def showItemPage(category, item_id):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
book = query.select_books(
columns=['id', 'title', 'category', 'pub_year', 'author', 'description', 'owner', 'owner_name', 'only_date'],
limits={'id': item_id},
number=1
)[0]
query.close()
return render_template('showitem.html', auth=auth, user=user, book=book, category=category, STATE=state)
def addItemPage():
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
# If user is not authenticated, then auth is False and
# html-template has rule that if false show message that access is restricted
if auth is False:
categories = []
return render_template('additem.html', auth=auth, user=user, categories=categories, STATE=state)
# in Post request user sends information on book and new book is created.
if request.method == 'POST' and auth is True:
new_book = {
'title': form_data(request.form, 'title', None),
'author': form_data(request.form, 'author', None),
'pub_year': form_data(request.form, 'pub_year', None),
'description': form_data(request.form, 'description', None),
'category': form_data(request.form, 'category', None),
'owner': user_session['user_id'],
'img_url': None, # TODO: in case file upload implemented
}
book_id = query.create_book(new_book)
return redirect(url_for('showItemPage', category=new_book['category'], item_id=book_id))
categories = query.select_categories()
query.close()
return render_template('additem.html', auth=auth, user=user, categories=categories, STATE=state)
def showJSON():
query = Query()
categories = query.select_categories()
books = query.select_books(
columns=[
'id', 'title', 'category', 'pub_year', 'author', 'description',
'owner', 'owner_name', 'only_date', 'add_date'
],
)
query.close()
books_by_cat = {}
for book in books:
book['only_date'] = str(book['only_date'])
book['add_date'] = str(book['add_date'])
try:
books_by_cat[book['category']].append(book)
except KeyError:
books_by_cat[book['category']] = [book]
for cat in categories:
cat['books'] = books_by_cat[cat['name']]
result = {'categories': categories}
return jsonify(result)
def showCategoryPage(category):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
categories = query.select_categories()
books = query.select_books(columns=['id', 'title', 'category', 'owner'],
limits={'category': category})
query.close()
return render_template('showcategory.html',
categories=categories,
books=books,
auth=auth,
user=user,
STATE=state)
def showCategoryPage(category):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
categories = query.select_categories()
books = query.select_books(
columns=['id', 'title', 'category', 'owner'],
limits={'category': category}
)
query.close()
return render_template('showcategory.html', categories=categories, books=books, auth=auth, user=user, STATE=state)
def showCatalogPage():
state = get_state()
query = Query()
categories = query.select_categories()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
recent = query.select_books(
columns=['id', 'title', 'category'],
recent=True,
number=5)
query.close()
return render_template('showcatalog.html', categories=categories, recent=recent, auth=auth, user=user, STATE=state)
def showCatalogPage():
state = get_state()
query = Query()
categories = query.select_categories()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
recent = query.select_books(columns=['id', 'title', 'category'],
recent=True,
number=5)
query.close()
return render_template('showcatalog.html',
categories=categories,
recent=recent,
auth=auth,
user=user,
STATE=state)
def showItemPage(category, item_id):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
book = query.select_books(columns=[
'id', 'title', 'category', 'pub_year', 'author', 'description',
'owner', 'owner_name', 'only_date'
],
limits={'id': item_id},
number=1)[0]
query.close()
return render_template('showitem.html',
auth=auth,
user=user,
book=book,
category=category,
STATE=state)
def addItemPage():
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
# If user is not authenticated, then auth is False and
# html-template has rule that if false show message that access is restricted
if auth is False:
categories = []
return render_template('additem.html',
auth=auth,
user=user,
categories=categories,
STATE=state)
# in Post request user sends information on book and new book is created.
if request.method == 'POST' and auth is True:
new_book = {
'title': form_data(request.form, 'title', None),
'author': form_data(request.form, 'author', None),
'pub_year': form_data(request.form, 'pub_year', None),
'description': form_data(request.form, 'description', None),
'category': form_data(request.form, 'category', None),
'owner': user_session['user_id'],
'img_url': None, # TODO: in case file upload implemented
}
book_id = query.create_book(new_book)
return redirect(
url_for('showItemPage',
category=new_book['category'],
item_id=book_id))
categories = query.select_categories()
query.close()
return render_template('additem.html',
auth=auth,
user=user,
categories=categories,
STATE=state)
def showJSON():
query = Query()
categories = query.select_categories()
books = query.select_books(columns=[
'id', 'title', 'category', 'pub_year', 'author', 'description',
'owner', 'owner_name', 'only_date', 'add_date'
], )
query.close()
books_by_cat = {}
for book in books:
book['only_date'] = str(book['only_date'])
book['add_date'] = str(book['add_date'])
try:
books_by_cat[book['category']].append(book)
except KeyError:
books_by_cat[book['category']] = [book]
for cat in categories:
cat['books'] = books_by_cat[cat['name']]
result = {'categories': categories}
return jsonify(result)
def gconnect():
# Validate state token
if request.args.get('state') != user_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# Verify that the access token is used for the intended user.
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response(
json.dumps("Token's user ID doesn't match given user ID."), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app.
if result['issued_to'] != CLIENT_ID:
response = make_response(
json.dumps("Token's client ID does not match app's."), 401)
print "Token's client ID does not match app's."
response.headers['Content-Type'] = 'application/json'
return response
stored_credentials = user_session.get('credentials')
stored_gplus_id = user_session.get('gplus_id')
if stored_credentials is not None and gplus_id == stored_gplus_id:
response = make_response(
json.dumps('Current user is already connected.'), 200)
response.headers['Content-Type'] = 'application/json'
return response
# Store the access token in the session for later use.
user_session['access_token'] = credentials.access_token
user_session['gplus_id'] = gplus_id
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
# Write user data in session cookie
user_session['username'] = data['name']
user_session['picture'] = data['picture']
user_session['email'] = data['email']
query = Query()
user_id = query.create_user(user_session)
query.close()
user_session['user_id'] = user_id
output = ''.join([
'<h1>Welcome, ', user_session['username'], '!</h1>', '<img'
' src=', '"', user_session['picture'], '"', ' style=', '"',
'width: 300px; ', 'height: 300px; ', 'border-radius: 150px; ',
'-webkit-border-radius: 150px; ', '-moz-border-radius: 150px;', '"',
'>'
])
flash("you are now logged in as %s" % user_session['username'])
print "done!"
return output
def deleteItemPage(item_id):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
# This page is only for registered users
if auth is False:
query.close()
return render_template('deleteitem.html',
auth=auth,
valid=False,
STATE=state)
book_data = query.select_books(columns=['id', 'owner', 'category'],
limits={'id': item_id},
number=1)[0]
# Checks if user is the owner of the book
if book_data['owner'] != user['id']:
query.close()
return render_template('deleteitem.html',
auth=auth,
user=user,
valid=False,
STATE=state)
# Handling POST request
if request.method == 'POST':
query.delete_book(book_data)
query.close()
return redirect(
url_for('showCategoryPage',
category=book_data['category'],
STATE=state))
query.close()
return render_template('deleteitem.html',
auth=auth,
user=user,
valid=True,
book=book_data,
STATE=state)
def editItemPage(item_id):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
# This page is only for registered users
if auth is False:
query.close()
return render_template('edititem.html', auth=auth, valid=False)
# Request book data from DB including ownership
book_data = query.select_books(columns=[
'id', 'owner', 'title', 'author', 'pub_year', 'description', 'category'
],
limits={'id': item_id},
number=1)[0]
# Checks if user is the owner of the book
if book_data['owner'] != user['id']:
query.close()
return render_template('edititem.html',
auth=auth,
user=user,
valid=False,
STATE=state)
# Handling POST request
if request.method == 'POST':
edit_book = {
'id': item_id,
'owner': book_data['owner'],
'title': form_data(request.form, 'title', None),
'author': form_data(request.form, 'author', None),
'pub_year': form_data(request.form, 'pub_year', None),
'description': form_data(request.form, 'description', None),
'category': form_data(request.form, 'category', None),
'img_url': None, # TODO: in case file upload implemented
}
try:
edit_book['pub_year'] = int(edit_book['pub_year'])
except:
edit_book['pub_year'] = None
book_id = query.edit_book(edit_book)
query.close()
return redirect(
url_for('showItemPage',
category=edit_book['category'],
item_id=book_id,
STATE=state))
categories = query.select_categories()
query.close()
return render_template('edititem.html',
auth=auth,
user=user,
valid=True,
book=book_data,
categories=categories,
STATE=state)
def gconnect():
# Validate state token
if request.args.get('state') != user_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
% access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# Verify that the access token is used for the intended user.
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response(
json.dumps("Token's user ID doesn't match given user ID."), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app.
if result['issued_to'] != CLIENT_ID:
response = make_response(
json.dumps("Token's client ID does not match app's."), 401)
print "Token's client ID does not match app's."
response.headers['Content-Type'] = 'application/json'
return response
stored_credentials = user_session.get('credentials')
stored_gplus_id = user_session.get('gplus_id')
if stored_credentials is not None and gplus_id == stored_gplus_id:
response = make_response(json.dumps('Current user is already connected.'),
200)
response.headers['Content-Type'] = 'application/json'
return response
# Store the access token in the session for later use.
user_session['access_token'] = credentials.access_token
user_session['gplus_id'] = gplus_id
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
# Write user data in session cookie
user_session['username'] = data['name']
user_session['picture'] = data['picture']
user_session['email'] = data['email']
query = Query()
user_id = query.create_user(user_session)
query.close()
user_session['user_id'] = user_id
output = ''.join([
'<h1>Welcome, ', user_session['username'], '!</h1>',
'<img'
' src=',
'"',
user_session['picture'],
'"',
' style=',
'"',
'width: 300px; ', 'height: 300px; ',
'border-radius: 150px; ', '-webkit-border-radius: 150px; ',
'-moz-border-radius: 150px;',
'"',
'>'
])
flash("you are now logged in as %s" % user_session['username'])
print "done!"
return output
def deleteItemPage(item_id):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
# This page is only for registered users
if auth is False:
query.close()
return render_template('deleteitem.html', auth=auth, valid=False, STATE=state)
book_data = query.select_books(columns=['id', 'owner', 'category'], limits={'id': item_id}, number=1)[0]
# Checks if user is the owner of the book
if book_data['owner'] != user['id']:
query.close()
return render_template('deleteitem.html', auth=auth, user=user, valid=False, STATE=state)
# Handling POST request
if request.method == 'POST':
query.delete_book(book_data)
query.close()
return redirect(url_for('showCategoryPage', category=book_data['category'], STATE=state))
query.close()
return render_template('deleteitem.html', auth=auth, user=user, valid=True, book=book_data, STATE=state)
def editItemPage(item_id):
state = get_state()
query = Query()
users = query.get_user_ids()
auth, user = is_authenticated(user_session, users)
# This page is only for registered users
if auth is False:
query.close()
return render_template('edititem.html', auth=auth, valid=False)
# Request book data from DB including ownership
book_data = query.select_books(
columns=['id', 'owner', 'title', 'author', 'pub_year', 'description', 'category'],
limits={'id': item_id},
number=1
)[0]
# Checks if user is the owner of the book
if book_data['owner'] != user['id']:
query.close()
return render_template('edititem.html', auth=auth, user=user, valid=False, STATE=state)
# Handling POST request
if request.method == 'POST':
edit_book = {
'id': item_id,
'owner': book_data['owner'],
'title': form_data(request.form, 'title', None),
'author': form_data(request.form, 'author', None),
'pub_year': form_data(request.form, 'pub_year', None),
'description': form_data(request.form, 'description', None),
'category': form_data(request.form, 'category', None),
'img_url': None, # TODO: in case file upload implemented
}
try:
edit_book['pub_year'] = int(edit_book['pub_year'])
except:
edit_book['pub_year'] = None
book_id = query.edit_book(edit_book)
query.close()
return redirect(url_for('showItemPage', category=edit_book['category'], item_id=book_id, STATE=state))
categories = query.select_categories()
query.close()
return render_template('edititem.html', auth=auth, user=user,
valid=True, book=book_data, categories=categories, STATE=state)