From a482fe670c480ba188b33360b2d361a2935aef61 Mon Sep 17 00:00:00 2001
From: tmeissner <programming@goodcleanfun.de>
Date: Tue, 20 Nov 2018 23:49:00 +0100
Subject: [PATCH] Chapter 11: Blog post editor (11h)

---
 app/main/views.py            | 20 +++++++++++++++++++-
 app/templates/_posts.html    |  9 +++++++++
 app/templates/edit_post.html | 18 ++++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 app/templates/edit_post.html

diff --git a/app/main/views.py b/app/main/views.py
index b805a32..1ee95b6 100644
--- a/app/main/views.py
+++ b/app/main/views.py
@@ -1,5 +1,5 @@
 from flask import render_template, redirect, url_for, flash, request, \
-    current_app
+    current_app, abort
 from flask_login import login_required, current_user
 from . import main
 from .forms import EditProfileForm, EditProfileAdminForm, PostForm
@@ -88,3 +88,21 @@ def edit_profile_admin(id):
 def post(id):
     post = Post.query.get_or_404(id)
     return render_template('post.html', posts=[post])
+
+
+@main.route('/edit/<int:id>', methods=['GET', 'POST'])
+@login_required
+def edit(id):
+    post = Post.query.get_or_404(id)
+    if current_user != post.author and \
+            not current_user.can(Permission.ADMIN):
+        abort(403)
+    form = PostForm()
+    if form.validate_on_submit():
+        post.body = form.body.data
+        db.session.add(post)
+        db.session.commit()
+        flash('The post has been updated.')
+        return redirect(url_for('.post', id=post.id))
+    form.body.data = post.body
+    return render_template('edit_post.html', form=form)
diff --git a/app/templates/_posts.html b/app/templates/_posts.html
index f6c149d..fc54bd8 100644
--- a/app/templates/_posts.html
+++ b/app/templates/_posts.html
@@ -17,6 +17,15 @@
             {% endif %}
             </div>
             <div class="post-footer">
+                {% if current_user == post.author %}
+                <a href="{{ url_for('.edit', id=post.id) }}">
+                    <span class="label label-primary">Edit</span>
+                </a>
+                {% elif current_user.is_administrator() %}
+                <a href="{{ url_for('.edit', id=post.id) }}">
+                    <span class="label label-danger">Edit [Admin]</span>
+                </a>
+                {% endif %}
                 <a href="{{ url_for('.post', id=post.id) }}">
                     <span class="label label-default">Permalink</span>
                 </a>
diff --git a/app/templates/edit_post.html b/app/templates/edit_post.html
new file mode 100644
index 0000000..7cec8f6
--- /dev/null
+++ b/app/templates/edit_post.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+{% import "bootstrap/wtf.html" as wtf %}
+
+{% block title %}Flasky - Edit Post{% endblock %}
+
+{% block page_content %}
+<div class="page-header">
+    <h1>Edit Post</h1>
+</div>
+<div>
+    {{ wtf.quick_form(form) }}
+</div>
+{% endblock %}
+
+{% block scripts %}
+{{ super() }}
+{{ pagedown.include_pagedown() }}
+{% endblock %}