def newCategory(): # If the user is logged in: if 'email' in login_session.keys(): # Get the form for categories out of the forms module. form = forms.categoryForm(request.form) user_id = models.getUserID(login_session['email']) user = models.getUserInfo(user_id) # If the form is submitted via POST and is validated: if request.method == 'POST' and form.validate(): # Create a new category object to store all data from the form. new_category = { "name": form.name.data, "image": form.image.data, "description": form.description.data, "user_id": models.getUserID(login_session['email']) } # Pass that object to the DB via the models module. models.category_new(new_category) # Redirect to the index page. return redirect(url_for('index')) else: # If the route is requested via GET, render the new category page. return render_template('categories/new.html', form=form, user=user) else: return redirect(url_for('index'))
def editCategory(category_id): # Adding logged in user verification to every route here on out. if 'email' in login_session.keys(): # Get the category out of the DB. edit_category = models.category_get(category_id) # Let's make sure this user is the cateogory owner. user_id = models.getUserID(login_session['email']) if edit_category.user_id == user_id: # Get the form out of the form module. form = forms.categoryForm(request.form) # If the form is submitted via POST and is validated: if request.method == 'POST' and form.validate(): # Update the category with the form data edit_category.name = form.name.data edit_category.image = form.image.data edit_category.description = form.description.data # Send the updated category back to the DB. models.category_edit(edit_category) # Redirect to the index page. return redirect(url_for('index')) else: # If the route is requested via GET render the edit page. user = models.getUserInfo(user_id) return render_template('categories/edit.html', category=edit_category, form=form, user=user) else: flash("You aren't the owner for that.") return redirect(url_for('index')) else: return redirect(url_for('index'))
def editItem(category_id, item_id): if 'email' in login_session.keys(): edit_item = models.item_get(item_id) user_id = models.getUserID(login_session['email']) if edit_item.user_id == user_id: form = forms.itemForm(request.form) user = models.getUserInfo(user_id) category = models.category_get(category_id) if request.method == 'POST' and form.validate(): edit_item.name = form.name.data edit_item.image = form.image.data edit_item.description = form.description.data models.item_edit(edit_item) items = models.items_get_by_category(category_id) return render_template('categories/show.html', category=category, items=items, user=user) else: return render_template('items/edit.html', category=category, item=edit_item, form=form, user=user) else: flash("You aren't the owner for that.") return redirect(url_for('showCategory', category_id=category_id)) else: return redirect(url_for('showCategory', category_id=category_id))
def showItem(category_id, item_id): category = models.category_get(category_id) item = models.item_get(item_id) if 'email' in login_session.keys(): user_id = models.getUserID(login_session['email']) user = models.getUserInfo(user_id) return render_template('items/show.html', category=category, item=item, user=user) else: return render_template('items/public.html', category=category, item=item)
def newItem(category_id): if 'email' in login_session.keys(): form = forms.itemForm(request.form) user_id = models.getUserID(login_session['email']) user = models.getUserInfo(user_id) category = models.category_get(category_id) if request.method == 'POST' and form.validate(): new_item = { "name": form.name.data, "image": form.image.data, "description": form.description.data, "user_id": models.getUserID(login_session['email']), "category_id": category_id } models.item_new(category_id, new_item) items = models.items_get_by_category(category_id) return render_template('categories/show.html', category=category, items=items, user=user) else: return render_template('items/new.html', category=category, form=form, user=user) else: return redirect(url_for('showCategory', category_id=category_id))
def showCategory(category_id): # Get the selected category from the DB. category = models.category_get(category_id) # Get the items for that category out of the DB. items = models.items_get_by_category(category_id) # Show the information on the shetlers show page. if 'email' in login_session.keys(): user_id = models.getUserID(login_session['email']) user = models.getUserInfo(user_id) return render_template('categories/show.html', category=category, items=items, user=user) else: state = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in xrange(32)) login_session['state'] = state return render_template('categories/public.html', category=category, items=items, STATE=state)
def index(): categories = models.category_list() items = models.items_get_10() if 'email' in login_session.keys(): user_id = models.getUserID(login_session['email']) user = models.getUserInfo(user_id) return render_template('index.html', categories=categories, items=items, user=user) else: # Create an anti-forgery state token by creatings a unique 32 char # string. state = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in xrange(32)) # Save that state token to our login_session object. login_session['state'] = state # And return the template to log in, while passing along the state # string. return render_template('public.html', STATE=state, categories=categories, items=items)
def deleteItem(category_id, item_id): if 'email' in login_session.keys(): delete_item = models.item_get(item_id) user_id = models.getUserID(login_session['email']) if delete_item.user_id == user_id: form = forms.deleteForm(request.form) category = models.category_get(category_id) user = models.getUserInfo(user_id) if request.method == 'POST': models.item_delete(delete_item) return redirect(url_for('showCategory', category_id=category.id)) else: return render_template('items/delete.html', category=category, item=delete_item, user=user, form=form) else: flash("You aren't the owner for that.") return redirect(url_for('showCategory', category_id=category_id)) else: return redirect(url_for('showCategory', category_id=category_id))
def deleteCategory(category_id): if 'email' in login_session.keys(): # Get the category to be deleted out of the DB. delete_category = models.category_get(category_id) user_id = models.getUserID(login_session['email']) if delete_category.user_id == user_id: form = forms.deleteForm(request.form) if request.method == 'POST': # Delete the category out of the DB. models.category_delete(delete_category) # Redirect to the index page. return redirect(url_for('index')) else: # If the route is requested via GET render the delete page. user = models.getUserInfo(user_id) return render_template('categories/delete.html', category=delete_category, user=user, form=form) else: flash("You aren't the owner for that.") return redirect(url_for('index')) else: return redirect(url_for('index'))
def gconnect(): # First we should validate that the state token the server sent to the # client matches the state token the client sent to the server. # If the state variable returned by the request arguments does not equal # the state variable we assigned above: if request.args.get('state') != login_session['state']: # We'll respond accordingly. response = make_response(json.dumps('Invalid state parameter.'), 401) response.headers['Content-Type'] = 'application/json' return response # Otherwise let's grab the authorization code. code = request.data try: # Upgrade the authorization code into a credentials object. oauth_flow = (flow_from_clientsecrets ('/var/www/catalog/google_client_secrets.json', scope='')) # Somehow the following line of code indicates that this is the # one-time-use code the server will be sending off. oauth_flow.redirect_uri = 'postmessage' # The exchange is initiated. credentials = oauth_flow.step2_exchange(code) except FlowExchangeError: response = make_response( json.dumps('Failed to upgrade the authoerization code.'), 401) response.headers['Content-Type'] = 'applications/json' return response # Now that we have the credentials lets verify some things. # First that we were provided with a valid access token. access_token = credentials.access_token # This is the url where we can check the access_token. url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}' .format(access_token)) # We'll create an Http() object. h = httplib2.Http() # We'll store our result in a variable. result = json.loads(h.request(url, 'GET')[1]) print result # The only way we know if the access token wasn't valid is if an error # is returned. if result.get('error') is not None: response = make_response(json.dumps(result.get('error')), 500) response.headers['Content-Type'] = 'application/json' # And we can verify that the access token is being used appropriately. gplus_id = credentials.id_token['sub'] if result['user_id'] != gplus_id: response = make_response( json.dumps("Token's client ID does not match app's."), 401) response.headers['Content-Type'] = 'application/json' return response # Verify that the access token is valid for this app. if result['issued_to'] != CLIENT_ID: response = make_response( json.dumps("Token's client ID does not match app's."), 401) print "Token's client ID does not match app's." response.headers['Content-Type'] = 'application/json' return response # And let's make sure the user isn't already logged in. stored_credentials = login_session.get('credentials') stored_gplus_id = login_session.get('gplus_id') if stored_credentials is not None and gplus_id == stored_gplus_id: response = make_response(json.dumps('Current user is already \ connected.'), 200) response.headers['Content-Type'] = 'application/json' return response # Store the access token in the session for later use. login_session['credentials'] = credentials.access_token print login_session['credentials'] login_session['gplus_id'] = gplus_id # Get the user's info userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo" params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params=params) data = answer.json() login_session['username'] = data['name'] login_session['picture'] = data['picture'] login_session['email'] = data['email'] # Let's add how the user signed in. login_session['provider'] = 'google' # We can check if the user is in our database, and if not add them. user_id = models.getUserID(data["email"]) if not user_id: user_id = models.createUser(login_session) login_session['user_id'] = user_id output = "SUCCESS!" return output