diff options
| -rw-r--r-- | apioforum/templates/common.html | 15 | ||||
| -rw-r--r-- | apioforum/thread.py | 16 | 
2 files changed, 24 insertions, 7 deletions
| diff --git a/apioforum/templates/common.html b/apioforum/templates/common.html index ff20644..8fcf5fe 100644 --- a/apioforum/templates/common.html +++ b/apioforum/templates/common.html @@ -17,13 +17,18 @@              {% endif %}          </span>          <span class="post-heading-b"> -        {% if buttons and post.author == g.user %} -            <a class="actionbutton" -               href="{{url_for('thread.edit_post',post_id=post.id)}}">edit</a> +        {% if buttons %} +            {% if post.author == g.user %} +                <a class="actionbutton" +                   href="{{url_for('thread.edit_post',post_id=post.id)}}">edit</a> +                <a class="actionbutton" +                   href="{{url_for('thread.delete_post',post_id=post.id)}}">delete</a> +            {% endif %}              <a class="actionbutton" -               href="{{url_for('thread.delete_post',post_id=post.id)}}">delete</a> +               href="{{url_for('thread.view_post',post_id=post.id)}}">src</a>          {% endif %} -		<a class="post-anchor-link" href="{{post_url(post)}}">#{{post.id}}</a> +             +	<a class="post-anchor-link" href="{{post_url(post)}}">#{{post.id}}</a>          </span>      </div>      <div class="post-content md"> diff --git a/apioforum/thread.py b/apioforum/thread.py index 4bb3c86..e6d3690 100644 --- a/apioforum/thread.py +++ b/apioforum/thread.py @@ -84,8 +84,7 @@ def edit_post(post_id):      post = db.execute("SELECT * FROM posts WHERE id = ?",(post_id,)).fetchone()      if post is None:          flash("that post doesn't exist") -        # todo: index route -        return redirect("/") +        return redirect(url_for('index'))      if post['author'] != g.user:          flash("you can only edit posts that you created") @@ -107,6 +106,19 @@ def edit_post(post_id):          else:              flash(err)      return render_template("edit_post.html",post=post) + +@bp.route("/view_post/<int:post_id>") +def view_post(post_id): +    db = get_db() +    post = db.execute("SELECT * FROM posts WHERE id = ?",(post_id,)).fetchone() +    if post is None: +        flash("that post doesn't exist") +        return redirect(url_for('index')) + +    # when we have permissions, insert permissions check here +    return render_template("view_post.html",post=post) +     +      @bp.route("/<int:thread_id>/config",methods=["GET","POST"])  def config_thread(thread_id): | 
