def edit_post(id): if not current_user: return redirect(url_for('main.login')) post = Post.query.get_or_404(id) if current_user != post.user: abort(403) permission = Permission(UserNeed(post.user.id)) if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() db.session.add(post) db.session.commit() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def edit_post(id): # 此处验证用login_required装饰器代替 """ if not g.current_user: return redirect(url_for('main.login')) """ post = Post.query.get_or_404(id) # 此处使用用户权限进行限制访问 """ if current_user != post.user: abort(403) """ permission = Permission(UserNeed(post.user.id)) if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): if form.title.data == post.title and form.text.data == post.text: flash('no changes detected!', category='message') else: post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() db.session.add(post) db.session.commit() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def edit_post(id): post = Post.query.get_or_404(id) permission = Permission(UserNeed(post.user.id)) print permission.can() # We want admins to be able to edit any post if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() db.session.add(post) db.session.commit() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def post(post_id): form = CommentForm() if form.validate_on_submit(): new_comment = Comment() new_comment.name = form.name.data new_comment.text = form.text.data new_comment.post_id = post_id new_comment.date = datetime.now() db.session.add(new_comment) db.session.commit() return redirect(url_for('.post', post_id=post_id)) post = Post.query.get_or_404(post_id) # 添加阅读量 post.read = post.read + 1 db.session.add(post) db.session.commit() tags = post.tags comments = post.comments.order_by(Comment.date.desc()).all() # 是否有编辑权限 permission = Permission(UserNeed(post.user.id)) is_edit = permission.can() or admin_permission.can() if g.is_login: form.name.data = current_user.username return render_template('post.html', post=post, tags=tags, is_edit=is_edit, comments=comments, form=form)
def edit(id): post = Post.query.get_or_404(id) permission = Permission(UserNeed(post.user.id)) if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.cover = form.cover.data post.video = form.video.data post.summary = form.summary.data post.text = form.text.data post.update_date = datetime.now() del post.tags[:] # 删除所有标签 del post.photos[:] # 删除所有图片 if form.tags.data.strip(): tagStrList = form.tags.data.split(',') for tagStr in tagStrList: # 对标签循环 tagStr = tagStr.strip() tag = Tag.query.filter_by(title=tagStr).first() if not tag: # 标签不存在时新增 tag = Tag(tagStr) post.tags.append(tag) for photo_url in form.photos.data: if photo_url != '': photo = Photo(photo_url) post.photos.append(photo) db.session.add(post) db.session.commit() return redirect(url_for('.post', post_id=post.id)) type = post.type form.cover.data = post.cover form.text.data = post.text form.title.data = post.title form.summary.data = post.summary form.type.data = type photos = [photo.url for photo in post.photos] form.summary.data = post.summary tags = [] for tag in post.tags: tags.append(tag.title) form.tags.data = ','.join(tags) return render_template("edit_{}.html".format(type), form=form, post=post, photos=photos) abort(403)
def edit_post(id): post = Post.objects(id=id).get_or_404() permission = Permission(UserNeed(post.user.id)) if (permission.can() or admin_permission.can()): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() post.save() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def edit_post(id): post = Post.query.get_or_404(id) permission = Permission(UserNeed(post.user.id)) # We want admins to be able to edit any post if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() db.session.add(post) db.session.commit() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def is_accessible(self): return current_user.is_authenticated() and admin_permission.can()
def is_accessible(self): try: return current_user.is_authenticated() and admin_permission.can() except Exception as e: return e