Beispiel #1
0
def edit_item(category_name, item_name):
    data = request.get_json()
    item = session.query(Item).filter_by(name=item_name).one()
    user_jwt = request.headers.get('Authorization')
    # If user is not logged in or user is not in db return error response
    if user_jwt == u"null" or not verify_jwt(user_jwt):
        return create_message_response('Unauthorized access', 400)
    else:
        user_info = jwt.decode(user_jwt, SECRET, algorithms=['HS256'])
        # Check if request has required content
        if 'name' not in data or 'description' not in data:
            return create_message_response('Invalid input', 400)
        # Logged in user must match item creator to edit item
        if user_info['username'] == item.creator:
            # Use Marshmallow to create item object
            input_dict = {
                'name': data['name'],
                'description': data['description'],
                'category_name': item.category_name,
                'creator': item.creator,
            }
            item_mm = verify_item(input_dict)
            # If errors exist on object, one of the input fields is empty
            if item_mm.errors:
                return create_message_response('Input cannot be empty', 400)
            # Edit item information and commit changes
            else:
                item.name = item_mm.data.name
                item.description = item_mm.data.description
                session.add(item)
                session.commit()
                return create_message_response('Item successfully edited', 200)
            # If user is not logged in user is not item creator
        else:
            return create_message_response('Unauthorized access', 400)
def delete_category(category_name):
    user_jwt = request.headers.get('Authorization')
    # If user is not logged in or user is not in db return error response
    if user_jwt == u"null" or not verify_jwt(user_jwt):
        create_message_response('Unauthorized access', 400)
    else:
        del_cat = session.query(Category).filter_by(name=category_name).one()
        session.delete(del_cat)
        session.commit()
        return create_message_response('Category successfully deleted!', 200)
Beispiel #3
0
def delete_item(category_name, item_name):
    item = session.query(Item).filter_by(name=item_name).one()
    user_jwt = request.headers.get('Authorization')
    # If user is not logged in or user is not in db return error response
    if user_jwt == u"null" or not verify_jwt(user_jwt):
        return create_message_response('Unauthorized access', 400)
    else:
        # Get username from jwt, and check if logged in user is same as item creator
        user_info = jwt.decode(user_jwt, SECRET, algorithms=['HS256'])
        if user_info['username'] == item.creator:
            session.delete(item)
            session.commit()
            return create_message_response('Item successfully deleted', 200)
        # If logged in user is not same as item creator
        else:
            return create_message_response('Unauthorized access', 400)
Beispiel #4
0
def add_item(category_name):
    user_jwt = request.headers.get('Authorization')
    # If user is not logged in or user is not in db return error response
    if user_jwt == u"null" or not verify_jwt(user_jwt):
        return create_message_response('Unauthorized access', 400)
    else:
        # Get creator username from jwt in authorization header
        user_info = jwt.decode(user_jwt, SECRET, algorithms=['HS256'])
        creator = user_info['username']
        data = request.get_json()
        # Check if request has required content
        if 'name' not in data or 'description' not in data:
            return create_message_response('Invalid input', 400)
        # Use Marshmallow to create item object
        input_dict = {
            'name': data['name'],
            'description': data['description'],
            'category_name': category_name,
            'creator': creator
        }
        item_mm = verify_item(input_dict)
        # If errors exist in object, one of the input fields is empty
        if item_mm.errors:
            return create_message_response('input cannot be empty', 400)
        else:
            # Check if input item name already exists in db
            item_exists = session.query(Item).filter_by(
                name=data['name']).all()
            if item_exists:
                return create_message_response('Item already exists', 400)
            # If item doesn't already exist, create new item and add to db
            else:
                new_item = Item(name=data['name'],
                                description=data['desc'],
                                category_name=category_name,
                                creator=creator)
                session.add(new_item)
                session.commit()
                return create_message_response('Item successfully added!', 200)
def add_category():
    user_jwt = request.headers.get('Authorization')
    # If user is not logged in or user is not in db return error response
    if user_jwt == u"null" or not verify_jwt(user_jwt):
        return create_message_response('Unauthorized access', 400)
    data = request.get_json()
    # Check if request has required content
    if 'name' not in data:
        return create_message_response('Invalid request', 400)
    name = data['name']
    # If name is empty or whitespace return error
    if name.isspace() or not name:
        return create_message_response('Name cannot be empty', 400)
    else:
        # If name already exists in Category table return error
        category_exists = session.query(Category).filter_by(name=name).all()
        if category_exists:
            return create_message_response('Category already exists', 400)
        else:
            new_category = Category(name=name)
            session.add(new_category)
            session.commit()
            return create_message_response('Category successfully added!', 200)