def show_catalog():
"""Show all catalog categories and items
"""
categories = session.query(Category).all()
items = session.query(Item).all()
return render_template('catalog.html', categories=categories, items=items)
def edit_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
edited_item = session.query(Item).filter_by(name=item_name,
category_id=category.id).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if edited_item.user_id != user_id:
message = json.dumps('You are not allowed to edit the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
# Post method
if request.method == 'POST':
if request.form['name']:
edited_item.name = request.form['name']
if request.form['description']:
edited_item.description = request.form['description']
if request.form['category']:
category = session.query(Category).filter_by(name=request.form
['category']).one()
edited_item.category = category
session.add(edited_item)
session.commit()
return redirect(url_for('show_category',
category_name=edited_item.category.name))
else:
categories = session.query(Category).all()
return render_template('edit_page.html', item=edited_item,
categories=categories)
def item_json(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
item = session.query(Item).filter_by(category_id=category.id,
name=item_name).one()
result = {}
result['Item'] = item.serialize
return jsonify(result)
def delete_category(cat_id):
form = ConfirmForm()
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).first()
items = session.query(Item).filter_by(category_id=cat_id).all()
# Flask-WTF and WTForms is used to manage form creation and to provide
# CSRF protection
if form.validate_on_submit():
session.delete(category)
# If there are items in this category, they will be also deleted
# from the database.
# Implemented cascade property in models.py therefore this is no
# longer necessary.
# if items:
# for item in items:
# session.delete(item)
session.commit()
flash("Category deleted successfully.", "flash-success")
return redirect(url_for('index'))
if (category.user_id != login_session['user_id']):
flash("You must be the owner to delete this category.",
"flash-warning")
return redirect(url_for('category_list', cat_id=category.id))
else:
return render_template('delete_category.html',
categories=categories,
category=category,
items=items,
form=form)
def item(item_id):
categories = session.query(Category).all()
item = session.query(Item).filter_by(id=item_id).first()
if ('user_id' in login_session
and item.user_id == login_session['user_id']):
return render_template('item.html', categories=categories, item=item)
else:
return render_template('pub_item.html',
categories=categories,
item=item)
def delete_item(item_id):
form = ConfirmForm()
categories = session.query(Category).all()
item = session.query(Item).filter_by(id=item_id).first()
if item.user_id != login_session['user_id']:
flash("You must be the owner to delete this item.", "flash-warning")
return redirect(url_for('item', item_id=item.id))
if form.validate_on_submit():
session.delete(item)
session.commit()
flash('Item successfully deleted.', "flash-success")
return redirect(url_for('index'))
return render_template('delete_item.html',
categories=categories,
item=item,
form=form)
def add_item():
categories = session.query(Category).all()
if request.method == 'POST':
new_item = Item(
name=request.form['name'],
description=request.form['description'],
category=session.query(Category).
filter_by(name=request.form['category']).one(),
user_id=login_session['user_id'])
session.add(new_item)
session.commit()
return redirect(url_for('show_catalog'))
else:
return render_template('add_page.html', categories=categories)
def catalog_json():
"""Return list of categories and items in each category
"""
categories = session.query(Category).all()
catalog = []
# iterate over categories and format them
for c in categories:
items = session.query(Item).filter_by(category_id=c.id)
c = c.serialize
c['Item'] = [i.serialize for i in items]
catalog.append(c)
return jsonify(Category=catalog)
def edit_category(cat_id):
form = CategoryEditForm()
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).one()
if category.user_id != login_session['user_id']:
flash("You must be the owner to edit this category.", "flash-warning")
return redirect(url_for('category_list', cat_id=category.id))
if form.validate_on_submit():
category.name = form.name.data
flash('Category has been edited successfully.', "flash-success")
return redirect(url_for('category_list', cat_id=category.id))
if request.method == 'GET':
form.name.data = category.name
return render_template('edit_category.html',
categories=categories,
category=category,
form=form)
def createUser(login_session):
newUser = User(username=login_session['username'],
email=login_session['email'],
picture=login_session['picture'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def add_item(cat_id):
form = ItemForm()
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).first()
if form.validate_on_submit():
new_item = Item(name=form.name.data,
description=form.description.data or "No description",
category_id=category.id,
user_id=login_session['user_id'])
print new_item
session.add(new_item)
session.commit()
flash('Item added successfully.', "flash-success")
return redirect(url_for('category_list', cat_id=category.id))
return render_template('add_item.html',
categories=categories,
category=category,
form=form)
def get_user_id(email):
""" Takes an email and reterns an id, if email belongs to a user
stored inour db
"""
try:
user = session.query(User).filter_by(email=email).one()
return user.id
except Exception:
return None
def create_user(login_session):
""" User helper functions
Creates a new user in our db
"""
new_user = User(name=login_session['username'],
email=login_session['email'])
session.add(new_user)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def category_list(cat_id):
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).one()
items = session.query(Item).filter_by(category_id=cat_id).all()
# Determines if logged-in user is the owner of the entry. If owner is true,
# then a page with editing capabilities is provided. Otherwise, a page
# without editing capabilities is provided.
# This is the same for all routes that require manipulating the database.
if ('user_id' in login_session
and category.user_id == login_session['user_id']):
return render_template('category_list.html',
categories=categories,
category=category,
items=items)
else:
return render_template('pub_category_list.html',
categories=categories,
category=category,
items=items)
def edit_item(item_id):
form = ItemEditForm()
item = session.query(Item).filter_by(id=item_id).one()
if item.user_id != login_session['user_id']:
flash("You must be the owner to make changes to this item.",
"flash-warning")
return redirect(url_for('item', item_id=item.id))
# The choices for the dropdown selectfield is dynamically populated by
# querying the Category table.
categories = session.query(Category).all()
# The default value of the selectfield is also dynamically set.
category = session.query(Category).all()
select_field = [(c.id, c.name) for c in category]
if request.method == 'POST':
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category_id.data
session.commit()
flash('Item edited successfully.', "flash-success")
return redirect(url_for('item', item_id=item.id))
if request.method == 'GET':
# Dynamically assigned selectfield and default value is assigned
form.category_id.choices = select_field
form.category_id.default = item.category_id
# form.process() is run to process the choices and default value
form.process()
# The form is provided with the default values after the selectfied
# has been processed.
form.name.data = item.name
form.description.data = item.description
return render_template('edit_item.html',
categories=categories,
category=category,
item=item,
form=form)
def delete_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
item_to_delete = session.query(Item).filter_by(name=item_name,
category=category).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if item_to_delete.user_id != user_id:
message = json.dumps('You are not allowed to delete the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
if request.method == 'POST':
session.delete(item_to_delete)
session.commit()
return redirect(url_for('show_category',
category_name=category.name))
else:
return render_template('delete_page.html', item=item_to_delete)
def add_category():
form = CategoryForm()
categories = session.query(Category).all()
if form.validate_on_submit():
name = form.name.data
new_category = Category(name=name, user_id=login_session['user_id'])
session.add(new_category)
session.commit()
flash('New Category Added', "flash-success")
return redirect(url_for('category_list', cat_id=new_category.id))
return render_template('add_category.html',
categories=categories,
form=form)
def show_login():
error = None
form = LoginForm()
state = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for x in xrange(32))
login_session['state'] = state
if form.validate_on_submit():
username = form.name.data
password = form.password.data
user = session.query(User).filter_by(username=username).first()
if not user:
flash('Login unsuccessful.', "flash-warning")
error = "No username available."
else:
if user.verify_password(password):
token = user.generate_auth_token(600)
login_session['username'] = user.username
flash('Login successful.', "flash-success")
return redirect(url_for('index'))
else:
flash('Login unsuccessful.')
return render_template('login.html', error=error, STATE=state, form=form)
def itemJSON(id):
items = session.query(Item).filter_by(id=id).first()
return jsonify(items.serialize)
def allItemsJSON():
items = session.query(Item).all()
return jsonify(items=[i.serialize for i in items])
def itemsInCatJSON(cat_id):
items = session.query(Item).filter_by(category_id=cat_id).all()
return jsonify(items=[i.serialize for i in items])
def categoryJSON():
categories = session.query(Category).all()
return jsonify(categories=[c.serialize for c in categories])
def userJSON():
users = session.query(User).all()
return jsonify(users=[u.serialize for u in users])
def index():
# Categories is used to populate the categories column on the page.
# This is the same for all routes.
categories = session.query(Category).all()
items = session.query(Item).order_by(Item.id.desc()).limit(10).all()
return render_template('index.html', categories=categories, items=items)
def get_user_info(user_id):
""" Returns user object assoccieted with id number,
if user id passed into the method
"""
user = session.query(User).filter_by(id=user_id).one_or_none()
return user
def getUserInfo(user_id):
user = session.query(User).filter_by(id=user_id).one()
return user
def getUserId(email):
try:
user = session.query(User).filter_by(email=email).one()
return user.id
except:
return None
def show_item_description(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
item = session.query(Item).filter_by(name=item_name,
category_id=category.id).one()
return render_template('item_page.html', item=item)
def show_category(category_name):
category = session.query(Category).filter_by(name=category_name).one()
items = session.query(Item).filter_by(category_id=category.id)
categories = session.query(Category).all()
return render_template('catalog.html', items=items, categories=categories)
