-
Notifications
You must be signed in to change notification settings - Fork 0
/
post_comment.py
95 lines (92 loc) · 5.07 KB
/
post_comment.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#-*- encoding: utf-8 -*-
import sqlite3
import markdown
import unicodedata as ud
from flask import render_template, g, url_for, redirect, request, Markup, session
from dota2 import app
from datetime import datetime
from droits import get_droits
def connect_db(base):
return sqlite3.connect(base)
@app.route('/post_comment/', methods=['GET', 'POST'])
@app.route('/post_comment/<int:id_genre>', methods=['GET', 'POST'])
def post_comment(id_genre=None):
if 'logged_in' in session:
if (request.method == 'POST'):
if request.form['mode_post'].encode('utf-8') == 'Prévisualisation':
entries = dict(genre=request.form['genre'],
id_genre=id_genre,
comment=request.form['comment'])
return render_template('post_comment.html',
entries=entries, comment=entries['comment'], id_comment=None, prevu=1)
if request.form['mode_post'] == 'Edition':
id_comment = request.args.get('id_comment', '')
if id_comment != None:
g.db = connect_db(app.config['USER_DB'])
cur = g.db.execute('select * from commentaire where id = ?',
[id_comment])
entries = [dict(id_genre=row[1], autor=row[3],
genre=row[2], comment=row[4]) for row in cur.fetchall()]
if not (entries[0]['autor'] == session['user_login'] or (entries[0]['autor'] != session['user_login'] and get_droits(session['user_id'])['news'] == 1)
or (entries[0]['autor'] != session['user_login'] and get_droits(session['user_id'])['adm'] == 1)):
g.db.close()
return redirect(url_for('default'))
else:
g.db.close()
return render_template('post_comment.html',
id_comment=id_comment,
entries=entries[0])
if request.form['mode_post'].encode('utf-8') == 'Avancé':
print request.form['mode_post']
entries = dict(genre=request.form['genre'],
id_genre=id_genre,
comment=request.form['comment'])
return render_template('post_comment.html',
entries=entries)
temp = request.args.get('id_comment', '')
if request.form['comment'] == '':
if request.form['genre'] == 'news':
return redirect(url_for('news', id_news=id_genre))
else:
return redirect(url_for('guide', id=id_genre))
if (temp != ''):
id_comment = int(temp)
else:
id_comment = 0
if (id_comment != 0):
g.db = connect_db(app.config['USER_DB'])
cur = g.db.execute('select * from commentaire where id = ?', [id_comment])
entries = [dict(id_genre=row[1], autor=row[4],
genre=row[2]) for row in cur.fetchall()]
if not (entries[0]['autor'] == session['user_login'] or (entries[0]['autor'] != session['user_login'] and get_droits(session['user_id'])['news'] == 1)
or (entries[0]['autor'] != session['user_login'] and get_droits(session['user_id'])['adm'] == 1)):
g.db.close()
return redirect(url_for('default'))
g.db.execute('update commentaire set content_untouch = ?, content_markup = ?, date_last_modif = ? where id = ?',
[request.form['comment'],
markdown.markdown(Markup.escape(request.form['comment'])),
datetime.today(), id_comment])
g.db.commit()
g.db.close()
if (entries[0]['genre'] == 'news'):
return redirect(url_for('news', id_news=id_genre))
else:
return redirect(url_for('guide', id=id_genre))
g.db = connect_db(app.config['USER_DB'])
g.db.execute('insert into commentaire (id_genre, genre, autor, content_untouch, content_markup, date_create, date_last_modif) values (?, ?, ?, ?, ?, ?, ?)',
[id_genre,
request.form['genre'],
session['user_login'],
request.form['comment'],
markdown.markdown(Markup.escape(request.form['comment'])),
datetime.today(), datetime.today()])
g.db.commit()
g.db.close()
if (request.form['genre'] == 'news'):
return redirect(url_for('news', id_news=id_genre))
else:
return redirect(url_for('guide', id=id_genre))
else:
return redirect(url_for('default'))
else:
return redirect(url_for('default'))