yagich/pyrom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

return 404 where it makes sense

Browse Source
This commit is contained in:
Lera Elvoé
2025-12-03 08:07:03 +03:00
parent 7c037d1593
commit a7876ca410
4 changed files with 31 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/routes/posts.py
View File

@@ -71,7 +71,8 @@ def update_post(post_id, new_content, markup_language='babycode'):
def delete(post_id):
post = Posts.find({'id': post_id})
if not post:
return redirect(url_for('topics.all_topics'))
abort(404)
return
thread = Threads.find({'id': post.thread_id})
user = get_active_user()
@@ -103,13 +104,15 @@ def delete(post_id):
def edit(post_id):
post = Posts.find({'id': post_id})
if not post:
return redirect(url_for('topics.all_topics'))
abort(404)
return
user = get_active_user()
q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?"
editing_post = db.fetch_one(q, post_id)
if not editing_post:
return redirect(url_for('topics.all_topics'))
abort(404)
return
if editing_post['user_id'] != user.id:
return redirect(url_for('topics.all_topics'))
@@ -136,7 +139,8 @@ def edit_form(post_id):
user = get_active_user()
post = Posts.find({'id': post_id})
if not post:
return redirect(url_for('topics.all_topics'))
abort(404)
return
if post.user_id != user.id:
return redirect(url_for('topics.all_topics'))