votes = query_db('select *, votes.id as voteid, groups.name as groupname from votes \
join groups on groups.id=votes.id_group \
where is_hidden=0 order by id desc')
- return render_template('admin_votes.html', votes=votes, today=date.today().strftime("%Y-%m-%d"))
+ return render_template('admin_votes.html', votes=votes
+ , today=date.today().strftime("%Y-%m-%d")
+ , can_delete_votes=CAN_DELETE_VOTES
+ )
@app.route('/admin/votes/add', methods=['GET', 'POST'])
def admin_vote_add():
def admin_vote_del(idvote):
if not session.get('user').get('is_admin'):
abort(401)
- vote = query_db('select * from votes where id = ?', [idvote], one=True)
- if vote is None:
- abort(404)
- g.db.execute('update votes set is_hidden=1 where id = ?', [idvote])
- g.db.commit()
+ if not CAN_DELETE_VOTES:
+ flash(u'La configuration interdit la suppression des votes.', 'error')
+ else:
+ if vote is None:
+ abort(404)
+ g.db.execute('update votes set is_hidden=1 where id = ?', [idvote])
+ g.db.commit()
return redirect(url_for('admin_votes'))
@app.route('/admin/votes/addchoice/<voteid>', methods=['POST'])