def handle_feedback_update(feedback_id): """ GET /feedback/<feedback-id>/update Display a form to edit feedback — **Make sure that only the user who has written that feedback can see this form ** POST /feedback/<feedback-id>/update Update a specific piece of feedback and redirect to /users/<username> — Make sure that only the user who has written that feedback can update it """ curr_username = session.get('user') #someone is logged in if curr_username: #get the comment from the db comment = Feedback.get(feedback_id) #if the loggged in user is the same as the comment writer, then you can continue if curr_username == comment.username: #Most Common Path form = FeedbackForm(obj=comment) if form.validate_on_submit(): comment.update_from_serial(request.form) return redirect(f'/users/{curr_username}') else: return render_template('edit_feedback_form.html', form=form) #outlier path else: flash('Eyes on your own work!', 'warning') return redirect(f'/users/{curr_username}') #outlier path else: flash('Please Log in') return redirect('/')
def delete_feedback(feedback_id): """POST /feedback/<feedback-id>/delete Delete a specific piece of feedback and redirect to /users/<username> — Make sure that only the user who has written that feedback can delete it """ curr_username = session.get('user') if curr_username: comment = Feedback.get(feedback_id) if curr_username == comment.username: comment.delete() return redirect(f'/users/{curr_username}') else: return f"401! You're not authorized to do that {curr_username}!", 401 else: flash("Log In Please.") return redirect('/')