def editItem(category_name, item_name):
db = DBConnect()
item = db.getItemByName(item_name)
if request.method == 'POST':
name = request.form['name']
description = request.form['description']
categoryName = request.form['category']
if name and description and categoryName:
category = db.getCategoryByName(categoryName)
db.editItem(item, name, description, category.id)
return redirect(
url_for('showItem',
category_name=category.name,
item_name=name))
if request.method == 'GET':
# Authorization check before serving the edit page
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != item.user.id:
return redirect(
url_for('error',
error='You are not\
authorized to edit this item'))
categories = db.getAllCategories()
return render_template('editItem.html',
selectedItem=item,
categories=categories)
def newItem(category_name):
if request.method == 'POST':
# Strip off the extra spaces the user may have entered
name = request.form['name'].strip()
description = request.form['description']
# Ensure we have needed item info
if name and description:
db = DBConnect()
isUsed = db.itemNameUsed(name)
# Check if the item name has already been used somewhere else
if not isUsed['used']:
category = db.getCategoryByName(category_name)
userID = db.getUserIDByEmail(session['email'])
db.addItem(name, description, category.id, userID)
return redirect(
url_for('showItem\
',
category_name=category_name,
item_name=name))
return redirect(
url_for('error',
error='This\
item name has already been used'))
return redirect(
url_for('error',
error='You need to enter\
both a name and description'))
if request.method == 'GET':
user = session.get('username')
if user is None:
return redirect(url_for('showLogin'))
return render_template('newItem.html', categoryName=category_name)
