def AddItem():
'''
add item
'''
# if not logged in, ask user to login
# technically, this page should not be accessible unless logged in
stored_credentials = appsession.get('access_token')
stored_user_id = appsession.get('user_id')
if stored_credentials is None and stored_user_id is None:
response = make_response(
json.dumps({'response': 'please login first'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
# get categories
categories = CategoryModel.get_categories()
if request.method == 'POST':
# verify state (csrf attack protection)
if request.form.get('state') != appsession['state']:
response = make_response(
json.dumps({'response': 'invalid state parameter'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
# get form variables
item_name = request.form.get('name').strip()
item_description = request.form.get('description').strip()
category_id = request.form.get('category_id')
if not (item_name and item_description and category_id):
flash('all fields mandatory, please fill')
return render_template('add_item.html',
STATE=request.form.get('state'),
appsession=appsession,
categories=categories)
# add item
result = ItemModel.add_item(item_name, item_description, category_id)
if result:
flash('item added successfully')
else:
flash('failed to add item, it might already exit in catalog')
return redirect('/')
else:
state_token = Catalog.generate_state_token()
# store state token in session
appsession['state'] = state_token
return render_template('add_item.html',
STATE=state_token,
appsession=appsession,
categories=categories)
def Category(category_name, category_id):
'''
category page: display category list & items in category
'''
# fetch all categories
categories = CategoryModel.get_categories()
# fetch category items
items = ItemModel.get_category_items(category_id)
return render_template('category.html',
category_name=category_name,
categories=categories, items=items,
appsession=appsession)
def Home():
'''
home page: display category list & latest items added (10)
'''
# fetch all categories
categories = CategoryModel.get_categories()
# fetch latest items
items = ItemModel.get_lastest_items()
return render_template('home.html',
categories=categories,
items=items,
appsession=appsession)
def Item(item_name, item_id):
'''
Item page (view item)
'''
# get categories
categories = CategoryModel.get_categories()
# get item
item = ItemModel.get_item_by_id(item_id)
if not item:
response = make_response(json.dumps({'error': 'item not found'}), 404)
response.headers['Content-Type'] = 'application/json'
return response
# get item category name
category = CategoryModel.get_category_by_id(item.category_id)
category_name = category.name
return render_template('view_item.html',
appsession=appsession,
categories=categories,
item=item,
category_name=category_name)
def AddCategory():
'''
add category
'''
# if not logged in, ask user to login
# technically, this page should not be accessible unless logged in
stored_credentials = appsession.get('access_token')
stored_user_id = appsession.get('user_id')
if stored_credentials is None and stored_user_id is None:
response = make_response(json.dumps(
{'response': 'please login first'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.method == 'POST':
# verify state (csrf attack protection)
if request.form.get('state') != appsession['state']:
response = make_response(json.dumps(
{'response': 'invalid state parameter'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
category_name = request.form.get('name').strip()
result = CategoryModel.add_category(category_name)
if result:
flash('category added successfully')
else:
flash('failed to add category, it might already exists')
return redirect('/')
else:
state_token = Catalog.generate_state_token()
# store state token in session
appsession['state'] = state_token
return render_template('add_category.html', STATE=state_token, appsession=appsession)
def DeleteItem(item_id):
'''
delete item
'''
# if not logged in, ask user to login
# technically, this page should not be accessible unless logged in
stored_credentials = appsession.get('access_token')
stored_user_id = appsession.get('user_id')
if stored_credentials is None and stored_user_id is None:
response = make_response(
json.dumps({'response': 'please login first'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.method == 'POST':
# verify state (csrf attack protection)
if request.form.get('state') != appsession['state']:
response = make_response(
json.dumps({'response': 'invalid state parameter'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
# get item id from from
item_id = request.form.get('item_id').strip()
# delete item
result = ItemModel.delete_item(item_id)
if result:
flash('item deleted successfully')
else:
flash('failed to delete item')
return redirect('/')
else:
state_token = Catalog.generate_state_token()
# store state token in session
appsession['state'] = state_token
# get item to delete
item = ItemModel.get_item_by_id(item_id)
if not item:
response = make_response(json.dumps({'error': 'item not found'}),
404)
response.headers['Content-Type'] = 'application/json'
return response
# get item category
category = CategoryModel.get_category_by_id(item.category_id)
# check for user id mismatch
if item.user_id != appsession['user_id']:
response = make_response(
json.dumps({'error': 'permission denied'}), 401)
response.headers['Content-Type'] = 'application/json'
return response
return render_template('delete_item.html',
STATE=state_token,
appsession=appsession,
category=category,
item=item)