = form.title.data
blog_post.text = form.text.data
db.session.commit()
flash('Post Updated')
return redirect(url_for('blog_posts.blog_post', blog_post_id=blog_post.id))
# Pass back the old blog post information so they can start again with
# the old text and title.
elif request.method == 'GET':
form.title.data = blog_post.title
form.text.data = blog_post.text
return render_template('create_post.html', title='Update',
form=form)