From 6e69eb608bb871b4e7c0a5eacfdd8862fe05c121 Mon Sep 17 00:00:00 2001
From: mrmur <andreiduvakin@mail.ru>
Date: Tue, 3 May 2022 19:46:50 +0500
Subject: [PATCH] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=B5=D0=BD=D1=8B=20=D0=BE=D1=88=D0=B8=D0=B1=D0=BA=D0=B8=20?=
 =?UTF-8?q?=D1=83=D0=B4=D0=B0=D0=BB=D0=B5=D0=BD=D0=B8=D1=8F=20=D0=BF=D0=BE?=
 =?UTF-8?q?=D1=81=D1=82=D0=BE=D0=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 main.py | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/main.py b/main.py
index 99c54ca..c57088a 100644
--- a/main.py
+++ b/main.py
@@ -460,19 +460,23 @@ def delete_quest(id):
 @app.route('/add_question', methods=['GET', 'POST'])
 def add_question():
     if current_user.is_authenticated:
-        que = AddQuest()
-        session = db_session.create_session()
-        if que.validate_on_submit():
-            if que.quest.data in list(map(lambda x: x.quest, session.query(Quest).all())):
-                return render_template('add_question.html', message='Такой вопрос уже есть!', title='Добавить вопрос',
-                                       form=que)
-            new_que = Quest()
-            new_que.quest = que.quest.data.strip()
-            session.add(new_que)
-            session.commit()
-            que.quest.data = ''
-        return render_template('add_question.html', message='', title='Добавить вопрос', form=que,
-                               question=session.query(Quest).all())
+        if current_user.role == 'admin':
+            que = AddQuest()
+            session = db_session.create_session()
+            if que.validate_on_submit():
+                if que.quest.data in list(map(lambda x: x.quest, session.query(Quest).all())):
+                    return render_template('add_question.html', message='Такой вопрос уже есть!',
+                                           title='Добавить вопрос',
+                                           form=que)
+                new_que = Quest()
+                new_que.quest = que.quest.data.strip()
+                session.add(new_que)
+                session.commit()
+                que.quest.data = ''
+            return render_template('add_question.html', message='', title='Добавить вопрос', form=que,
+                                   question=session.query(Quest).all())
+        else:
+            return redirect('/')
     else:
         return redirect('/')
 
@@ -552,8 +556,7 @@ def post_deleted(id):
         if find_post:
             if find_post.author == current_user.id or current_user.role == 'admin':
                 session = db_session.create_session()
-                pos = session.query(DiaryPost).filter(DiaryPost.id == id,
-                                                      DiaryPost.author == current_user.id).first()
+                pos = session.query(DiaryPost).filter(DiaryPost.id == id).first()
                 if pos:
                     if pos.photo:
                         os.remove(pos.photo[3:])
@@ -752,7 +755,7 @@ def confirmation():
                             about=form.about.data,
                             email=form.email.data,
                             role='user',
-                            photo='../static/img/Икона.png'
+                            photo='../static/img/None_logo.png'
                         )
                     user.set_password(form.password.data)
                     session.add(user)