delete posts

2023-07-10 18:53:11 +02:00 · 2023-07-10 18:53:11 +02:00 · d90ef9f92d
parent 08d2d3373d
commit d90ef9f92d
3 changed files with 55 additions and 15 deletions
--- a/46
+++ b/46
@ -291,6 +291,10 @@ def apilogin():
        return {
                    "key": randomCharacters
                }, 100
+    else:
+        return {
+            "error": "https://http.cat/images/400.jpg"
+        }, 400

@app.route("/api/post", methods=("GET", "POST"))
 def apipost():
@ -560,23 +564,35 @@ def settings():
        return redirect("/")


-@app.route("/remove/<postid>", methods=("GET", "POST"))
-def remove(postid):
+@app.route("/api/delete", methods=("GET", "POST"))
+def delete():
    usersession = request.cookies.get("session_DO_NOT_SHARE")
-    if usersession:
-        userCookie = get_session(usersession)
-        user = get_user(userCookie["id"])
-        if str(user["administrator"]) == "1":
-            post = get_post(postid)
-            conn = get_db_connection()
-            conn.execute("DELETE FROM posts WHERE id = ?", (postid,))
-            conn.commit()
-            conn.close()
-            return "Deleted post!"
-        else:
-            return "nice try"
+
+    if request.method == "POST":
+        data = request.get_json()
+        postid = int(data["id"])
+
+        post = get_post(postid)
+        if not post == "error":
+            if usersession:
+                userCookie = get_session(usersession)
+                user = get_user(userCookie["id"])
+
+                if (str(user["administrator"]) == "1") or (int(user["id"]) == int(post["creator"])):
+                    post = get_post(postid)
+                    conn = get_db_connection()
+                    conn.execute("DELETE FROM posts WHERE id = ?", (postid,))
+                    conn.commit()
+                    conn.close()
+                    return "success", 100
+                else:
+                    return {
+                        "error": "https://http.cat/images/403.jpg"
+                    }, 403
    else:
-        return redirect(url_for("login"))
+        return {
+            "error": "https://http.cat/images/400.jpg"
+        }, 400

@app.route("/listusers", methods=("GET", "POST"))
 def listusers():
--- a/static/js/main.js
+++ b/static/js/main.js
@ -6,6 +6,7 @@ for (let i = 0; i < posts.length; i++) {
    let commentBurgerDiv = post.children["commentBurgerDiv"]
    let usernameElement = post.children["usernameElement"]
    let commentDiv = post.children["commentDiv"]
+    let removeButton = post.children["removeButton"]
    let commentBox = commentDiv.children["commentBox"]
    let commentSave = commentDiv.children["commentDivSave"]
    let commentCancel = commentDiv.children["commentDivCancel"]
@ -41,4 +42,20 @@ for (let i = 0; i < posts.length; i++) {
            }
        })
    });
+    removeButton.addEventListener("click", (e) => {
+        console.log("fart")
+
+        post.classList.add("hidden")
+        id = String(commentId.innerHTML)
+
+        fetch("/api/delete", {
+            method: "POST",
+            body: JSON.stringify({
+                id: id
+            }),
+            headers: {
+                "Content-Type": "application/json"
+            }
+        })
+    });
 }
--- a/templates/main.html
+++ b/templates/main.html
@ -55,6 +55,13 @@
        {% endif %}
        <p id="commentId" class="hidden">{{ post.id }}</p>
        <button id="commentButton" class="comment">comment</button>
+        {% if userdata %}
+        {% if post.creator | int == userdata.id | int or userdata.administrator == 1%}
+        <button id="removeButton" class="comment">remove</button>
+        {% else %}
+        <button id="removeButton" class="comment hidden">remove</button>
+        {% endif %}
+        {% endif %}
        <div id="commentDiv" class="commentdiv hidden">
            {% if userdata %}
            <input id="commentBox" type="text" placeholder="content">