diff --git a/main b/main index 68dc4f5..f97d593 100644 --- a/main +++ b/main @@ -291,6 +291,10 @@ def apilogin(): return { "key": randomCharacters }, 100 + else: + return { + "error": "https://http.cat/images/400.jpg" + }, 400 @app.route("/api/post", methods=("GET", "POST")) def apipost(): @@ -560,23 +564,35 @@ def settings(): return redirect("/") -@app.route("/remove/", methods=("GET", "POST")) -def remove(postid): +@app.route("/api/delete", methods=("GET", "POST")) +def delete(): usersession = request.cookies.get("session_DO_NOT_SHARE") - if usersession: - userCookie = get_session(usersession) - user = get_user(userCookie["id"]) - if str(user["administrator"]) == "1": - post = get_post(postid) - conn = get_db_connection() - conn.execute("DELETE FROM posts WHERE id = ?", (postid,)) - conn.commit() - conn.close() - return "Deleted post!" - else: - return "nice try" + + if request.method == "POST": + data = request.get_json() + postid = int(data["id"]) + + post = get_post(postid) + if not post == "error": + if usersession: + userCookie = get_session(usersession) + user = get_user(userCookie["id"]) + + if (str(user["administrator"]) == "1") or (int(user["id"]) == int(post["creator"])): + post = get_post(postid) + conn = get_db_connection() + conn.execute("DELETE FROM posts WHERE id = ?", (postid,)) + conn.commit() + conn.close() + return "success", 100 + else: + return { + "error": "https://http.cat/images/403.jpg" + }, 403 else: - return redirect(url_for("login")) + return { + "error": "https://http.cat/images/400.jpg" + }, 400 @app.route("/listusers", methods=("GET", "POST")) def listusers(): diff --git a/static/js/main.js b/static/js/main.js index 62e9a3e..b7f8f29 100644 --- a/static/js/main.js +++ b/static/js/main.js @@ -6,6 +6,7 @@ for (let i = 0; i < posts.length; i++) { let commentBurgerDiv = post.children["commentBurgerDiv"] let usernameElement = post.children["usernameElement"] let commentDiv = post.children["commentDiv"] + let removeButton = post.children["removeButton"] let commentBox = commentDiv.children["commentBox"] let commentSave = commentDiv.children["commentDivSave"] let commentCancel = commentDiv.children["commentDivCancel"] @@ -41,4 +42,20 @@ for (let i = 0; i < posts.length; i++) { } }) }); + removeButton.addEventListener("click", (e) => { + console.log("fart") + + post.classList.add("hidden") + id = String(commentId.innerHTML) + + fetch("/api/delete", { + method: "POST", + body: JSON.stringify({ + id: id + }), + headers: { + "Content-Type": "application/json" + } + }) + }); } \ No newline at end of file diff --git a/templates/main.html b/templates/main.html index 388a522..6fcb24b 100644 --- a/templates/main.html +++ b/templates/main.html @@ -55,6 +55,13 @@ {% endif %} + {% if userdata %} + {% if post.creator | int == userdata.id | int or userdata.administrator == 1%} + + {% else %} + + {% endif %} + {% endif %}