mirror of
https://github.com/Adam-Ant/QuotesDB
synced 2024-12-20 11:34:35 +00:00
Add admin moderation and deletion system
This commit is contained in:
parent
60421dcdfb
commit
23f622fe21
33
main.py
33
main.py
@ -1,7 +1,7 @@
|
|||||||
from os import urandom as rand
|
from os import urandom as rand
|
||||||
#from flaskext.mysql import MySQL
|
#from flaskext.mysql import MySQL
|
||||||
import pymysql
|
import pymysql
|
||||||
from flask import Flask, render_template, session, redirect, url_for, request, flash
|
from flask import Flask, render_template, session, redirect, url_for, request, flash, abort
|
||||||
from passlib.context import CryptContext
|
from passlib.context import CryptContext
|
||||||
import pprint
|
import pprint
|
||||||
|
|
||||||
@ -93,7 +93,35 @@ def index():
|
|||||||
@app.route("/quotes")
|
@app.route("/quotes")
|
||||||
def quoutepage():
|
def quoutepage():
|
||||||
retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC")
|
retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC")
|
||||||
return gen_page("quote_view.html", retdata)
|
try:
|
||||||
|
isAdmin = session['isAdmin']
|
||||||
|
except KeyError:
|
||||||
|
isAdmin = False
|
||||||
|
return gen_page("quote_view.html", [retdata, isAdmin])
|
||||||
|
|
||||||
|
@app.route("/deletequote")
|
||||||
|
def deletequoute():
|
||||||
|
try:
|
||||||
|
if session['isAdmin']:
|
||||||
|
del_id = request.args.get('id', type=int)
|
||||||
|
if not del_id:
|
||||||
|
abort(400)
|
||||||
|
|
||||||
|
#Check the record exists
|
||||||
|
try:
|
||||||
|
mysql_do("SELECT * FROM Quotes WHERE id=%d" % (del_id))[0]
|
||||||
|
except IndexError:
|
||||||
|
abort(400)
|
||||||
|
|
||||||
|
mysql_do("DELETE FROM Quotes WHERE id=%d;" % (del_id))
|
||||||
|
flash("INFO: Quote Deleted", "success")
|
||||||
|
return redirect(request.referrer or url_for("index"))
|
||||||
|
else:
|
||||||
|
abort(403)
|
||||||
|
except KeyError:
|
||||||
|
abort(403)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@app.route("/login", methods=['GET', 'POST'])
|
@app.route("/login", methods=['GET', 'POST'])
|
||||||
def login():
|
def login():
|
||||||
@ -208,6 +236,7 @@ def addquote():
|
|||||||
@app.context_processor
|
@app.context_processor
|
||||||
def utility_processor():
|
def utility_processor():
|
||||||
def uid_to_user(uid):
|
def uid_to_user(uid):
|
||||||
|
# This probably needs optimizing
|
||||||
for user in userdb:
|
for user in userdb:
|
||||||
if user[0] == uid:
|
if user[0] == uid:
|
||||||
return user[1]
|
return user[1]
|
||||||
|
@ -25,15 +25,23 @@
|
|||||||
<th>User</th>
|
<th>User</th>
|
||||||
<th>Quote</th>
|
<th>Quote</th>
|
||||||
<th>Context</th>
|
<th>Context</th>
|
||||||
|
{% if data[1] %}
|
||||||
|
<th>Added By:</th>
|
||||||
|
<th><span class="glyphicon glyphicon-trash"></span></th>
|
||||||
|
{% endif %}
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
{% for entry in data %}
|
{% for entry in data[0] %}
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{ "{:%Y/%m/%d %H:%M:%S}".format(entry[2]) }}</td>
|
<td><a href="/">{{ entry[2] }}</a></td>
|
||||||
<td>{{ uid_to_user(entry[3]) }}</td>
|
<td>{{ uid_to_user(entry[3]) }}</td>
|
||||||
<td>{{ entry[1] }}</td>
|
<td>{{ entry[1] }}</td>
|
||||||
<td>{{ entry[4] }}</td>
|
<td>{{ entry[4] }}</td>
|
||||||
|
{% if data[1] %}
|
||||||
|
<td>{{ uid_to_user(entry[5]) }}</td>
|
||||||
|
<td><a href="/deletequote?id={{ entry[0] }}" class="btn btn-danger"role="button" ><span class="glyphicon glyphicon-trash"></span></a></td>
|
||||||
|
{% endif %}
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</tbody>
|
</tbody>
|
||||||
|
Loading…
Reference in New Issue
Block a user