|
- import os
-
- from flask import (
- Blueprint, render_template,
- flash, request, url_for, redirect, abort, g, send_from_directory, current_app)
- from werkzeug.utils import secure_filename
-
- from calender.auth import login_required
- from calender.db import get_db
-
- bp = Blueprint('calender', __name__)
- ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif'}
-
- #Todo admin interface for managing submit, comments, submission date
-
- @bp.route('/')
- def index():
- db = get_db()
- posts = db.execute(
- 'SELECT p.id, title, body, created, author_id, username, nickname, file'
- ' FROM post p JOIN user u ON p.author_id = u.id'
- ' ORDER BY created DESC'
- ).fetchall()
- # noinspection PyUnresolvedReferences
- return render_template('calender/index.html', posts=posts)
-
-
- @bp.route('/create', methods=('GET', 'POST'))
- @login_required
- def create():
- if request.method == 'POST':
- title = request.form['title']
- nickname = request.form['nickname']
- body = request.form['body']
- # check if the post request has the file part
- if 'file' not in request.files:
- flash('No file part')
- return redirect(request.url)
- file = request.files['file']
- # if user does not select file, browser also
- # submit an empty part without filename
- if file.filename == '':
- flash('No selected file')
- return redirect(request.url)
-
- error = None
-
- if not title:
- error = 'Title is required.'
-
- if error is not None:
- flash(error)
- else:
- if file and allowed_file(file.filename):
- filename = secure_filename(file.filename)
- file.save(os.path.join(current_app.config['UPLOAD_FOLDER'], filename))
- db = get_db()
- db.execute(
- 'INSERT INTO post (title, body, author_id, nickname, file)'
- ' VALUES (?, ?, ?, ?, ?)',
- (title, body, g.user['id'], nickname, url_for('calender.uploaded_file',
- filename=filename))
- )
- db.commit()
- # return redirect(url_for('calender.uploaded_file',filename=filename))
- return redirect(url_for('calender.index'))
-
- return render_template('calender/create.html')
-
-
- def get_post(id, check_author=True):
- post = get_db().execute(
- 'SELECT p.id, title, body, created, author_id, username, nickname, file'
- ' FROM post p JOIN user u ON p.author_id = u.id'
- ' WHERE p.id = ?',
- (id,)
- ).fetchone()
-
- if post is None:
- abort(404, "Post id {0} doesn't exist.".format(id))
-
- if check_author and post['author_id'] != g.user['id']:
- abort(403)
-
- return post
-
-
- @bp.route('/<int:id>/update', methods=('GET', 'POST'))
- @login_required
- def update(id):
- post = get_post(id)
-
- if request.method == 'POST':
- title = request.form['title']
- body = request.form['body']
- error = None
-
- if not title:
- error = 'Title is required.'
-
- if error is not None:
- flash(error)
- else:
- db = get_db()
- db.execute(
- 'UPDATE post SET title = ?, body = ?'
- ' WHERE id = ?',
- (title, body, id)
- )
- db.commit()
- return redirect(url_for('calender.index'))
-
- return render_template('calender/update.html', post=post)
-
-
- @bp.route('/<int:id>/delete', methods=('POST',))
- @login_required
- def delete(id):
- get_post(id)
- db = get_db()
- db.execute('DELETE FROM post WHERE id = ?', (id,))
- db.commit()
- return redirect(url_for('calender.index'))
-
-
- def allowed_file(filename):
- return '.' in filename and \
- filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
-
-
- @bp.route('/uploads/<filename>')
- def uploaded_file(filename):
- return send_from_directory(current_app.config['UPLOAD_FOLDER'],
- filename)
|
