From 839ef370be125f92aef8ab187ea8531dbfe48c0e Mon Sep 17 00:00:00 2001 From: Xevion Date: Tue, 29 Mar 2022 16:37:12 -0500 Subject: [PATCH] Create proper edit profile form w/ CSRF & refactor User.about_me null/empty string handling --- models.py | 3 +++ routes.py | 23 +++++++++++++++++------ templates/pages/browse.html | 2 +- templates/pages/user.html | 2 +- templates/pages/user_edit.html | 23 ++++++----------------- 5 files changed, 28 insertions(+), 25 deletions(-) diff --git a/models.py b/models.py index 2594136..0817099 100644 --- a/models.py +++ b/models.py @@ -37,6 +37,9 @@ class User(UserMixin, db.Model): def get_post_count(self) -> int: return len(self.posts) + def display_about(self) -> str: + return self.about_me or "This user hasn't written a bio yet." + class Post(db.Model): id = db.Column(db.Integer, primary_key=True) author = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False) diff --git a/routes.py b/routes.py index 1fae06f..7db56e6 100644 --- a/routes.py +++ b/routes.py @@ -2,7 +2,7 @@ from flask import Blueprint, redirect, render_template, url_for, request from flask_login import current_user, login_required from models import User, Post, Comment -from forms import NewPostForm +from forms import NewPostForm, EditProfileForm from database import db blueprint = Blueprint('main', __name__) @@ -71,13 +71,24 @@ def view_user(username: str): return render_template('pages/user.html', user=user) -@blueprint.route('/user//edit', methods=['GET']) +@blueprint.route('/user//edit', methods=['GET', 'POST']) @login_required def edit_user(username: str): - user = User.query.filter_by(username=username).first_or_404() - if current_user.is_admin or current_user.id == user.id: - return render_template('pages/user_edit.html', user=user) - return redirect(url_for('main.view_user', username=username)) + user = db.session.query(User).filter_by(username=username).first_or_404() + form = EditProfileForm(request.form) + + if request.method == 'POST': + if form.validate(): + if current_user.is_admin or current_user.id == user.id: + user.about_me = form.about_me.data + user.name = form.name.data + + db.session.commit() + return redirect(url_for('main.view_user', username=username)) + return render_template('pages/user_edit.html', form=form) + + form.populate_obj(user) + return render_template('pages/user_edit.html', form=form) # @blueprint.route('/blogs') # def blogs(): diff --git a/templates/pages/browse.html b/templates/pages/browse.html index 77cf0c7..495adf4 100644 --- a/templates/pages/browse.html +++ b/templates/pages/browse.html @@ -24,7 +24,7 @@ {{ user.username }}'s Profile Picture -

{{ user.about_me }}

+

{{ user.display_about() }}

{% endfor %} diff --git a/templates/pages/user.html b/templates/pages/user.html index 051ee50..ffba627 100644 --- a/templates/pages/user.html +++ b/templates/pages/user.html @@ -29,7 +29,7 @@

About me:
- {{ user.about_me or "This user hasn't written a bio yet." }} + {{ user.display_about() }}

diff --git a/templates/pages/user_edit.html b/templates/pages/user_edit.html index 89c670d..14895c5 100644 --- a/templates/pages/user_edit.html +++ b/templates/pages/user_edit.html @@ -1,23 +1,12 @@ {% extends 'layouts/index.html' %} +{% from 'macros.html' import render_field %} {% block content %}

Edit Profile

-
-
- - + + {{ form.csrf_token }} + {{ render_field(form.name) }} + {{ render_field(form.about_me) }} +
- {% with messages = get_flashed_messages() %} - {% if messages %} - - {{ messages[0] }} - - {% endif %} - {% endwith %} {% endblock %}