@bp.route('/')defindex():db=get_db()posts=db.execute('SELECT p.id, title, body, created, author_id, username'' FROM post p JOIN user u ON p.author_id = u.id'' ORDER BY created DESC').fetchall()returnrender_template('blog/index.html',posts=posts)
@bp.route('/create',methods=['GET','POST'])@login_requireddefcreate():ifrequest.method=='POST':title=request.form['title']body=request.form['body']error=Noneifnottitle:error='Title is required'iferrorisnotNone:flash(error)else:db=get_db()db.execute('INSERT INTO post (title, body, author_id)'' VALUES (?,?,?)',(title,body,g.user['id']))db.commit()returnredirect(url_for('blog.index'))returnrender_template('blog/create.html')
defget_post(id,check_author=True):post=get_db().execute('SELECT p.id, title, body, created, author_id, username'' FROM post p JOIN user u ON p.author_id = u.id'' WHERE p.id = ?',(id,)).fetchone()ifpostisNone:abort(404,"Post id {0} doesn't exist".format(id))ifcheck_authorandpost['author_id']!=g.user['id']:abort(403)returnpost
@bp.route('/<int:id>/update',methods=['GET','POST'])@login_requireddefupdate(id):post=get_post(id)ifrequest.method=='POST':title=request.form['title']body=request.form['body']error=Noneifnottitle:error='Title is required'iferrorisnotNone:flash(error)else:db=get_db()db.execute('UPDATE post SET title = ?, body = ?'' WHERE id = ?',(title,body,id))db.commit()returnredirect(url_for('blog.index'))returnrender_template('blog/update.html',post=post)
{% extends 'base.html' %}
{% block header %}
<h1>{% block title %}Edit "{{ post['title'] }}"{% endblock %}</h1>{% endblock %}
{% block content %}
<formmethod="POST"><labelfor="title">Title</label><inputid="title"name="title"value="{{ request.form['title'] or post['title']}}"required/><labelfor="body">Body</label><textareaname="body"id="body">{{ request.form['body'] or post['body'] }}</textarea><inputtype="submit"value="Save"/></form><hr/><formmethod="POST"action="{{url_for('blog.delete', id=post['id'])}}"><inputclass="danger"type="submit"value="Delete"onclick="return confirm('Are you sure?');"/></form>{% endblock %}
{{ request.form['title'] or post['title'] }}用来选择表单中显示的数据,当表单没有被提交时,原始的post的数据将会显示,但是如果无效的表单数据被提交,我们希望显示这个错误的数据,并让用户去修改此错误,因此使用request.form['title']。request是另一个变量,可以自动在模板中使用。
@bp.route('/<int:id>/delete',methods=['POST'])@login_requireddefdelete(id):get_post(id)db=get_db()db.execute('DELETE FROM post where id = ?',(id,))db.commit()returnredirect(url_for('blog.index'))