我在一个flask博客上工作,我想限制文章的更新仅限于该文章的作者
这是我的数据库架构:
class Users(Base, UserMixin):
__tablename__ = 'users'
'users', MetaData(bind=None),
id = Column(Integer, primary_key=True)
username = Column(String(100), unique=True, nullable=False)
allposts = relationship('Posts', back_populates='users')
def __repr__(self):
return f"Users('{self.username}', '{self.email}', '{self.image_file}')"
class Posts(Base):
__tablename__ = 'posts'
'posts', MetaData(bind=None),
id = Column(Integer, primary_key=True)
........
author = Column(Integer, ForeignKey('users.id'), nullable=False)
users = relationship('Users', back_populates='allposts')
def __repr__(self):
return f"Posts('{self.title}', '{self.date_posted}')"
@login_manager.user_loader
def load_user(user_id):
return s.query(Users).get(int(user_id))
Base.metadata.create_all(engine)
这是我的更新路线:
@app.route("/post/<int:post_id>/update", methods=['GET', 'POST'])
@login_required
def update_post(post_id):
s = session()
post = s.query(Posts, Users).join(Users, Posts).filter(Users.id)
if Posts.users != current_user.id:
abort(403)
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.content = form.content.data
s.commit()
flash('Your post has been updated!', 'success')
return redirect(url_for('postview', post_id=post.id))
elif request.method == 'GET':
form.title.data = post.title
form.content.data = post.content
return render_template('newpost.html', title='Update Post',
form=form, legend='Update Post')
如何将更新权限限制为作者
您可以添加额外的检查,以限制作者在第一次
if
之后更新文章相关问题 更多 >
编程相关推荐