From 23f622fe21ea69deaf06c3d0d5d74a9e0905242c Mon Sep 17 00:00:00 2001 From: Adam Dodman Date: Thu, 5 Oct 2017 17:34:39 +0100 Subject: [PATCH] Add admin moderation and deletion system --- main.py | 33 +++++++++++++++++++++++++++++++-- templates/quote_view.html | 12 ++++++++++-- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/main.py b/main.py index a03daed..a7182a0 100644 --- a/main.py +++ b/main.py @@ -1,7 +1,7 @@ from os import urandom as rand #from flaskext.mysql import MySQL import pymysql -from flask import Flask, render_template, session, redirect, url_for, request, flash +from flask import Flask, render_template, session, redirect, url_for, request, flash, abort from passlib.context import CryptContext import pprint @@ -93,7 +93,35 @@ def index(): @app.route("/quotes") def quoutepage(): retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC") - return gen_page("quote_view.html", retdata) + try: + isAdmin = session['isAdmin'] + except KeyError: + isAdmin = False + return gen_page("quote_view.html", [retdata, isAdmin]) + +@app.route("/deletequote") +def deletequoute(): + try: + if session['isAdmin']: + del_id = request.args.get('id', type=int) + if not del_id: + abort(400) + + #Check the record exists + try: + mysql_do("SELECT * FROM Quotes WHERE id=%d" % (del_id))[0] + except IndexError: + abort(400) + + mysql_do("DELETE FROM Quotes WHERE id=%d;" % (del_id)) + flash("INFO: Quote Deleted", "success") + return redirect(request.referrer or url_for("index")) + else: + abort(403) + except KeyError: + abort(403) + + @app.route("/login", methods=['GET', 'POST']) def login(): @@ -208,6 +236,7 @@ def addquote(): @app.context_processor def utility_processor(): def uid_to_user(uid): + # This probably needs optimizing for user in userdb: if user[0] == uid: return user[1] diff --git a/templates/quote_view.html b/templates/quote_view.html index 39c585d..8dc0b69 100644 --- a/templates/quote_view.html +++ b/templates/quote_view.html @@ -25,15 +25,23 @@ User Quote Context + {% if data[1] %} + Added By: + + {% endif %} - {% for entry in data %} + {% for entry in data[0] %} - {{ "{:%Y/%m/%d %H:%M:%S}".format(entry[2]) }} + {{ entry[2] }} {{ uid_to_user(entry[3]) }} {{ entry[1] }} {{ entry[4] }} + {% if data[1] %} + {{ uid_to_user(entry[5]) }} + + {% endif %} {% endfor %}