def create_item():
"""Add an item.
Accepts GET and POST methods.
Redirect if user is not signed in.
"""
if not signed_in():
flash('You must be logged in to add an item.')
return redirect(url_for('catalog.full_catalog'))
if request.method == 'POST':
name = request.form.get('name')
description = request.form.get('description')
category = request.form.get('category')
csrftoken = request.form.get('csrftoken')
if csrftoken != session['csrf']:
flash('Invalid CSRF token.')
elif not name or not description or not category:
flash('All fields must be filled.')
else:
# Everything valid. Create item.
del session['csrf']
item = Item.create_item(name, description, category,
session['user_id'])
if item:
flash('Item successfully updated.')
return redirect(
url_for('catalog.show_item',
category_name=item.category,
item_name=item.name))
categories = Item.get_categories()
session['csrf'] = token()
return render_template('catalog-add.html', categories=categories)
Base.metadata.bind = _engine
_db_session = sessionmaker(bind=_engine)
_session = _db_session()
_session.query(User).delete()
_session.query(Item).delete()
_session.commit()
u1 = User.create_user({'name': 'Adam', 'email': '*****@*****.**'})
u2 = User.create_user({'name': 'Bob', 'email': '*****@*****.**'})
u3 = User.create_user({'name': 'Carl', 'email': '*****@*****.**'})
Item.create_item("Stick",
"Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
"Hockey", u1.id)
Item.create_item("Goggles",
"Mauris et ante feugiat, laoreet felis id, convallis nunc.",
"Snowboarding", u2.id)
Item.create_item("Snowboard",
"Mauris venenatis turpis non justo scelerisque maximus.",
"Snowboarding", u3.id)
Item.create_item("Two shinguards",
"Mauris placerat ipsum eget ligula facilisis posuere.",
"Soccer", u1.id)
Item.create_item("Shinguards",
"Curabitur cursus mauris vitae tortor varius porta.",
"Soccer", u2.id)
Item.create_item("Frizbee",
"Phasellus suscipit metus ac purus pretium feugiat.",
