删除 Flask 上的帖子

问题描述 投票:0回答:1

即使选择了正确的用户,我也无法删除烧瓶帖子。仅当用户正确但权限被拒绝时才会给出删除选项

我的数据库模型

class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(150), unique=True)
    username = db.Column(db.String(15), unique=True)
    password = db.Column(db.String(50))
    date_created = db.Column(db.DateTime(timezone=True), default=func.now())
    posts = db.relationship("Post", backref="user", passive_deletes=True)


class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    text = db.Column(db.Text, nullable=False)
    date_created = db.Column(db.DateTime(timezone=True), default=func.now())
    author = db.Column(
        db.Integer, db.ForeignKey("user.id", ondelete="CASCADE"), nullable=False
    )

通过我的路线删除帖子

@views.route("/delete-post/<id>")
@login_required
def delete_post(id):
    post = Post.query.filter_by(id=id).first()

    if not post:
        flash("Post does not exist.", category='error')
    elif current_user.id != post.id:
        flash('You do not have permission to delete this post.', category='error')
    else:
        db.session.delete(post)
        db.session.commit()
        flash('Post deleted.', category='success')

    return redirect(url_for('views.home'))

包含一些 python 代码的 HTML 页面,用于创建和删除帖子广告

{% extends "base.html" %} {% block title %}Home{% endblock %} {% block content
%}
<h1 align="center">{% block header %}Posts{% endblock %}</h1>
<div id="posts">
  {% for post in posts %}
  <div class="card border-dark">
    <div class="card-header d-flex justify-content-between align-items-center">
      <a href="/posts/{{post.user.username}}">{{post.user.username}}</a>
      {% if user.id == post.author %}
      <div class="btn-group">
        <button
          type="button"
          class="btn btn-sm btn-primary dropdown-toggle"
          data-bs-toggle="dropdown"
        ></button>
        <ul class="dropdown-menu">
          <li>
            <a href="/delete-post/{{post.id}}" class="dropdown-item">Delete</a>
          </li>
        </ul>
      </div>
      {% endif %}
    </div>
    <div class="card-body">
      <div class="card-text">{{post.text}}</div>
    </div>
    <div class="card-footer text-muted">{{post.date_created}}</div>
  </div>
  <br/ > {% endfor %}
</div>
{% block footer %}
<div align="center">
  <a href="/create-post"
    ><button type="button" class="btn btn-primary btn-lg">
      Create a Post
    </button></a
  >
</div>
{% endblock %} {% endblock %}```
flask flask-sqlalchemy
1个回答
0
投票

我认为你在比较中犯了一个错误。
您比较 user 和 post 的两个 id,而不是比较用户的 id 与外键

post.author

@views.route("/delete-post/<id>")
@login_required
def delete_post(id):
    post = Post.query.filter_by(id=id).first()

    if not post:
        flash("Post does not exist.", category='error')
    elif current_user.id != post.author:
        flash('You do not have permission to delete this post.', category='error')
    else:
        db.session.delete(post)
        db.session.commit()
        flash('Post deleted.', category='success')

    return redirect(url_for('views.home'))
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.