def new_post(): user = records.find_one({'_id': current_user._id}) form = PostForm() if (user['role'] == 'author'): if form.validate_on_submit(): mongo.db.post.insert({ "author": user, "title": form.title.data, "date_posted": datetime.datetime.now(), "content": form.content.data }) flash(f'Your post has been created!', 'success') return redirect(url_for('home')) else: abort(403) return render_template('create_post.html', legend='New Post', title='New Post', form=form)
def update_post(_id): form = PostForm() post = mongo.db.post.find_one({'_id': ObjectId(_id)}) user = records.find_one({'_id': current_user._id}) if post['author']['username'] != user['username']: abort(403) if form.validate_on_submit(): mongo.db.post.update_one( {'_id': ObjectId(_id)}, {'$set': { "title": form.title.data, "content": form.content.data }}) flash('Your post has been updated!', 'success') return redirect(url_for('post', _id=post['_id'])) elif request.method == 'GET': form.title.data = post['title'] form.content.data = post['content'] return render_template('create_post.html', title='Update Post', legend='Update Post', form=form, post=post)