add delete post route

app/routes/posts.py

@@ -1,9 +1,10 @@
-from flask import Blueprint, abort, render_template, redirect, url_for, request
+from flask import Blueprint, abort, render_template, redirect, url_for, request, flash
 from functools import wraps
 from ..auth import login_required, get_active_user
-from ..models import Posts, Threads
+from ..models import Posts, Threads, Topics
 from ..util import get_post_url
 from ..db import db
+from ..constants import InfoboxKind
 
 bp = Blueprint('posts', __name__, url_prefix='/posts/')
 
@@ -39,12 +40,15 @@ def ownership_or_mod_required(view_func):
 @ownership_required
 def edit(post_id):
     post = Posts.find({'id': post_id})
+    if not post:
+        abort(404)
+
     thread = Threads.find({'id': post.thread_id})
-    user = get_active_user()
     if not thread:
         # what?
         abort(404)
 
+    user = get_active_user()
     if thread.locked() and not user.is_mod():
         abort(403)
 
@@ -66,12 +70,15 @@ def edit(post_id):
 @ownership_required
 def edit_post(post_id):
     post = Posts.find({'id': post_id})
+    if not post:
+        abort(404)
+
     thread = Threads.find({'id': post.thread_id})
-    user = get_active_user()
     if not thread:
         # what?
         abort(404)
 
+    user = get_active_user()
     if thread.locked() and not user.is_mod():
         abort(403)
 
@@ -83,4 +90,46 @@ def edit_post(post_id):
 @login_required
 @ownership_or_mod_required
 def delete(post_id):
-    return 'stub'
+    post = Posts.find({'id': post_id})
+    if not post:
+        abort(404)
+
+    thread = Threads.find({'id': post.thread_id})
+    if not thread:
+        # what?
+        abort(404)
+
+    user = get_active_user()
+    if thread.locked() and not user.is_mod():
+        abort(403)
+
+    return render_template('posts/delete.html', post=post.get_full_post_view())
+
+
+@bp.post('/<int:post_id>/delete/')
+@login_required
+@ownership_or_mod_required
+def delete_post(post_id):
+    post = Posts.find({'id': post_id})
+    if not post:
+        abort(404)
+
+    thread = Threads.find({'id': post.thread_id})
+    if not thread:
+        # what?
+        abort(404)
+
+    user = get_active_user()
+    if thread.locked() and not user.is_mod():
+        abort(403)
+
+    post.delete()
+
+    if Posts.count({'thread_id': thread.id}) == 0:
+        topic = Topics.find({'id': thread.topic_id})
+        thread.delete()
+        flash('Thread deleted.', InfoboxKind.INFO)
+        return redirect(url_for('topics.topic_by_id', topic_id=topic.id))
+
+    flash('Post deleted.', InfoboxKind.INFO)
+    return redirect(url_for('threads.thread_by_id', thread_id=thread.id))

app/routes/threads.py

@@ -192,4 +192,4 @@ def new_post():
     content = request.form.get('babycode_content')
 
     thread = Threads.new(user.id, topic.id, title, content)
-    return redirect(url_for('.thread', slug=thread.slug))
+    return redirect(url_for('.thread_by_id', thread_id=thread.id))

app/routes/users.py

@@ -24,6 +24,19 @@ def redirect_if_logged_in(destination='topics.all_topics'):
         return wrapper
     return decorator
 
+def redirect_to_own(view_func):
+    @wraps(view_func)
+    def wrapper(username, *args, **kwargs):
+        user = get_active_user()
+        if username.lower() != user.username:
+            view_args = dict(request.view_args)
+            view_args.pop('username', None)
+            new_args = {**view_args, 'username': user.username}
+            return redirect(url_for(request.endpoint, **new_args))
+        return view_func(username, *args, **kwargs)
+    return wrapper
+
+
 @bp.get('/log-in/')
 @redirect_if_logged_in()
 def log_in():
@@ -166,16 +179,22 @@ def comments(username):
     return 'stub'
 
 @bp.get('/<username>/settings/')
+@login_required
+@redirect_to_own
 def settings(username):
     username = username.lower()
     return 'stub'
 
 @bp.get('/<username>/inbox/')
+@login_required
+@redirect_to_own
 def inbox(username):
     username = username.lower()
     return 'stub'
 
 @bp.get('/<username>/bookmarks/')
+@login_required
+@redirect_to_own
 def bookmarks(username):
     username = username.lower()
     return 'stub'

app/templates/posts/delete.html

@@ -0,0 +1,16 @@
+{%- from 'common/macros.html' import subheader -%}
+{%- from 'common/macros.html' import full_post with context -%}
+{%- extends 'base.html' -%}
+{%- block title -%}deleting a post{%- endblock -%}
+{%- block content -%}
+  {%- call() subheader("Delete post", "Are you sure you want to delete this post? This action can not be undone.") -%}
+  <form method="POST">
+    <fieldset class="plank minimal even no-shadow thread-actions">
+        <legend>Please confirm</legend>
+        <a href="{{get_post_url(post.id, _anchor=true)}}" class="linkbutton">Cancel</a>
+        <input type="submit" value="Delete" class="critical">
+    </fieldset>
+  </form>
+  {%- endcall -%}
+  <div class="post plank">{{- full_post(post=post, show_toolbar=false, show_reactions=false) -}}</div>
+{%- endblock -%}

app/templates/posts/edit.html

@@ -1,7 +1,12 @@
+{%- from 'common/macros.html' import subheader -%}
 {%- from 'common/macros.html' import full_post with context -%}
 {%- extends 'base.html' -%}
 {%- block title -%}editing a post{%- endblock -%}
 {%- block content -%}
+  {%- set nav -%}
+    <a href="{{get_post_url(post.id, _anchor=true)}}">&larr; Back to thread</a>
+  {%- endset -%}
+  {{ subheader("Editing your post", nav)}}
   {%- for post in context_prev -%}
   <div class="post plank">{{- full_post(post=post, show_toolbar=false, show_reactions=false) -}}</div>
   {%- endfor -%}