def post_page(request, post_id): try: post = Post.objects.get(id=post_id) except Post.DoesNotExist: raise Http404 zone = Zone.objects.get(name=post.zone_name) if (not (request.user.is_staff or request.user.username == post.author or is_manager(zone.id, request.user.username))): edit = False delete = False else: edit = True delete = True if "csrftoken" in request.COOKIES: token = request.COOKIES["csrftoken"] else: delete = False token = None return render(request, "Forum/post.html", { "post": post, "zone": zone, "edit": edit, "delete": delete, "token": token })
def edit_post(request, post_id): try: post = Post.objects.get(id=post_id) except Post.DoesNotExist: raise Http404 zone = Zone.objects.get(name=post.zone_name) #判断是不是本人 管理员或者版主 if (not (request.user.is_staff or request.user.username == post.author or is_manager(zone.id, request.user.username))): raise Http404 if request.method == "GET": return render(request, "Forum/edit.html", {"post": post}) else: title = request.POST.get("title", " ").strip() content = request.POST.get("content", " ").strip() if len(title) < 3 or len(content) < 5: response_json = {"status": "error", "content": "再多写几个字吧"} return HttpResponse(json.dumps(response_json)) post.title = title post.content = content post.save() response_json = { "status": "success", "redirect": "/forum/post/%s/" % post.id } return HttpResponse(json.dumps(response_json))
def delete_post(request): post_id = request.GET.get("post_id", "-1") token = request.GET.get("token", None) try: post = Post.objects.get(id=post_id) except Post.DoesNotExist: raise Http404 zone = Zone.objects.get(name=post.zone_name) if (not (request.user.is_staff or request.user.username == post.author or is_manager(zone.id, request.user.username))): raise Http404 if "csrftoken" in request.COOKIES: if token != request.COOKIES["csrftoken"]: return HttpResponseForbidden("Invalid Token") else: return HttpResponseForbidden("Invalid Token") post.delete() return HttpResponse("success")
def delete_comment(request): comment_id = request.GET.get("id", "-1") token = request.GET.get("token", "") try: reply = Reply.objects.get(id=comment_id) except Reply.DoesNotExist: raise Http404 post = reply.post_set.all()[0] zone = Zone.objects.get(name=post.zone_name) if (not (request.user.is_staff or request.user.username == post.author or is_manager(zone.id, request.user.username))): raise Http404 if "csrftoken" in request.COOKIES: if token != request.COOKIES["csrftoken"]: return HttpResponseForbidden("Invalid Token") else: return HttpResponseForbidden("Invalid Token") post.reply.remove(reply) return HttpResponse("success")
def post_page(request, post_id): try: post = Post.objects.get(id=post_id) except Post.DoesNotExist: raise Http404 zone = Zone.objects.get(name=post.zone_name) if (not (request.user.is_staff or request.user.username == post.author or is_manager(zone.id, request.user.username))): edit = False delete = False else: edit = True delete = True if "csrftoken" in request.COOKIES: token = request.COOKIES["csrftoken"] else: delete = False token = None return render(request, "Forum/post.html", {"post": post, "zone": zone, "edit": edit, "delete": delete, "token": token})
def edit_post(request, post_id): try: post = Post.objects.get(id=post_id) except Post.DoesNotExist: raise Http404 zone = Zone.objects.get(name=post.zone_name) #判断是不是本人 管理员或者版主 if (not (request.user.is_staff or request.user.username == post.author or is_manager(zone.id, request.user.username))): raise Http404 if request.method == "GET": return render(request, "Forum/edit.html", {"post": post}) else: title = request.POST.get("title", " ").strip() content = request.POST.get("content", " ").strip() if len(title) < 3 or len(content) < 5: response_json = {"status": "error", "content": "再多写几个字吧"} return HttpResponse(json.dumps(response_json)) post.title = title post.content = content post.save() response_json = {"status": "success", "redirect": "/forum/post/%s/" % post.id} return HttpResponse(json.dumps(response_json))