def newItem(category_name):
if request.method == 'POST':
# Strip off the extra spaces the user may have entered
name = request.form['name'].strip()
description = request.form['description']
# Ensure we have needed item info
if name and description:
db = DBConnect()
isUsed = db.itemNameUsed(name)
# Check if the item name has already been used somewhere else
if not isUsed['used']:
category = db.getCategoryByName(category_name)
userID = db.getUserIDByEmail(session['email'])
db.addItem(name, description, category.id, userID)
return redirect(
url_for('showItem\
',
category_name=category_name,
item_name=name))
return redirect(
url_for('error',
error='This\
item name has already been used'))
return redirect(
url_for('error',
error='You need to enter\
both a name and description'))
if request.method == 'GET':
user = session.get('username')
if user is None:
return redirect(url_for('showLogin'))
return render_template('newItem.html', categoryName=category_name)
def editItem(category_name, item_name):
db = DBConnect()
item = db.getItemByName(item_name)
if request.method == 'POST':
name = request.form['name']
description = request.form['description']
categoryName = request.form['category']
if name and description and categoryName:
category = db.getCategoryByName(categoryName)
db.editItem(item, name, description, category.id)
return redirect(
url_for('showItem',
category_name=category.name,
item_name=name))
if request.method == 'GET':
# Authorization check before serving the edit page
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != item.user.id:
return redirect(
url_for('error',
error='You are not\
authorized to edit this item'))
categories = db.getAllCategories()
return render_template('editItem.html',
selectedItem=item,
categories=categories)
def showItem(category_name, item_name):
db = DBConnect()
selectedItem = db.getItemByName(item_name)
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != selectedItem.user.id:
return render_template('publicShowItem.html\
',
selectedItem=selectedItem,
categoryName=category_name)
return render_template('showItem.html\
',
selectedItem=selectedItem,
categoryName=category_name)
def deleteItem(category_name, item_name):
db = DBConnect()
item = db.getItemByName(item_name)
if request.method == 'POST':
db.deleteItem(item)
return redirect(url_for('showCategory', category_name=category_name))
if request.method == 'GET':
# Authorization check before serving the delete page
userEmail = session.get('email')
userID = db.getUserIDByEmail(userEmail)
if userID != item.user.id:
return redirect(
url_for('error',
error='You are not\
authorized to delete this item'))
return render_template('deleteItem.html',
categoryName=category_name,
itemName=item_name)
def gconnect():
# Verify that the token the client sends the server matches the one
# that was sent
if request.args.get('state') != session['state']:
# If they do not match then respond with an error
response = make_response(json.dumps('Invalid state token'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# If the state tokens match then we take our code
code = request.data
# Try to use the one time code and exchange it for a
# credentials object
try:
# Create oauth flow object and adds client secret key info to
# that object
oauth_flow = flow_from_clientsecrets('secret/client_secrets.json',
scope='')
# Specify that this the one time code flow this server sends off
oauth_flow.redirect_uri = 'postmessage'
# Init exchange
credentials = oauth_flow.step2_exchange(code)
# Handle the case where an error occurs during the exchange
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the\
authorization code'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check to see if there is a valid access token inside of the
# returned credentials
access_token = credentials.access_token
url = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'\
% access_token
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
if result.get('error') is not None:
response = make_response(json.dumps(result['error']), 500)
response.headers['Content-Type'] = 'application/json'
return response
# Compare id in the credentials object against the id returned
# by the google api server
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response(
json.dumps('Token user ID does not\
match given user ID'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Compare client IDs
if result['issued_to'] != CLIENT_ID:
response = make_response(
json.dumps('Token client ID does not\
match the apps ID'), 401)
print('Token client ID does not match the apps ID')
response.headers['Content-Type'] = 'application/json'
return response
# Check if the user is already logged into the system
stored_credentials = session.get('credentials')
stored_gplus_id = session.get('gplus_id')
if stored_credentials is not None and stored_gplus_id == gplus_id:
response = make_response(
json.dumps('Current user is\
already logged in'), 200)
response.headers['Content-Type'] = 'application/json'
return response
# Store credentials and google plus id in this session
session['credentials'] = credentials.access_token
session['gplus_id'] = gplus_id
# Get more information about the user from the google plus api
userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = json.loads(answer.text)
# Store user info in login session
session['username'] = data['email']
session['email'] = data['email']
session['picture'] = data['picture']
db = DBConnect()
userID = db.getUserIDByEmail(session['email'])
if userID is None:
db.createUser(session['username'], session['email'],
session['picture'])
userID = db.getUserIDByEmail(session['email'])
session['user_id'] = userID
output = ''
output += '<h1>Welcome, '
output += session['username']
return output
