def delete_item(iid): user_id = websession.get('user_id') if not authed_user(user_id): # websession['auth_redir'] = 'delete_item' return redirect(url_for('signin')) item = session.query(Item).filter_by(iid=iid).one() # Authorization Check if item.user_id != user_id: print('item.user_id ({}) != user_id ({})'.format(item.user_id, user_id)) abort(403) if request.method == 'GET': categories = session.query(Category).order_by(Category.name).all() return render_template('item-cud.html', cud_type='Delete', categories=categories, item=item, read_only=True) elif request.method == 'POST': session.delete(item) session.commit() # Add flashing... flash('Item Deleted') return redirect(url_for('show_catalog'))
def add_item(): user_id = websession.get('user_id') if not authed_user(user_id): # websession['auth_redir'] = 'add_item' return redirect(url_for('signin')) if request.method == 'GET': categories = session.query(Category).order_by(Category.name).all() return render_template('item-cud.html', cud_type='Add', categories=categories, item={'picture': DEFAULT_PHOTO, 'category': {}}) elif request.method == 'POST': # Retrieve form data - use .get to avoid 400 status item_name = request.form.get('name') item_description = request.form.get('description') picture_file = request.files.get('file') category_name = request.form.get('category') # Input validation status, error = validate_input(item_name, item_description, category_name) # Deal with picture if picture_file: try: # filename is the path to the image filename = DEFAULT_PHOTO_STORE + uploaded_photos.save(picture_file) flash('Photo Successfully Uploaded') except UploadNotAllowed: error['file_error'] = "The picture file upload wasn't allowed." filename = None status = False if not status: categories = session.query(Category).order_by(Category.name).all() return render_template('item-cud.html', cud_type='Add', categories=categories, item={'name': item_name, 'description': item_description, 'category': {'name': category_name}}, title_error=error.get('title_error'), file_error=error.get('file_error'), category_error=error.get('category_error')) # If no picture supplied, use default if not picture_file or not filename: filename = DEFAULT_PHOTO user = session.query(User).filter_by(uid=user_id).one() category = session.query(Category).filter_by(name=category_name).one() item = Item(name=item_name, picture=filename, description=item_description, category_id=category.cid, user_id=user.uid) session.add(item) session.commit() # Add flashing... flash('New Item Created') return redirect(url_for('show_item', iid=item.iid))
def edit_item(iid): user_id = websession.get('user_id') if not authed_user(user_id): # websession['auth_redir'] = 'edit_item' return redirect(url_for('signin')) # This could return none - use one_or_none instead! item = session.query(Item).filter_by(iid=iid).one() # Authorization Check if item.user_id != user_id: print('item.user_id ({}) != user_id ({})'.format(item.user_id, user_id)) abort(403) if request.method == 'GET': categories = session.query(Category).order_by(Category.name).all() return render_template('item-cud.html', cud_type='Edit', categories=categories, item=item) elif request.method == 'POST': # Retrieve form data - use .get to avoid 400 status item_name = request.form.get('name') item_description = request.form.get('description') picture_file = request.files.get('file') category_name = request.form.get('category') # Input validation status, error = validate_input(item_name, item_description, category_name) # Deal with picture if picture_file: try: # filename is the path to the image filename = DEFAULT_PHOTO_STORE + uploaded_photos.save(picture_file) flash('Photo Successfully Uploaded') except UploadNotAllowed: error['file_error'] = "The picture file upload wasn't allowed." filename = None status = False if not status: # Check if only problem is non-unique name/title (OK since updating): valid_set = {'title_error', 'title_problem'} # Where overwriting existing item, make sure item.name (looked up from passed # iid) matches item_name or we'll get a database error! if not (error.get('title_problem') == 'nonunique' and item.name == item_name and valid_set == set(error)): categories = session.query(Category).order_by(Category.name).all() return render_template('item-cud.html', cud_type='Edit', categories=categories, item={'name': item_name, 'description': item_description, 'category': {'name': category_name}}, title_error=error.get('title_error'), file_error=error.get('file_error'), category_error=error.get('category_error')) category = session.query(Category).filter_by(name=category_name).one() # Only change picture if new one supplied if not picture_file or not filename: filename = item.picture # Update item.name = item_name item.picture = filename item.description = item_description item.category_id = category.cid item.user_id = user_id session.add(item) session.commit() # Add flashing... flash('Item Updated') return redirect(url_for('show_item', iid=item.iid))