即使选择了正确的用户,我也无法删除烧瓶帖子。仅当用户正确但权限被拒绝时才会给出删除选项
我的数据库模型
class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(150), unique=True)
username = db.Column(db.String(15), unique=True)
password = db.Column(db.String(50))
date_created = db.Column(db.DateTime(timezone=True), default=func.now())
posts = db.relationship("Post", backref="user", passive_deletes=True)
class Post(db.Model):
id = db.Column(db.Integer, primary_key=True)
text = db.Column(db.Text, nullable=False)
date_created = db.Column(db.DateTime(timezone=True), default=func.now())
author = db.Column(
db.Integer, db.ForeignKey("user.id", ondelete="CASCADE"), nullable=False
)
通过我的路线删除帖子
@views.route("/delete-post/<id>")
@login_required
def delete_post(id):
post = Post.query.filter_by(id=id).first()
if not post:
flash("Post does not exist.", category='error')
elif current_user.id != post.id:
flash('You do not have permission to delete this post.', category='error')
else:
db.session.delete(post)
db.session.commit()
flash('Post deleted.', category='success')
return redirect(url_for('views.home'))
包含一些 python 代码的 HTML 页面,用于创建和删除帖子广告
{% extends "base.html" %} {% block title %}Home{% endblock %} {% block content
%}
<h1 align="center">{% block header %}Posts{% endblock %}</h1>
<div id="posts">
{% for post in posts %}
<div class="card border-dark">
<div class="card-header d-flex justify-content-between align-items-center">
<a href="/posts/{{post.user.username}}">{{post.user.username}}</a>
{% if user.id == post.author %}
<div class="btn-group">
<button
type="button"
class="btn btn-sm btn-primary dropdown-toggle"
data-bs-toggle="dropdown"
></button>
<ul class="dropdown-menu">
<li>
<a href="/delete-post/{{post.id}}" class="dropdown-item">Delete</a>
</li>
</ul>
</div>
{% endif %}
</div>
<div class="card-body">
<div class="card-text">{{post.text}}</div>
</div>
<div class="card-footer text-muted">{{post.date_created}}</div>
</div>
<br/ > {% endfor %}
</div>
{% block footer %}
<div align="center">
<a href="/create-post"
><button type="button" class="btn btn-primary btn-lg">
Create a Post
</button></a
>
</div>
{% endblock %} {% endblock %}```
我认为你在比较中犯了一个错误。
您比较 user 和 post 的两个 id,而不是比较用户的 id 与外键
post.author
。
@views.route("/delete-post/<id>")
@login_required
def delete_post(id):
post = Post.query.filter_by(id=id).first()
if not post:
flash("Post does not exist.", category='error')
elif current_user.id != post.author:
flash('You do not have permission to delete this post.', category='error')
else:
db.session.delete(post)
db.session.commit()
flash('Post deleted.', category='success')
return redirect(url_for('views.home'))