def editItem(category_name, item_name): db = DBConnect() item = db.getItemByName(item_name) if request.method == 'POST': name = request.form['name'] description = request.form['description'] categoryName = request.form['category'] if name and description and categoryName: category = db.getCategoryByName(categoryName) db.editItem(item, name, description, category.id) return redirect( url_for('showItem', category_name=category.name, item_name=name)) if request.method == 'GET': # Authorization check before serving the edit page userEmail = session.get('email') userID = db.getUserIDByEmail(userEmail) if userID != item.user.id: return redirect( url_for('error', error='You are not\ authorized to edit this item')) categories = db.getAllCategories() return render_template('editItem.html', selectedItem=item, categories=categories)
def newItem(category_name): if request.method == 'POST': # Strip off the extra spaces the user may have entered name = request.form['name'].strip() description = request.form['description'] # Ensure we have needed item info if name and description: db = DBConnect() isUsed = db.itemNameUsed(name) # Check if the item name has already been used somewhere else if not isUsed['used']: category = db.getCategoryByName(category_name) userID = db.getUserIDByEmail(session['email']) db.addItem(name, description, category.id, userID) return redirect( url_for('showItem\ ', category_name=category_name, item_name=name)) return redirect( url_for('error', error='This\ item name has already been used')) return redirect( url_for('error', error='You need to enter\ both a name and description')) if request.method == 'GET': user = session.get('username') if user is None: return redirect(url_for('showLogin')) return render_template('newItem.html', categoryName=category_name)