Ejemplo n.º 1
0
def edit_item(item):
    """
    This function provides the item editing HTML page on a get request, if the
    user is logged in otherwise they are redirected to the login page.
    If the user is authorized they will not be able to edit the item.
    On a post request only the changed fields in the form will be updated.

    Args:
        item (string): item name
    """
    editedItem = session.query(CatalogItem).filter_by(name=item).one()
    if 'username' not in login_session:
        return redirect('/login')
    if editedItem.user_id != login_session['user_id']:
        return "<script>function myFunction() {alert('You are not " \
               "authorized to edit this item. Please create your own item " \
               "in order to edit.');}</script><body onload='myFunction()'>"
    if request.method == 'POST':
        if request.form['name']:
            editedItem.name = request.form['name']
        if request.form['description']:
            editedItem.description = request.form['description']
        if request.form['catalog-id']:
            editedItem.catalog_id = request.form['catalog-id']
        session.add(editedItem)
        session.commit()
        flash('Item Successfully Edited')
        catalog = session.query(Catalog).filter_by(
            id=request.form['catalog-id']).one()
        return redirect(url_for('catalog_item', name=catalog.name,
                                item=editedItem.name))
    else:
        catalog = session.query(Catalog)
        return render_template('edititem.html', item=editedItem,
                               catalog=catalog)
Ejemplo n.º 2
0
def create_user(login_session):
    newUser = User(name=login_session['username'],
                   email=login_session['email'],
                   picture=login_session['picture'])
    session.add(newUser)
    session.commit()
    user = session.query(User).filter_by(email=login_session['email']).one()
    return user.id
Ejemplo n.º 3
0
def new_item():
    """
    This function provides the item creation HTML page on a get request, if the
    user is logged in otherwise they are redirected to the login page.
    On a post request the information is taken from the and the item is created
    """
    if 'username' not in login_session:
        return redirect('/login')
    if request.method == 'POST':
        newItem = CatalogItem(name=request.form['name'],
                              description=request.form['description'],
                              catalog_id=request.form['catalog-id'],
                              user_id=login_session['user_id'])
        session.add(newItem)
        session.commit()
        flash('New %s Item Successfully Created' % newItem.name)
        return redirect(url_for('catalog_home'))
    else:
        catalog = session.query(Catalog)
        return render_template('newitem.html', catalog=catalog)
Ejemplo n.º 4
0
def delete_item(item):
    """
    This function provides the item deletion HTML page on a get request, if the
    user is logged in otherwise they are redirected to the login page.
    If the user is authorized they will not be able to delete the item.
    On a post request the item is deleted.

    Args:
        item (string): item name
    """
    itemToDelete = session.query(CatalogItem).filter_by(name=item).one()
    if 'username' not in login_session:
        return redirect('/login')
    if itemToDelete.user_id != login_session['user_id']:
        return "<script>function myFunction() {alert('You are not " \
               "authorized to delete this item. Please create your own item " \
               "in order to delete.');}</script><body onload='myFunction()'>"
    if request.method == 'POST':
        session.delete(itemToDelete)
        session.commit()
        flash('Item Successfully Deleted')
        return redirect(url_for('catalog_home'))
    else:
        return render_template('deleteitem.html', item=itemToDelete)