diff --git a/src/models/comment.py b/src/models/comment.py index f9cde24..7aec613 100644 --- a/src/models/comment.py +++ b/src/models/comment.py @@ -14,4 +14,4 @@ class Comment(db.Model): item_id = db.Column(db.Integer, db.ForeignKey("item.id", ondelete="CASCADE"), nullable=False) item = db.relationship("Item", backref=db.backref("comments", lazy=True)) - text = db.Text(4096) + text = db.Column(db.String(4096), nullable=False) diff --git a/src/templates/item.html b/src/templates/item.html index e1b75f5..594a62f 100644 --- a/src/templates/item.html +++ b/src/templates/item.html @@ -27,12 +27,12 @@ {% if current_user.is_authenticated %}
-
+
Write a comment
+ placeholder="Type your comment here" name="comment">
diff --git a/src/views/itemview.py b/src/views/itemview.py index 746af69..4e8eb5c 100644 --- a/src/views/itemview.py +++ b/src/views/itemview.py @@ -1,9 +1,10 @@ #!/usr/bin/env python3 -from flask import render_template +from flask import render_template, request, flash, redirect, url_for, current_app from flask_classful import FlaskView -from flask_security import current_user +from flask_security import current_user, login_required from models import db, Comment, Item, Purchase +import bleach """ Item VIEW @@ -28,3 +29,21 @@ class ItemView(FlaskView): purchased = bool(p) return render_template('item.html', item=item, purchased=purchased) + + @login_required + def post(self, id_: int): + + comment_text = request.form.get('comment', '') + comment_text = comment_text[:Comment.text.property.columns[0].type.length] + comment_text = bleach.clean(comment_text, tags=[]) + + if not comment_text: + flash("Comment field can not be empty", "primary") + return redirect(url_for('ItemView:get', id_=id_)) + + i = Item.query.get_or_404(id_) + c = Comment(commenter=current_user, item=i, text=comment_text) + + db.session.add(c) + db.session.commit() + return redirect(url_for('ItemView:get', id_=id_))