def edit_item(category_id, item_id): """ Route that renders the page to edit an item. This method validate that the user is logged in, and the item were created by him, to avoid malicious behaviors in the url. Every time the user uploads a new image, the image is stored in a folder that is named with the item id. Only one image path is stored in database. Args: category_id: The id of the category of the item to be edited. item_id: The id of the item to be edited. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) item = db_session.query(Item).filter_by(id=item_id, category_id=category_id).one() if login_session['user_id'] != item.user_id: flash("You can only modify items created by you", category="error") return redirect( url_for('get_item_by_category', category_id=category_id, item_id=item_id)) form = ItemForm() if form.validate_on_submit(): form.populate_obj(item) if len(secure_filename(form.photo.data.filename)) > 0: filename = 'images/uploads/' + str(item.id) + '/' + \ secure_filename(form.photo.data.filename) ensure_dir('static/' + filename) form.photo.data.save('static/' + filename) item.image_path = filename db_session.add(item) db_session.commit() flash("Item '{}' successfully edited".format(item.name)) return redirect( url_for('get_item_by_category', category_id=item.category_id, item_id=item_id)) else: categories = db_session.query(Category).order_by( Category.name).all() return render_template('edit_item.html', categories=categories, active_category=int(category_id), item=item, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))
def new_item(category_id): """ Route that renders the page to add a new item. This method validate that the user is logged in. The item is associated with the current logged in user. Args: category_id: The id of the category of the item to be added. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) form = ItemForm() item = Item() item.name = "New item" if form.validate_on_submit(): form.populate_obj(item) item.user_id = login_session["user_id"] db_session.add(item) if len(secure_filename(form.photo.data.filename)) > 0: db_session.flush() filename = 'images/uploads/' + str(item.id) + '/' + \ secure_filename(form.photo.data.filename) ensure_dir('static/' + filename) form.photo.data.save('static/' + filename) item.image_path = filename db_session.add(item) db_session.commit() flash("Item '{}' successfully added".format(item.name)) return redirect( url_for('get_item_by_category', category_id=item.category_id, item_id=item.id)) else: categories = db_session.query(Category).order_by( Category.name).all() return render_template('new_item.html', categories=categories, active_category=int(category_id), item=item, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))
def edit_item(category_id, item_id): """ Route that renders the page to edit an item. This method validate that the user is logged in, and the item were created by him, to avoid malicious behaviors in the url. Every time the user uploads a new image, the image is stored in a folder that is named with the item id. Only one image path is stored in database. Args: category_id: The id of the category of the item to be edited. item_id: The id of the item to be edited. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) item = db_session.query(Item).filter_by(id=item_id, category_id=category_id).one() if login_session['user_id'] != item.user_id: flash("You can only modify items created by you", category="error") return redirect(url_for('get_item_by_category', category_id=category_id, item_id=item_id)) form = ItemForm() if form.validate_on_submit(): form.populate_obj(item) if len(secure_filename(form.photo.data.filename)) > 0: filename = 'images/uploads/' + str(item.id) + '/' + \ secure_filename(form.photo.data.filename) ensure_dir('static/' + filename) form.photo.data.save('static/' + filename) item.image_path = filename db_session.add(item) db_session.commit() flash("Item '{}' successfully edited".format(item.name)) return redirect(url_for('get_item_by_category', category_id=item.category_id, item_id=item_id)) else: categories = db_session.query(Category).order_by(Category.name).all() return render_template('edit_item.html', categories=categories, active_category=int(category_id), item=item, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))
def new_item(category_id): """ Route that renders the page to add a new item. This method validate that the user is logged in. The item is associated with the current logged in user. Args: category_id: The id of the category of the item to be added. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) form = ItemForm() item = Item() item.name = "New item" if form.validate_on_submit(): form.populate_obj(item) item.user_id = login_session["user_id"] db_session.add(item) if len(secure_filename(form.photo.data.filename)) > 0: db_session.flush() filename = 'images/uploads/' + str(item.id) + '/' + \ secure_filename(form.photo.data.filename) ensure_dir('static/' + filename) form.photo.data.save('static/' + filename) item.image_path = filename db_session.add(item) db_session.commit() flash("Item '{}' successfully added".format(item.name)) return redirect(url_for('get_item_by_category', category_id=item.category_id, item_id=item.id)) else: categories = db_session.query(Category).order_by(Category.name).all() return render_template('new_item.html', categories=categories, active_category=int(category_id), item=item, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))