def view(id):
mail = Mail.find(id)
if current_user().id == mail.receiver_id:
mail.mark_read()
if current_user().id in [mail.receiver_id, mail.sender_id]:
return render_template("mail/detail.html", mail=mail)
else:
return redirect(url_for(".index"))
def view(id):
mail = Mail.find(id)
# 不是你自己收发的,肯定不能看
# 不是收的人,看了也不会变成已读状态
if current_user().id == mail.receiver_id:
mail.mark_read()
if current_user().id in [mail.receiver_id, mail.sender_id]:
return render_template("mail/detail.html", mail=mail)
else:
return redirect(url_for('.index'))
def view(id):
mail = Mail.find(id)
# you cannot see if it is not sent or received by you
# if you are not the receiver, message will not be marked as read
if current_user().id == mail.receiver_id:
mail.mark_read()
if current_user().id in [mail.receiver_id, mail.sender_id]:
return render_template("mail/detail.html", mail=mail)
else:
return redirect(url_for(".index"))
def view(id):
mail = Mail.find(id)
# 不是你自己收发的,你肯定不能看
# 不是收的人,那你看了也不会变成已读
if current_user().id == mail.receiver_id:
mail.mark_read()
if current_user().id in [mail.receiver_id, mail.sender_id]:
return render_template("mail/detail.html", mail=mail)
else:
return redirect(url_for(".index"))
def update(mail_id):
if Mail.check_token():
form = request.form
m = Mail.find(mail_id)
if current_user().id in [m.receiver_id, m.sender_id]:
Mail.update(form)
# redirect有必要加query吗
return redirect(url_for('.index'))
else:
abort(401)
def view(id):
u = current_user()
mail = Mail.find(id)
if u.id == mail.receiver_id:
mail.mark_read()
if u.id in [mail.receiver_id, mail.sender_id]:
return render_template('mail/detail.html', mail=mail)
else:
return redirect(url_for('.index'))
def edit(mail_id):
user = current_user()
if Mail.check_token():
# mail_id = int(request.args.get('id', -1))
m = Mail.find(mail_id)
if current_user().id in [m.receiver_id, m.sender_id]:
return render_template('mail/mail_edit.html',
m=m,
token=gg.token[user.id],
user=user)
else:
abort(401)
def view(id):
"""
注意安全问题,首先确定登录的用户是收件人,如果不是就不能标记已读;
另外只有当用户是收/发件人时,才能查看邮件详情
:param id: 传入的邮件id
:return: 对应的邮件
"""
mail = Mail.find(id)
u = current_user()
if u.id == mail.receiver_id:
mail.mark_read()
if u.id in [mail.receiver_id, mail.sender_id]:
return render_template('mail/detail.html', mail=mail)
def view(id):
mail = Mail.find(id)
sender = User.find(mail.sender_id).username
receiver = User.find(mail.receiver_id).username
# 不是你自己收发的,你肯定不能看
# 不是收的人,那你看了也不会变成已读
user = current_user()
if user.id == mail.receiver_id:
mail.mark_read()
if user.id in [mail.receiver_id, mail.sender_id]:
return render_template("mail/detail.html",
mail=mail,
user=user,
sender=sender,
receiver=receiver)
else:
return redirect(url_for(".index"))
def view(mail_id):
mail = Mail.find(id=mail_id)
if (current_user().role != -1) and (current_user().id in [mail.receiver_id, mail.sender_id]):
return render_template("mail/mail_detail.html", mail=mail)
else:
return redirect(url_for("routes_mail.index"))
