Attachments

[cavote.git] / main.py

diff --git a/main.py b/main.py
index a8f91a6..a807a51 100755 (executable)
--- a/main.py
+++ b/main.py
@@ -362,7 +362,8 @@ def admin_vote_edit(voteid):
     vote['duration'] = 15
     group = query_db('select name from roles where id = ?', [vote['id_role']], one=True) 
     choices = query_db('select * from choices where id_vote = ?', [voteid])
-    return render_template('admin_vote_edit.html', vote=vote, group=group, choices=choices)
+    attachments = query_db('select * from attachments where id_vote = ?', [voteid])
+    return render_template('admin_vote_edit.html', vote=vote, group=group, choices=choices, attachments=attachments)
 
 @app.route('/admin/votes/addchoice/<voteid>', methods=['POST'])
 def admin_vote_addchoice(voteid):
@@ -401,6 +402,28 @@ def admin_vote_deletechoice(voteid, choiceid):
     g.db.commit()
     return redirect(url_for('admin_vote_edit', voteid=voteid))
 
+@app.route('/admin/votes/addattachment/<voteid>', methods=['POST'])
+def admin_vote_addattachment(voteid):
+    if not session.get('user').get('is_admin'):
+        abort(401)
+    vote = query_db('select * from votes where id = ?', [voteid], one=True)
+    if vote is None:
+        abort(404)
+    g.db.execute('insert into attachments (url, id_vote) values (?, ?)', [request.form['url'], voteid])
+    g.db.commit()
+    return redirect(url_for('admin_vote_edit', voteid=voteid))
+
+@app.route('/admin/votes/deleteattachment/<voteid>/<attachmentid>')
+def admin_vote_deleteattachment(voteid, attachmentid):
+    if not session.get('user').get('is_admin'):
+        abort(401)
+    attachment = query_db('select * from attachments where id = ? and id_vote = ?', [attachmentid, voteid], one=True)
+    if attachment is None:
+        abort(404)
+    g.db.execute('delete from attachments where id = ? and id_vote = ?', [attachmentid, voteid])
+    g.db.commit()
+    return redirect(url_for('admin_vote_edit', voteid=voteid))
+
 #------
 # Main