diff --git a/app/routes/threads.py b/app/routes/threads.py index 994c970..bc73c45 100644 --- a/app/routes/threads.py +++ b/app/routes/threads.py @@ -1,10 +1,24 @@ from flask import Blueprint, redirect, url_for, render_template, request, abort +from functools import wraps from ..auth import login_required, get_active_user from ..models import Threads, Posts, Topics, Users, Reactions import math bp = Blueprint('threads', __name__, url_prefix='/threads/') +def ownership_or_mod_required(view_func): + @wraps(view_func) + def wrapper(*args, **kwargs): + thread = Threads.find({'id': kwargs.get('thread_id', None)}) + if not thread: + abort(404) + + if thread.user_id != get_active_user().id and not get_active_user().is_mod(): + abort(403) + + return view_func(*args, **kwargs) + return wrapper + @bp.get('//') def thread_by_id(thread_id): thread = Threads.find({'id': thread_id}) @@ -57,6 +71,18 @@ def reply(thread_id): post = Posts.new(user.id, thread.id, request.form.get('babycode_content')) return redirect(url_for('.thread_by_id', thread_id=thread_id, after=post.id, _anchor=f'post-{post.id}')) +@bp.get('//edit/') +@login_required +@ownership_or_mod_required +def edit(thread_id): + return 'stub' + +@bp.post('//edit/') +@login_required +@ownership_or_mod_required +def edit_post(thread_id): + return 'stub' + @bp.get('//feed.atom/') def feed(thread_id): return 'stub' diff --git a/app/templates/threads/thread.html b/app/templates/threads/thread.html index 76aeb8d..78b5d75 100644 --- a/app/templates/threads/thread.html +++ b/app/templates/threads/thread.html @@ -20,6 +20,9 @@
Actions {%- if is_logged_in() -%} + {%- if thread.user_id == get_active_user().id -%} + Edit… + {%- endif -%} {%- endif -%} @@ -28,6 +31,9 @@ {%- if is_mod() -%}
Moderation actions + {%- if thread.user_id != get_active_user().id -%} + Edit… + {%- endif -%}