def list_menu_items(restaurant_id):
creator = database_operations.get_user(database_operations.get_restaurant(restaurant_id).user_id)
if 'user_id' not in login_session:
print 'public'
return render_template('public_menu.html',
items = database_operations.get_menu_items_for_restaurant(restaurant_id),
restaurant = database_operations.get_restaurant(restaurant_id),
creator= creator)
if creator.id == login_session['user_id']:
if not database_operations.get_menu_items_for_restaurant(restaurant_id):
flash("{} has no menu yet, please add an item!".format(database_operations.get_restaurant(restaurant_id).name))
return redirect(url_for('add_new_menu_item', restaurant_id=restaurant_id))
print 'private'
return render_template('menu.html',
restaurant=database_operations.get_restaurant(restaurant_id),
items=database_operations.get_menu_items_for_restaurant(restaurant_id))
else:
if not database_operations.get_menu_items_for_restaurant(restaurant_id):
flash("{} has no menu yet!".format(database_operations.get_restaurant(restaurant_id).name))
return redirect(url_for('list_restaurants'))
print 'public'
return render_template('public_menu.html',
items = database_operations.get_menu_items_for_restaurant(restaurant_id),
restaurant = database_operations.get_restaurant(restaurant_id),
creator= creator)
def delete_menu_item(restaurant_id, menu_id):
if 'username' not in login_session:
return redirect(url_for('show_login'))
if database_operations.get_user(database_operations.get_restaurant(restaurant_id).user_id).id != login_session['user_id']:
return "<script>function myFunction() {alert('You are not authorized to delete this item');} </script>" \
"<body onload='myFunction()'>"
if request.method == 'POST':
database_operations.delete_menu_item(menu_id)
flash("Menu item has been deleted!")
return redirect(url_for('list_menu_items', restaurant_id=restaurant_id))
else:
return render_template('delete_menu_item.html', restaurant_id=restaurant_id,
item=database_operations.get_menu_item(menu_id))
def edit_menu_item(restaurant_id, menu_id):
if 'username' not in login_session:
return redirect(url_for('show_login'))
if database_operations.get_user(database_operations.get_restaurant(restaurant_id).user_id).id != login_session['user_id']:
flash("You don't have the permission to edit this menu item")
return redirect(url_for('list_menu_items', restaurant_id=restaurant_id))
if request.method == 'POST':
database_operations.update_menu_item(menu_id=menu_id,
name=request.form['name'],
description=request.form['description'],
price=request.form['price'],
user_id=login_session['user_id'])
flash("Menu item has been updated!")
return redirect(url_for('list_menu_items', restaurant_id=restaurant_id))
else:
return render_template('edit_menu_item.html', restaurant_id=restaurant_id,
item=database_operations.get_menu_item(menu_id))