def editItem(name):
if "user_id" not in session:
return redirect("/login")
item = db_session.query(Item).filter_by(name=name).one()
if item is None:
abort(404)
if item.user_id != session["user_id"]:
abort(401)
form = ItemForm(obj=item)
categories = db_session.query(Category.id, Category.name).all()
form.category.choices = categories
if form.validate_on_submit():
# form.populate_obj(item)
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category.data
filename = None
# check if user uploaded file and sanitize filename
if form.image.has_file():
# gets the filename?
filename = secure_filename(form.image.data.filename)
form.image.data.save(os.path.join(app.config["UPLOAD_FOLDER"], filename))
item.image = filename
db_session.add(item)
db_session.commit()
flash("Item %s edited." % item.name)
return redirect(url_for("item", name=item.name))
return render_template("editItem.html", item=item, form=form)
def catalog():
""" Show catalog home page, with category list and latest items """
categories = db_session.query(Category).all()
items = db_session.query(Item).order_by(Item.pub_date.desc()).limit(10)
return render_template('catalog.html',
categories=categories,
latest_items=items)
def item(name):
""" View an item """
item = db_session.query(Item).filter_by(name=name).first()
if item is None:
abort(404)
owner = db_session.query(User).filter_by(id=item.user_id).first()
return render_template('item.html', item=item, owner=owner)
def category(name):
""" View a category of items """
categories = db_session.query(Category).all()
category = db_session.query(Category).filter_by(name=name).first()
if category is None:
abort(404)
return render_template('category.html',
categories=categories,
category=category,
items=category.items)
def deleteCategory(name):
""" Delete a category """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
category = db_session.query(Category).filter_by(name=name).first()
if category is None:
abort(404)
if category.user_id != session['user_id']:
abort(401)
if request.method == 'POST':
# delete the category
# related items should be deleted automatically
db_session.delete(category)
db_session.commit()
flash('%s Successfully Deleted' % category.name)
return redirect(url_for('catalog'))
else:
form = CategoryForm()
return render_template('delete_category.html',
category=category, form=form)
def item(name):
item = db_session.query(Item).filter_by(name=name).one()
if item is None:
abort(404)
return render_template("item.html", item=item)
def newItem():
if "user_id" not in session:
return redirect("/login")
form = ItemForm()
categories = db_session.query(Category.id, Category.name).all()
form.category.choices = categories
if form.validate_on_submit():
filename = None
# check if user uploaded file and sanitize filename
if form.image.has_file():
# gets the filename?
filename = secure_filename(form.image.data.filename)
form.image.data.save(os.path.join(app.config["UPLOAD_FOLDER"], filename))
# create new item and commit to database
item = Item(
name=form.name.data,
description=form.description.data,
category_id=form.category.data,
image=filename,
user_id=session["user_id"],
pub_date=datetime.utcnow(),
)
db_session.add(item)
db_session.commit()
flash("New item created.")
return redirect(url_for("item", name=item.name))
return render_template("newItem.html", form=form)
def editCategory(name):
""" Edit a category """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
category = db_session.query(Category).filter_by(name=name).first()
if category is None:
abort(404)
if category.user_id != session['user_id']:
abort(401)
form = CategoryForm(obj=category)
if form.validate_on_submit():
form.populate_obj(category)
db_session.add(category)
try:
db_session.commit()
except exc.IntegrityError:
# category name should be unique
db_session.rollback()
form.name.errors.append("Category already exists.")
return render_template('edit_category.html',
category=category, form=form)
flash("Category %s edited." % category.name)
return redirect(url_for('category', name=category.name))
return render_template('edit_category.html', category=category, form=form)
def getUserID(email):
""" Get user by email address """
try:
user = db_session.query(User).filter_by(email=email).one()
return user.id
except:
return None
def createUser(session):
""" Create new user record """
newUser = User(name=session['username'], email=session[
'email'], picture=session['picture'])
db_session.add(newUser)
db_session.commit()
user = db_session.query(User).filter_by(email=session['email']).one()
return user.id
def category(name):
category = db_session.query(Category).filter_by(name=name).one()
if category is None:
abort(404)
# items = db_session.query(Item).filter_by(category_id = category.id)
return render_template("category.html", category=category, items=category.items)
def editItem(name):
""" Edit an item """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
item = db_session.query(Item).filter_by(name=name).first()
if item is None:
abort(404)
if item.user_id != session['user_id']:
abort(401)
form = ItemForm(obj=item)
categories = db_session.query(Category.id, Category.name).all()
form.category_id.choices = categories
if form.validate_on_submit():
filename = item.image
# check if user uploaded file and sanitize filename
if form.image.has_file():
# gets the filename, ensuring that it is safe
filename = secure_filename(form.image.data.filename)
form.image.data.save(
os.path.join(app.config['UPLOAD_FOLDER'], filename))
form.populate_obj(item)
item.image = filename
db_session.add(item)
try:
db_session.commit()
except exc.IntegrityError:
# item name should be unique
db_session.rollback()
form.name.errors.append("Item already exists.")
return render_template('edit_item.html', item=item, form=form)
flash("Item %s edited." % item.name)
return redirect(url_for('item', name=item.name))
return render_template('edit_item.html', item=item, form=form)
def catalogRecentAtom():
""" Return latest items in Atom format """
items = db_session.query(Item).order_by(Item.pub_date.desc()).limit(10)
feed = AtomFeed('Recent Items', feed_url=request.url, url=request.url_root)
for item in items:
feed.add(item.name, unicode(item.description),
content_type='html',
author=item.user.name,
url=url_for('item', name=item.name),
updated=item.pub_date,
published=item.pub_date)
return feed.get_response()
def newItem():
""" Create a new item """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
form = ItemForm()
categories = db_session.query(Category.id, Category.name).all()
form.category_id.choices = categories
if form.validate_on_submit():
# check that name != 'new', which is used for routing
if form.name.data.lower() == 'new':
form.name.errors.append("'new' is a reserved word, and cannot"
" be used as an item name.")
return render_template('new_item.html', form=form)
filename = None
# check if user uploaded file and sanitize filename
if form.image.has_file():
# get the filename, ensuring that it is safe
filename = secure_filename(form.image.data.filename)
form.image.data.save(
os.path.join(app.config['UPLOAD_FOLDER'], filename))
# create new item and commit to database
item = Item(
name=form.name.data,
description=form.description.data,
category_id=form.category_id.data,
image=filename,
user_id=session['user_id'],
pub_date=datetime.utcnow()
)
db_session.add(item)
try:
db_session.commit()
except exc.IntegrityError:
# item name should be unique
db_session.rollback()
form.name.errors.append("Item already exists.")
return render_template('new_item.html', form=form)
flash("Created new item %s." % item.name)
return redirect(url_for('item', name=item.name))
return render_template('new_item.html', form=form)
def deleteItem(name):
if "user_id" not in session:
return redirect("/login")
item = db_session.query(Item).filter_by(name=name).one()
if item is None:
abort(404)
if item.user_id != session["user_id"]:
abort(401)
if request.method == "POST":
db_session.delete(item)
db_session.commit()
flash("%s Successfully Deleted" % item.name)
return redirect(url_for("catalog"))
else:
return render_template("deleteItem.html", item=item)
def deleteCategory(name):
if "user_id" not in session:
return redirect("/login")
category = db_session.query(Category).filter_by(name=name).one()
if category is None:
abort(404)
if category.user_id != session["user_id"]:
abort(401)
if request.method == "POST":
# delete the category, and related items should be deleted automatically
db_session.delete(category)
db_session.commit()
flash("%s Successfully Deleted" % category.name)
return redirect(url_for("catalog"))
else:
return render_template("deleteCategory.html", category=category)
def editCategory(name):
if "user_id" not in session:
return redirect("/login")
category = db_session.query(Category).filter_by(name=name).one()
if category is None:
abort(404)
if category.user_id != session["user_id"]:
abort(401)
form = CategoryForm(obj=category)
if form.validate_on_submit():
form.populate_obj(category)
db_session.add(category)
db_session.commit()
flash("Category %s edited." % category.name)
return redirect(url_for("category", name=category.name))
return render_template("editCategory.html", category=category, form=form)
def deleteItem(name):
""" Delete an item """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
item = db_session.query(Item).filter_by(name=name).first()
if item is None:
abort(404)
if item.user_id != session['user_id']:
abort(401)
if request.method == 'POST':
db_session.delete(item)
db_session.commit()
flash('%s Successfully Deleted' % item.name)
return redirect(url_for('catalog'))
else:
form = ItemForm()
return render_template('delete_item.html', item=item, form=form)
def catalogJSON():
""" Return all catalog items in JSON format """
categories = db_session.query(Category).all()
return jsonify(categories=[category.serialize for category in categories])
def getUserID(email):
try:
user = db_session.query(User).filter_by(email=email).one()
return user.id
except:
return None
def createUser(session):
newUser = User(name=session["username"], email=session["email"], picture=session["picture"])
db_session.add(newUser)
db_session.commit()
user = db_session.query(User).filter_by(email=session["email"]).one()
return user.id
def catalog():
categories = db_session.query(Category).all()
return render_template("catalog.html", categories=categories)
def getUserInfo(user_id):
user = db_session.query(User).filter_by(id=user_id).one()
return user
