Add admin moderation and deletion system

2024-11-05 10:56:22 +00:00 · 2017-10-05 17:34:39 +01:00 · 2017-10-05 17:34:39 +01:00 · 23f622fe21
commit 23f622fe21
parent 60421dcdfb
2 changed files with 41 additions and 4 deletions
--- a/main.py
+++ b/main.py
@ -1,7 +1,7 @@
 from os import urandom as rand
 #from flaskext.mysql import MySQL
 import pymysql
-from flask import Flask, render_template, session, redirect, url_for, request, flash
+from flask import Flask, render_template, session, redirect, url_for, request, flash, abort
 from passlib.context import CryptContext
 import pprint

@ -93,7 +93,35 @@ def index():
@app.route("/quotes")
 def quoutepage():
    retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC")
-    return gen_page("quote_view.html", retdata)
+    try:
+        isAdmin = session['isAdmin']
+    except KeyError:
+        isAdmin = False
+    return gen_page("quote_view.html", [retdata, isAdmin])
+
+@app.route("/deletequote")
+def deletequoute():
+    try:
+        if session['isAdmin']:
+            del_id = request.args.get('id', type=int)
+            if not del_id:
+                abort(400)
+
+            #Check the record exists
+            try:
+                mysql_do("SELECT * FROM Quotes WHERE id=%d" % (del_id))[0]
+            except IndexError:
+                abort(400)
+
+            mysql_do("DELETE FROM Quotes WHERE id=%d;" % (del_id))
+            flash("INFO: Quote Deleted", "success")
+            return redirect(request.referrer or url_for("index"))
+        else:
+            abort(403)
+    except KeyError:
+        abort(403)
+
+

@app.route("/login", methods=['GET', 'POST'])
 def login():
@ -208,6 +236,7 @@ def addquote():
@app.context_processor
 def utility_processor():
    def uid_to_user(uid):
+        # This probably needs optimizing
        for user in userdb:
            if user[0] == uid:
                return user[1]
--- a/templates/quote_view.html
+++ b/templates/quote_view.html
@ -25,15 +25,23 @@
          <th>User</th>
          <th>Quote</th>
          <th>Context</th>
+          {% if data[1] %}
+          <th>Added By:</th>
+          <th><span class="glyphicon glyphicon-trash"></span></th>
+          {% endif %}
        </tr>
      </thead>
      <tbody>
-  {% for entry in data %}
+  {% for entry in data[0] %}
        <tr>
-          <td>{{ "{:%Y/%m/%d %H:%M:%S}".format(entry[2]) }}</td>
+          <td><a href="/">{{ entry[2] }}</a></td>
          <td>{{ uid_to_user(entry[3]) }}</td>
          <td>{{ entry[1] }}</td>
          <td>{{ entry[4] }}</td>
+          {% if data[1] %}
+          <td>{{ uid_to_user(entry[5]) }}</td>
+          <td><a href="/deletequote?id={{ entry[0] }}" class="btn btn-danger"role="button" ><span class="glyphicon glyphicon-trash"></span></a></td>
+          {% endif %}
        </tr>
  {% endfor %}
      </tbody>