def editItem(category_name, item_name): db = DBConnect() item = db.getItemByName(item_name) if request.method == 'POST': name = request.form['name'] description = request.form['description'] categoryName = request.form['category'] if name and description and categoryName: category = db.getCategoryByName(categoryName) db.editItem(item, name, description, category.id) return redirect( url_for('showItem', category_name=category.name, item_name=name)) if request.method == 'GET': # Authorization check before serving the edit page userEmail = session.get('email') userID = db.getUserIDByEmail(userEmail) if userID != item.user.id: return redirect( url_for('error', error='You are not\ authorized to edit this item')) categories = db.getAllCategories() return render_template('editItem.html', selectedItem=item, categories=categories)
def showItem(category_name, item_name): db = DBConnect() selectedItem = db.getItemByName(item_name) userEmail = session.get('email') userID = db.getUserIDByEmail(userEmail) if userID != selectedItem.user.id: return render_template('publicShowItem.html\ ', selectedItem=selectedItem, categoryName=category_name) return render_template('showItem.html\ ', selectedItem=selectedItem, categoryName=category_name)
def deleteItem(category_name, item_name): db = DBConnect() item = db.getItemByName(item_name) if request.method == 'POST': db.deleteItem(item) return redirect(url_for('showCategory', category_name=category_name)) if request.method == 'GET': # Authorization check before serving the delete page userEmail = session.get('email') userID = db.getUserIDByEmail(userEmail) if userID != item.user.id: return redirect( url_for('error', error='You are not\ authorized to delete this item')) return render_template('deleteItem.html', categoryName=category_name, itemName=item_name)