from flask import ( Blueprint, flash, g, redirect, render_template, request, url_for ) from werkzeug.exceptions import abort from flaskr.auth import login_required from flaskr.db import db, Post, User bp = Blueprint('blog', __name__) @bp.route('/') def index(): posts = Post.query.join(User).order_by(Post.created.desc()).all() return render_template('blog/index.html', posts=posts) @bp.route('/create', methods=('GET', 'POST')) @login_required def create(): if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db.session.add(Post(title=title, body=body, user_id=g.user.id)) db.session.commit() return redirect(url_for('blog.index')) return render_template('blog/create.html') def get_post(id, check_author=True): post = Post.query.filter_by(id=id).first() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_author and post.user_id != g.user.id: abort(403) return post @bp.route('//update', methods=('GET', 'POST')) @login_required def update(id): post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: post = Post.query.filter_by(id=id).first() post.title = title post.body = body db.session.commit() return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post) @bp.route('//delete', methods=('POST',)) @login_required def delete(id): db.session.delete(get_post(id)) db.session.commit() return redirect(url_for('blog.index'))