From c253867c62300432e14828fbb98237e0b5e7f87f Mon Sep 17 00:00:00 2001
From: nukeop <alsw@protonmail.com>
Date: Tue, 3 Jan 2017 02:12:14 +0100
Subject: [PATCH] Add approving and deleting queued messages

---
 smash/models_sqlalchemy.py |  8 ++++----
 smash/templates/queue.html |  8 ++++++++
 smash/views.py             | 41 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/smash/models_sqlalchemy.py b/smash/models_sqlalchemy.py
index 1e83f09..1e6a6dd 100644
--- a/smash/models_sqlalchemy.py
+++ b/smash/models_sqlalchemy.py
@@ -13,10 +13,10 @@ class Quote(db.Model):
 
     id = db.Column(db.Integer, primary_key=True)
     rating = db.Column(db.Integer)
-    content = db.Column(db.String())
+    content = db.Column(db.String(), nullable=False)
     approved = db.Column(db.Boolean)
-    author_ip = db.Column(db.String())
-    time = db.Column(db.String())
+    author_ip = db.Column(db.String(), nullable=False)
+    time = db.Column(db.String(), nullable=False)
     tags = db.relationship(
         'Tag',
         secondary=tags_to_quotes,
@@ -36,7 +36,7 @@ class Tag(db.Model):
     __tablename__ = 'tags'
 
     id = db.Column(db.Integer, primary_key=True)
-    name = db.Column(db.String())
+    name = db.Column(db.String(), unique=True, nullable=False)
 
 
     def __init__(self, name):
diff --git a/smash/templates/queue.html b/smash/templates/queue.html
index 360c5a3..924b1d2 100644
--- a/smash/templates/queue.html
+++ b/smash/templates/queue.html
@@ -9,6 +9,14 @@
     <p>{{ quote.content|safe }}</p>
 </div>
 
+<form action="/moderate" name="moderate" method="post">
+  <div class="btn-group" role="group">
+    <input type="hidden" name="quoteid" value={{quote.id}} />
+    <button type="submit" name="submit" class="btn btn-success btn-sm" value="Approve">Approve</button>
+    <button type="submit" name="submit" class="btn btn-danger btn-sm" value="Delete">Delete</button>
+  </div>
+</form>
+
 <div class="tags">
 
     Tags:
diff --git a/smash/views.py b/smash/views.py
index f01fd39..d151e31 100644
--- a/smash/views.py
+++ b/smash/views.py
@@ -71,6 +71,13 @@ def latest():
 
 @app.route('/queue')
 def queue():
+    if not session.get('authorized'):
+        return render_template(
+            "message.html",
+            alertclass="alert-danger",
+            message="You are not authorized to view this page."
+        )
+
     quotes = Quote.query.filter_by(approved=False).order_by(Quote.id).all()
 
     if len(quotes)>0:
@@ -91,6 +98,40 @@ def queue():
         )
 
 
+@app.route('/moderate', methods=['POST'])
+def moderate():
+    if not session.get('authorized'):
+        return render_template(
+            "message.html",
+            alertclass="alert-danger",
+            message="You are not authorized to perform this action."
+        )
+
+
+    if request.form['submit'] == "Approve":
+        quote = Quote.query.filter_by(id=request.form['quoteid']).first()
+        quote.approved = True
+        db.session.commit()
+
+        return render_template(
+            "message.html",
+            alertclass="alert-success",
+            message="Quote approved."
+        )
+    elif request.form['submit'] == "Delete":
+        quote = Quote.query.filter_by(id=request.form['quoteid']).first()
+        db.session.delete(quote)
+        db.session.commit()
+
+        return render_template(
+            "message.html",
+            alertclass="alert-success",
+            message="Quote deleted."
+        )
+
+    return str(request.form)
+
+
 @app.route('/quote/<int:id>')
 def quote(id):
     quote = Quote.query.filter_by(id=id, approved=True).first()