Beispiel #1
0
def editItem(category_name, item_name):
    db = DBConnect()
    item = db.getItemByName(item_name)
    if request.method == 'POST':
        name = request.form['name']
        description = request.form['description']
        categoryName = request.form['category']
        if name and description and categoryName:
            category = db.getCategoryByName(categoryName)
            db.editItem(item, name, description, category.id)
            return redirect(
                url_for('showItem',
                        category_name=category.name,
                        item_name=name))

    if request.method == 'GET':
        # Authorization check before serving the edit page
        userEmail = session.get('email')
        userID = db.getUserIDByEmail(userEmail)
        if userID != item.user.id:
            return redirect(
                url_for('error',
                        error='You are not\
            authorized to edit this item'))
        categories = db.getAllCategories()
        return render_template('editItem.html',
                               selectedItem=item,
                               categories=categories)
Beispiel #2
0
def newItem(category_name):
    if request.method == 'POST':
        # Strip off the extra spaces the user may have entered
        name = request.form['name'].strip()
        description = request.form['description']
        # Ensure we have needed item info
        if name and description:
            db = DBConnect()
            isUsed = db.itemNameUsed(name)
            # Check if the item name has already been used somewhere else
            if not isUsed['used']:
                category = db.getCategoryByName(category_name)
                userID = db.getUserIDByEmail(session['email'])
                db.addItem(name, description, category.id, userID)
                return redirect(
                    url_for('showItem\
',
                            category_name=category_name,
                            item_name=name))
            return redirect(
                url_for('error',
                        error='This\
            item name has already been used'))
        return redirect(
            url_for('error',
                    error='You need to enter\
        both a name and description'))

    if request.method == 'GET':
        user = session.get('username')
        if user is None:
            return redirect(url_for('showLogin'))
        return render_template('newItem.html', categoryName=category_name)