diff --git a/yadc/bp/manage.py b/yadc/bp/manage.py index d33f48e..6574343 100644 --- a/yadc/bp/manage.py +++ b/yadc/bp/manage.py @@ -4,7 +4,7 @@ from flask_login import login_required, current_user from yadc.forms import UserForm, PostForm, TagForm, CommentForm from yadc import db -from yadc.models import User, USER_STATUS, moderator_required, admin_required, Post, Tag, TAG_CATEGORY, Comment +from yadc.models import User, USER_STATUS, moderator_required, admin_required, Post, Tag, TAG_CATEGORY, Comment, POST_STATUS from yadc.utils import flasherrors bp = Blueprint('manage', __name__) @@ -60,7 +60,7 @@ def manage_tags(page): return render_template('manage/tags.html', tags=tags, elements=tags.items, createform=TagForm()) - +# ONLY THROUGH MANAGEMENT @bp.route('/modify_user', methods=['POST']) @login_required @admin_required @@ -78,8 +78,10 @@ def modify_user(): db.session.commit() flash('New {} has been created.'.format(str(el))) + else: el = User.query.filter_by(id=form.id.data).first() + if form.delete.data: if el.is_current: flash("You can't just delete yourself.") @@ -91,6 +93,7 @@ def modify_user(): db.session.delete(el) db.session.commit() flash('{} deleted.'.format(str(el))) + elif form.edit.data: # if form.username.data: el.username = form.username.data @@ -104,7 +107,7 @@ def modify_user(): flasherrors(form) return redirect(url_for('.manage_users')) - +# THROUGH MANAGEMENT AND POST PAGE + USERS CAN USE @bp.route('/modify_post', methods=['POST']) @login_required def modify_post(): @@ -118,11 +121,13 @@ def modify_post(): if not current_user.is_moderator and not (el.author.is_current if el.author is not None else None): flash("You don't have sufficient rights to do this.") return redirect(url_for('main.index')) + if form.delete.data: el.remove_image_files() db.session.delete(el) db.session.commit() flash('{} deleted.'.format(str(el))) + elif form.edit.data: if form.rating.raw_data and form.rating.data: el.rating = form.rating.data if form.status.raw_data and form.status.data: el.status = form.status.data @@ -135,21 +140,26 @@ def modify_post(): db.session.commit() flash('Changes to {} have been applied.'.format(str(el))) + elif form.approve.data: if not current_user.is_moderator: flash("You don't have sufficient rights to do this.") return redirect(url_for('main.index')) - post.status = POST_STATUS.active - post.approver = current_user + el.status = POST_STATUS.active + el.approver = current_user db.session.commit() - flash('Approved post {}'.format(str(post))) - redirect(url_for('post.post_show', id=post.id)) + flash('Approved post {}'.format(str(el))) + # redirect(url_for('post.post_show', id=el.id)) + + if form.referer.data == 'post_show': + return redirect(url_for('post.post_show', id=el.id)) flasherrors(form) return redirect(url_for('.manage_posts')) # Example perfect create/edit/delete form endpoint +# ONLY THROUGH MANAGEMENT @bp.route('/modify_tag', methods=['POST']) @login_required @moderator_required @@ -161,16 +171,18 @@ def modify_tag(): el = Tag(content_deser=form.content.data) db.session.add(el) - if form.category.data: el.category = form.category.data + if form.category.raw_data and form.category.data: el.category = form.category.data db.session.commit() flash('New {} has been created.'.format(str(el))) else: el = Tag.query.filter_by(id=form.id.data).first() + if form.delete.data: db.session.delete(el) db.session.commit() flash('{} deleted.'.format(str(el))) + elif form.edit.data: # if form.content.data: el.content = form.content.data if form.category.raw_data and form.category.data: el.category = form.category.data @@ -180,37 +192,4 @@ def modify_tag(): flasherrors(form) return redirect(url_for('.manage_tags')) - # return redirect(url_for('main.index')) - -# Creation/editing only through post page -@bp.route('/modify_comment', methods=['POST']) -@login_required -def modify_comment(): - form = CommentForm(request.form) - # flash(str(request.form)) - if form.validate(): - if form.create.data: - el = Comment(content=form.content.data.strip(), post_id=form.post_id.data, user=current_user) - db.session.add(el) - - db.session.commit() - flash('Successfully submitted {}'.format(str(el))) - return redirect(url_for('post.post_show', id=form.post_id.data)) - else: - el = Comment.query.filter_by(id=form.id.data).first() - if not current_user.is_moderator and not (el.user.is_current if el.user is not None else None): - flash("You don't have sufficient rights to do this.") - return redirect(url_for('main.index')) - if form.delete.data: - db.session.delete(el) - db.session.commit() - flash('{} deleted.'.format(str(el))) - elif form.edit.data: - if form.content.raw_data and form.content.data: el.content = form.content.data.strip() - - db.session.commit() - flash('Changes to {} have been applied.'.format(str(el))) - - return redirect(url_for('post.post_show', id=el.post_id)) - - return redirect(url_for('main.posts')) \ No newline at end of file + # return redirect(url_for('main.index')) \ No newline at end of file diff --git a/yadc/bp/post.py b/yadc/bp/post.py index 485d887..f8c300d 100644 --- a/yadc/bp/post.py +++ b/yadc/bp/post.py @@ -53,10 +53,10 @@ def posts(page): @bp.route('/show/') def post_show(id): - post = Post.query.filter_by(id=id).first() - if not post: - flash('This post does not exist.') - return redirect(url_for('.posts')) + post = Post.query.get_or_404(id) + # if not post: + # flash('This post does not exist.') + # return redirect(url_for('.posts')) tags_count = db.session.query(Tag, func.count(Post.id)).join(Tag.posts).filter(Post.id==id).join(aliased(Post), Tag.posts).group_by(Tag).all() for tag,tag.count in tags_count: @@ -72,6 +72,7 @@ def post_show(id): comments=post.comments, editform=PostForm( id=post.id, + referer=post_show.__name__, source=post.source, tags=" ".join([t.content for t in post.tags]), rating=post.rating, @@ -80,16 +81,48 @@ def post_show(id): comment_form=CommentForm(post_id=post.id) ) -from yadc.bp import manage +# from yadc.bp import manage +# @bp.route('/comment', methods=['POST']) +# @login_required +# def comment(): +# return manage.modify_comment() + @bp.route('/comment', methods=['POST']) @login_required def comment(): - return manage.modify_comment() - -@bp.route('/editpost', methods=['POST']) -@login_required -def editpost(): - return manage.modify_post() + form = CommentForm(request.form) + # flash(str(request.form)) + if form.validate(): + if form.create.data: + el = Comment(content=form.content.data.strip(), post_id=form.post_id.data, user=current_user) + db.session.add(el) + + db.session.commit() + flash('Successfully submitted {}'.format(str(el))) + return redirect(url_for('post.post_show', id=form.post_id.data)) + else: + el = Comment.query.filter_by(id=form.id.data).first() + if not current_user.is_moderator and not (el.user.is_current if el.user is not None else None): + flash("You don't have sufficient rights to do this.") + return redirect(url_for('main.index')) + if form.delete.data: + db.session.delete(el) + db.session.commit() + flash('{} deleted.'.format(str(el))) + elif form.edit.data: + if form.content.raw_data and form.content.data: el.content = form.content.data.strip() + + db.session.commit() + flash('Changes to {} have been applied.'.format(str(el))) + + return redirect(url_for('post.post_show', id=el.post_id)) + + return redirect(url_for('main.posts')) + +# @bp.route('/editpost', methods=['POST']) +# @login_required +# def editpost(): +# return manage.modify_post() @bp.route('/upload', methods=['GET', 'POST']) @login_required diff --git a/yadc/bp/user.py b/yadc/bp/user.py index 1f4ab57..75a1dce 100644 --- a/yadc/bp/user.py +++ b/yadc/bp/user.py @@ -11,12 +11,8 @@ bp = Blueprint('user', __name__) @bp.route('/@') def profile(username): - user = User.query.filter_by(username=username).first() - - if user is not None: - return render_template('user/profile.html', user=user) - - return redirect(url_for('main.index')) + user = User.query.filter_by(username=username).first_or_404() + return render_template('user/profile.html', user=user) @bp.route('/settings') @login_required diff --git a/yadc/forms.py b/yadc/forms.py index 68ae433..396aecc 100644 --- a/yadc/forms.py +++ b/yadc/forms.py @@ -155,6 +155,7 @@ class PostForm(EditForm): validators=[optional()]) source = StringField('Source', render_kw=dict(placeholder='Source URL', autocomplete='off')) + referer = HiddenField() approve = SubmitField('Approve') class TagForm(EditForm): diff --git a/yadc/templates/post/post.html b/yadc/templates/post/post.html index eec8332..8f9fca6 100644 --- a/yadc/templates/post/post.html +++ b/yadc/templates/post/post.html @@ -33,15 +33,17 @@

Edit

-
+ {{ editform.csrf_token }} {{ editform.id() }} + {{ editform.referer() }} {{ editform.source }} {{ render_tag_input(editform.tags, {'alt-selblock': 'section.sidepanel article.tags .tags-inpage'}) }} {{ editform.edit() }} + {{ editform.approve() }}