87 lines
2.5 KiB
Python
87 lines
2.5 KiB
Python
from flask import Blueprint, abort, render_template, redirect, url_for, request
|
|
from functools import wraps
|
|
from ..auth import login_required, get_active_user
|
|
from ..models import Posts, Threads
|
|
from ..util import get_post_url
|
|
from ..db import db
|
|
|
|
bp = Blueprint('posts', __name__, url_prefix='/posts/')
|
|
|
|
def ownership_required(view_func):
|
|
@wraps(view_func)
|
|
def wrapper(*args, **kwargs):
|
|
post = Posts.find({'id': kwargs.get('post_id', None)})
|
|
user = get_active_user()
|
|
if not post:
|
|
abort(404)
|
|
|
|
if post.user_id != user.id:
|
|
abort(403)
|
|
|
|
return view_func(*args, **kwargs)
|
|
return wrapper
|
|
|
|
def ownership_or_mod_required(view_func):
|
|
@wraps(view_func)
|
|
def wrapper(*args, **kwargs):
|
|
post = Posts.find({'id': kwargs.get('post_id', None)})
|
|
if not post:
|
|
abort(404)
|
|
|
|
if post.user_id != get_active_user().id and not get_active_user().is_mod():
|
|
abort(403)
|
|
|
|
return view_func(*args, **kwargs)
|
|
return wrapper
|
|
|
|
@bp.get('/<int:post_id>/edit/')
|
|
@login_required
|
|
@ownership_required
|
|
def edit(post_id):
|
|
post = Posts.find({'id': post_id})
|
|
thread = Threads.find({'id': post.thread_id})
|
|
user = get_active_user()
|
|
if not thread:
|
|
# what?
|
|
abort(404)
|
|
|
|
if thread.locked() and not user.is_mod():
|
|
abort(403)
|
|
|
|
thread_predicate = f'{Posts.FULL_POSTS_QUERY} WHERE posts.thread_id = ?'
|
|
|
|
context_prev_q = f'{thread_predicate} AND posts.created_at < ? ORDER BY posts.created_at DESC LIMIT 2'
|
|
context_next_q = f'{thread_predicate} AND posts.created_at > ? ORDER BY posts.created_at ASC LIMIT 2'
|
|
|
|
context_next = db.query(context_next_q, thread.id, post.created_at)
|
|
context_prev = db.query(context_prev_q, thread.id, post.created_at)
|
|
|
|
return render_template(
|
|
'posts/edit.html', post=post.get_full_post_view(),
|
|
context_next=context_next, context_prev=context_prev
|
|
)
|
|
|
|
@bp.post('/<int:post_id>/edit/')
|
|
@login_required
|
|
@ownership_required
|
|
def edit_post(post_id):
|
|
post = Posts.find({'id': post_id})
|
|
thread = Threads.find({'id': post.thread_id})
|
|
user = get_active_user()
|
|
if not thread:
|
|
# what?
|
|
abort(404)
|
|
|
|
if thread.locked() and not user.is_mod():
|
|
abort(403)
|
|
|
|
post.edit(request.form.get('babycode_content', ''))
|
|
|
|
return redirect(get_post_url(post.id, _anchor=True))
|
|
|
|
@bp.get('/<int:post_id>/delete/')
|
|
@login_required
|
|
@ownership_or_mod_required
|
|
def delete(post_id):
|
|
return 'stub'
|