12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 |
- from flask import (
- Blueprint, flash, g, redirect, render_template, request, url_for
- )
- from werkzeug.exceptions import abort
-
- from flaskr.auth import login_required
- from flaskr.db import get_db
-
- bp = Blueprint('blog', __name__)
-
- @bp.route('/')
- def index():
- db = get_db()
- posts = db.execute(
- 'SELECT p.id, title, body, created, author_id, username'
- ' FROM post p JOIN user u ON p.author_id = u.id'
- ' ORDER BY created DESC'
- ).fetchall()
- return render_template('blog/index.html', posts=posts)
-
- @bp.route('/create', methods=('GET', 'POST'))
- @login_required
- def create():
- if request.method == 'POST':
- title = request.form['title']
- body = request.form['body']
- error = None
-
- if not title:
- error = 'Title is required.'
-
- if error is not None:
- flash(error)
- else:
- db = get_db()
- db.execute(
- 'INSERT INTO post (title, body, author_id)'
- ' VALUES (?, ?, ?)',
- (title, body, g.user['id'])
- )
- db.commit()
- return redirect(url_for('blog.index'))
-
- return render_template('blog/create.html')
-
- def get_post(id, check_author=True):
- post = get_db().execute(
- 'SELECT p.id, title, body, created, author_id, username'
- ' FROM post p JOIN user u ON p.author_id = u.id'
- ' WHERE p.id = ?',
- (id,)
- ).fetchone()
-
- if post is None:
- abort(404, "Post id {0} doesn't exist.".format(id))
-
- if check_author and post['author_id'] != g.user['id']:
- abort(403)
-
- return post
-
- @bp.route('/<int:id>/update', methods=('GET', 'POST'))
- @login_required
- def update(id):
- post = get_post(id)
-
- if request.method == 'POST':
- title = request.form['title']
- body = request.form['body']
- error = None
-
- if not title:
- error = 'Title is required.'
-
- if error is not None:
- flash(error)
- else:
- db = get_db()
- db.execute(
- 'UPDATE post SET title = ?, body = ?'
- ' WHERE id = ?',
- (title, body, id)
- )
- db.commit()
- return redirect(url_for('blog.index'))
-
- return render_template('blog/update.html', post=post)
-
- @bp.route('/<int:id>/delete', methods=('POST',))
- @login_required
- def delete(id):
- get_post(id)
- db = get_db()
- db.execute('DELETE FROM post WHERE id = ?', (id,))
- db.commit()
- return redirect(url_for('blog.index'))
|