def editItem(category_name, item_name):
db = DBConnect()
item = db.getItemByName(item_name)
if request.method == 'POST':
name = request.form['name']
description = request.form['description']
categoryName = request.form['category']
if name and description and categoryName:
category = db.getCategoryByName(categoryName)
db.editItem(item, name, description, category.id)
return redirect(
url_for('showItem',
category_name=category.name,
item_name=name))
if request.method == 'GET':
# Authorization check before serving the edit page
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != item.user.id:
return redirect(
url_for('error',
error='You are not\
authorized to edit this item'))
categories = db.getAllCategories()
return render_template('editItem.html',
selectedItem=item,
categories=categories)
def showItem(category_name, item_name):
db = DBConnect()
selectedItem = db.getItemByName(item_name)
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != selectedItem.user.id:
return render_template('publicShowItem.html\
',
selectedItem=selectedItem,
categoryName=category_name)
return render_template('showItem.html\
',
selectedItem=selectedItem,
categoryName=category_name)
def deleteItem(category_name, item_name):
db = DBConnect()
item = db.getItemByName(item_name)
if request.method == 'POST':
db.deleteItem(item)
return redirect(url_for('showCategory', category_name=category_name))
if request.method == 'GET':
# Authorization check before serving the delete page
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != item.user.id:
return redirect(
url_for('error',
error='You are not\
authorized to delete this item'))
return render_template('deleteItem.html',
categoryName=category_name,
itemName=item_name)
