+
+@require_active_login
+def blog_delete(request, **kwargs):
+ url_user = request.matchdict.get('user')
+ owner_user = request.db.User.query.filter_by(username=url_user).first()
+
+ blog_slug = request.matchdict.get('blog_slug', None)
+ blog = request.db.Blog.query.filter_by(slug=blog_slug, author=owner_user.id).first()
+ if not blog:
+ return render_404(reequest)
+
+ form = blog_forms.ConfirmDeleteForm(request.form)
+ if request.user.id == blog.author or request.user.is_admin:
+ if request.method == 'POST' and form.validate():
+ if form.confirm.data is True:
+ blog.delete()
+ add_message(
+ request, SUCCESS, _('You deleted the Blog.'))
+ return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard",
+ user=request.user.username)
+ else:
+ add_message(
+ request, ERROR,
+ _("The media was not deleted because you didn't check that you were sure."))
+ return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard",
+ user=request.user.username)
+ else:
+ if request.user.is_admin:
+ add_message(
+ request, WARNING,
+ _("You are about to delete another user's Blog. "
+ "Proceed with caution."))
+ return render_to_response(
+ request,
+ 'mediagoblin/blog/blog_confirm_delete.html',
+ {'blog':blog,
+ 'form':form
+ })
+ else:
+ add_message(
+ request, ERROR,
+ _("The blog was not deleted because you have no rights."))
+ return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard",
+ user=request.user.username)