From 23f622fe21ea69deaf06c3d0d5d74a9e0905242c Mon Sep 17 00:00:00 2001
From: Adam Dodman <adam.dodman@gmx.com>
Date: Thu, 5 Oct 2017 17:34:39 +0100
Subject: [PATCH] Add admin moderation and deletion system

---
 main.py                   | 33 +++++++++++++++++++++++++++++++--
 templates/quote_view.html | 12 ++++++++++--
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/main.py b/main.py
index a03daed..a7182a0 100644
--- a/main.py
+++ b/main.py
@@ -1,7 +1,7 @@
 from os import urandom as rand
 #from flaskext.mysql import MySQL
 import pymysql
-from flask import Flask, render_template, session, redirect, url_for, request, flash
+from flask import Flask, render_template, session, redirect, url_for, request, flash, abort
 from passlib.context import CryptContext
 import pprint
 
@@ -93,7 +93,35 @@ def index():
 @app.route("/quotes")
 def quoutepage():
     retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC")
-    return gen_page("quote_view.html", retdata)
+    try:
+        isAdmin = session['isAdmin']
+    except KeyError:
+        isAdmin = False
+    return gen_page("quote_view.html", [retdata, isAdmin])
+
+@app.route("/deletequote")
+def deletequoute():
+    try:
+        if session['isAdmin']:
+            del_id = request.args.get('id', type=int)
+            if not del_id:
+                abort(400)
+
+            #Check the record exists
+            try:
+                mysql_do("SELECT * FROM Quotes WHERE id=%d" % (del_id))[0]
+            except IndexError:
+                abort(400)
+
+            mysql_do("DELETE FROM Quotes WHERE id=%d;" % (del_id))
+            flash("INFO: Quote Deleted", "success")
+            return redirect(request.referrer or url_for("index"))
+        else:
+            abort(403)
+    except KeyError:
+        abort(403)
+
+
 
 @app.route("/login", methods=['GET', 'POST'])
 def login():
@@ -208,6 +236,7 @@ def addquote():
 @app.context_processor
 def utility_processor():
     def uid_to_user(uid):
+        # This probably needs optimizing
         for user in userdb:
             if user[0] == uid:
                 return user[1]
diff --git a/templates/quote_view.html b/templates/quote_view.html
index 39c585d..8dc0b69 100644
--- a/templates/quote_view.html
+++ b/templates/quote_view.html
@@ -25,15 +25,23 @@
           <th>User</th>
           <th>Quote</th>
           <th>Context</th>
+          {% if data[1] %}
+          <th>Added By:</th>
+          <th><span class="glyphicon glyphicon-trash"></span></th>
+          {% endif %}
         </tr>
       </thead>
       <tbody>
-  {% for entry in data %}
+  {% for entry in data[0] %}
         <tr>
-          <td>{{ "{:%Y/%m/%d %H:%M:%S}".format(entry[2]) }}</td>
+          <td><a href="/">{{ entry[2] }}</a></td>
           <td>{{ uid_to_user(entry[3]) }}</td>
           <td>{{ entry[1] }}</td>
           <td>{{ entry[4] }}</td>
+          {% if data[1] %}
+          <td>{{ uid_to_user(entry[5]) }}</td>
+          <td><a href="/deletequote?id={{ entry[0] }}" class="btn btn-danger"role="button" ><span class="glyphicon glyphicon-trash"></span></a></td>
+          {% endif %}
         </tr>
   {% endfor %}
       </tbody>