def save_item(item, item_id):
"""
Utility method for updating an existing
item or creating a new item
:param item:
:param item_id:
:return: Rendered html
"""
# User is modifying an EXISTING item in the database
if item_id > 0:
item.Item.name = request.form['title']
item.Item.description = request.form['description']
item.Item.category_id = request.form['category']
session.add(item.Item)
session.commit()
flash("Updated " + item.Item.name)
return render_template('item_details.html',
item=item,
login_session=login_session)
# User is creating a NEW item
else:
new_item = Item(name=request.form.get('title'),
description=request.form['description'],
category_id=request.form['category'],
user_id=login_session['userid'])
session.add(new_item)
session.commit()
flash("Created " + new_item.name)
created_item = session.query(
Item, User).filter(Item.id == new_item.id).join(User).first()
return render_template('item_details.html',
item=created_item,
login_session=login_session)
def newcategory():
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
# Get name of new category from request and check if its not an empty
# string.
_categoryname = request.form['newcategory']
# Let user know he is trying to create a no name categroy and redirect to
# item main page.
if _categoryname == '':
_flashmessage = 'Name of Category must not be empty!'
flash(_flashmessage)
return redirect(url_for('metalitems'))
_user_id = login_session['userid']
# In case category is valid write it to table category.
newCategory = Category(name=_categoryname, user_id=_user_id)
session.add(newCategory)
session.commit()
# Tell the user his category has been created
_flashmessage = 'Category ' + _categoryname + ' has been created!'
flash(_flashmessage)
return redirect(url_for('metalitems'))
def newcategory():
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
# Get name of new category from request and check if its not an empty
# string.
_categoryname = request.form['newcategory']
# Let user know he is trying to create a no name categroy and redirect to
# item main page.
if _categoryname == '':
_flashmessage = 'Name of Category must not be empty!'
flash(_flashmessage)
return redirect(url_for('metalitems'))
_user_id = login_session['userid']
# In case category is valid write it to table category.
newCategory = Category(name=_categoryname, user_id=_user_id)
session.add(newCategory)
session.commit()
# Tell the user his category has been created
_flashmessage = 'Category ' + _categoryname + ' has been created!'
flash(_flashmessage)
return redirect(url_for('metalitems'))
def new_contact():
if 'email' not in session:
return redirect(url_for('login'))
form = ContactForm()
if request.method == 'POST':
if form.validate() is False:
return render_template('newcontact.html', form=form)
else:
email = session['email']
user = db_session.query(User).filter_by(email=email).first()
contacts = Contact()
contacts.UserId = user.id
if form.first_name.data and form.last_name.data:
contacts.name = form.first_name.data+' '+form.last_name.data
if form.email.data:
contacts.email = form.email.data
if form.phone_number:
contacts.phoneNumber = form.phone_number.data
if form.address.data:
contacts.address = form.address.data
db_session.add(contacts)
db_session.commit()
return redirect(url_for('contacts'))
elif request.method == 'GET':
return render_template('newcontact.html', form=form)
def fbconnect():
# If the state variable from request is not the same as the one
# in session,
# Reject the request
if request.args.get('state') != session['state']:
response = make_response(json.dunps("Invalid Request!!!"), 401)
response.header['Content-type'] = 'application/json'
return response
session['logined'] = True
# Get the server token from facebook
clientToken = request.data
file = open('secret.json', 'r')
fbsecret = json.loads(file.read())
url = 'https://graph.facebook.com/oauth/access_token?' \
'grant_type=fb_exchange_token&client_id=%s&client_secret=%s' \
'&fb_exchange_token=%s' % (
fbsecret['app_id'], fbsecret['secret'], clientToken)
http = httplib2.Http()
result = http.request(url, 'GET')[1]
serverToken = result.split(',')[0].split(':')[1].replace('"', '')
session['token'] = serverToken
# Get the user information
userinfo_url = 'https://graph.facebook.com/v2.8/me'\
'?access_token=%s&fields=name,id,email' % serverToken
http = httplib2.Http()
userinfo = json.loads(http.request(userinfo_url, 'GET')[1])
# Attach the result to session
session['provider'] = 'facebook'
session['user'] = userinfo["name"]
session['email'] = userinfo["email"]
session['facebook_id'] = userinfo["id"]
# Insert the user into the database
try:
item = database_session.query(
User).filter_by(
provider=session['provider'],
provider_id=session['facebook_id']).one()
session['user_id'] = item.id
except NoResultFound:
# Try to add the new catagory
newUser = User(
provider=session['provider'],
provider_id=session['facebook_id'])
try:
database_session.add(newUser)
database_session.flush()
database_session.commit()
session['user_id'] = newUser.id
except SQLAlchemyError:
flash("The system cannot add the user")
return redirect("/")
# Flash the system message
flash('Login Successfully via %s as %s.' % (
session['provider'], session['user']))
return 'success'
def newItem():
# If the method is POST, try to add the new record
if request.method == "POST":
record = Items(
name=request.form["name"],
catagory_id=request.form["catagory_id"],
description=request.form["description"],
user_id=session['user_id'])
# Try to add the new items
try:
database_session.add(record)
database_session.commit()
except SQLAlchemyError:
flash("Cannot edit the item! Please contact developer!")
return redirect("/")
# Flash the system message
flash("Item \"%s\" has already created!" %
(record.name,))
return redirect("/")
else:
# Render the existing catagories for selection
catagory = database_session.query(Catagory).all()
item = None
return render_template(
"itemForm.html", catagory=catagory, item=item, editFlag=False)
def editItem(item_id):
# If the method is POST, connect to the database and update it
if request.method == "POST":
item_update = database_session.query(Items).filter_by(id=item_id).one()
# Check if the editing user is the user creating this item
if item_update.user_id != session['user_id']:
flash('You have no permession to edit item %s' % (item.name,))
return redirect('/')
item_update.name = request.form["name"]
item_update.catagory_id = request.form["catagory_id"]
item_update.description = request.form["description"]
# Commit the changes and except the errors
try:
database_session.add(item_update)
database_session.commit()
flash("Item \"%s\" has been updated!" % (item_update.name,))
return redirect("/")
except SQLAlchemyError:
flash("Cannot edit the item! Please contact developer!")
return redirect("/")
else:
# Render the item edited to user
try:
item = database_session.query(Items).filter_by(id=item_id).join(
Items.catagory).one()
catagory = database_session.query(Catagory).all()
return render_template(
"itemForm.html", item=item, catagory=catagory, editFlag=True)
except NoResultFound:
flash("Cannot find the item!")
return redirect('/')
def edit_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
edited_item = session.query(Item).filter_by(name=item_name,
category_id=category.id).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if edited_item.user_id != user_id:
message = json.dumps('You are not allowed to edit the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
# Post method
if request.method == 'POST':
if request.form['name']:
edited_item.name = request.form['name']
if request.form['description']:
edited_item.description = request.form['description']
if request.form['category']:
category = session.query(Category).filter_by(name=request.form
['category']).one()
edited_item.category = category
session.add(edited_item)
session.commit()
return redirect(url_for('show_category',
category_name=edited_item.category.name))
else:
categories = session.query(Category).all()
return render_template('edititem.html', item=edited_item,
categories=categories)
def newItem():
loggedIn = 'access_token' in login_session \
and login_session['access_token'] is not None
name = ''
user_email = ''
if loggedIn:
name = login_session['name']
user_email = login_session['email']
if request.method == 'POST':
if loggedIn == False and user_email == request.form['user_email']:
abort(403)
userId = getUserID(request.form['user_email'])
newItem = Item(name=request.form['name'],
description=request.form['description'],
category_id=request.form['category_id'],
user_id=userId)
session.add(newItem)
session.commit()
category = session.query(Category).filter(
Category.id == request.form['category_id']).first()
return redirect(
url_for('showItems',
category_name=category.name,
item_name=request.form['name']))
else:
categories = session.query(Category).all()
return render_template('catalog/newItem.html',
categories=categories,
loggedIn=loggedIn,
name=name,
user_email=user_email)
def addRestaurant():
if request.method == 'POST':
restaurant = Restaurant(name=request.form.get('name', ''))
session.add(restaurant)
session.commit()
flash("Restaurant added")
return redirect(url_for('listMenuItems', restaurant_id=restaurant.id))
return render_template('addRestaurant.html')
def createUser():
newUser = User(username=login_session[
'username'], email=login_session['email'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def createUser():
newUser = User(username=login_session['username'],
email=login_session['email'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def editRestaurant(restaurant_id):
restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
if request.method == 'POST':
restaurant.name = request.form.get('name', '')
session.add(restaurant)
session.commit()
flash("Restaurant edited")
return redirect(url_for('listRestaurants'))
return render_template('editRestaurant.html', restaurant=restaurant)
def insert_user():
"""
This function inserts a user into database
"""
temp_email = login_session['email']
temp_name = login_session['username']
temp_pic = login_session['picture']
temp_user = User(email=temp_email, name=temp_name, picture=temp_pic)
session.add(temp_user)
session.commit()
def create_user(login_session):
""" User helper functions
Creates a new user in our db
"""
new_user = User(name=login_session['username'],
email=login_session['email'])
session.add(new_user)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def try_add():
"""
This function receives data from the create item page from ajax call
Attempts add that item to database
"""
# Check that user is logged in
if 'username' not in login_session:
ret = {'html': "Not logged in",
'status': "ERROR"}
return json.dumps(ret)
# Check that values were posted
if 'name' not in request.form or 'desc' not in request.form:
ret = {'html': "No values given",
'status': "ERROR"}
return json.dumps(ret)
# needed variables
t_name = request.form["name"]
t_desc = request.form["desc"]
# check if item exists already
# does not make sense to have more than 1 item with same name
if session.query(Item).filter(Item.item_name == t_name).count() != 0:
ret_str = "Sorry. "
ret_str += t_name
ret_str += " is already in the database"
ret = {'html': ret_str, 'status': "ERROR"}
return json.dumps(ret)
# get one and only one category id
t_cat = return_one_category(request.form["category"])
if t_cat == "ERROR":
ret = {'html': "Error getting category id", 'status': "ERROR"}
return json.dumps(ret)
# get one and only one user id
t_user = return_one_user(login_session['email'])
if t_user == "ERROR":
ret = {'html': "Error getting user id", 'status': "ERROR"}
return json.dumps(ret)
# add to database
t_itm = Item(item_name=t_name, description=t_desc,
cat_id=t_cat, creator=t_user)
session.add(t_itm)
session.commit()
# Return
ret = {'html': "Item successfully added!", 'status': "SUCCESS"}
return json.dumps(ret)
def editMenuItem(restaurant_id, menu_id):
menuitem = session.query(MenuItem).filter_by(id=menu_id).one()
if request.method == 'POST':
menuitem.name = request.form.get('name', '')
menuitem.description = request.form.get('description', '')
menuitem.price = request.form.get('price', '')
menuitem.course = request.form.get('course', '')
menuitem.restaurant_id = restaurant_id
print request.form.get('name')
session.add(menuitem)
session.commit()
flash("Menu-Item edited")
return redirect(url_for('listMenuItems', restaurant_id=restaurant_id))
return render_template('editMenuItem.html', menuitem=menuitem)
def addMenuItem(restaurant_id):
restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
if request.method == 'POST':
menuitem = MenuItem(
name=request.form.get('name', ''),
description=request.form.get('description', ''),
price=request.form.get('price', ''),
course=request.form.get('course', ''),
restaurant_id=restaurant_id,
)
session.add(menuitem)
session.commit()
flash("Menu-Item added")
return redirect(url_for('listMenuItems', restaurant_id=restaurant.id))
return render_template('addMenuItem.html', restaurant=restaurant)
def add_item():
categories = session.query(Category).all()
if request.method == 'POST':
new_item = Item(
name=request.form['name'],
description=request.form['description'],
category=session.query(Category).
filter_by(name=request.form['category']).one(),
user_id=login_session['user_id'])
session.add(new_item)
session.commit()
return redirect(url_for('show_catalog'))
else:
return render_template('additem.html', categories=categories)
def ensure_user_in_database():
"""
If app has been restarted and user still has a session
it might be necessary to recreate the user in the
database (especially if using in-memory database)
"""
if 'email' in login_session:
user_exists = session.query(
exists().where(User.email == login_session['email'])).scalar()
if not user_exists:
user = User(id=login_session['userid'],
picture=login_session['picture'],
name=login_session['name'],
email=login_session['email'],
client_id=login_session['client_id'])
session.add(user)
session.commit()
print("Recreated user in database")
def newitem(categoryid):
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
# If user clicks button add item, check if item title is not an ampty
# string. Then store the new item in table items.
if request.method == 'POST':
_itemtitle = request.form['newitemtitle']
if _itemtitle == '':
_flashmessage = 'Name of item must not be empty!'
flash(_flashmessage)
return render_template('newmetalitem.html', categoryid=categoryid)
else:
_itemdescription = request.form['newitemdescription']
_user_id = login_session['userid']
_newItem = Item(title=_itemtitle,
description=_itemdescription,
category_id=categoryid,
user_id=_user_id)
session.add(_newItem)
session.commit()
# Let the user know his new item has been safed.
_flashmessage = 'Item ' + _itemtitle + ' has been created.'
flash(_flashmessage)
# Return to main page.
return redirect(url_for('metalitems'))
# If request is not post but get go here (comming from main page
# metalitems).
else:
_category = session.query(Category).filter_by(id=categoryid).first()
return render_template('newmetalitem.html',
categoryid=categoryid,
categoryname=_category.name)
def newCatagory():
# If the method is POST, do the following
if request.method == "POST":
newCataName = request.form["catagory"]
try:
# Prevent catagory from repeating
item = database_session.query(
Catagory).filter_by(name=newCataName).one()
flash("Catagory \"%s\" has already existed!" % (newCataName,))
return redirect("/newCatagory")
except NoResultFound:
# Try to add the new catagory
newCata = Catagory(name=newCataName)
try:
database_session.add(newCata)
database_session.commit()
return redirect("/")
except SQLAlchemyError:
flash("Cannot commit the new item! Please contact developer!")
return redirect("/newCatagory")
else:
return render_template("newCatagory.html")
def login_redirect():
"""
Redirect from Amazon Login with an auth token
:return:
"""
next_redirect = request.args.get('next')
access_token = request.args.get('access_token')
d = amazon_authorization(access_token)
print("Amazon data:", d)
# # State token to prevent CSRF
# state = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in xrange(32))
# login_session['state'] = state
# Find user in database by email or create new record
user = session.query(User).filter(User.email == d['email']).first()
if user is None:
print("Creating new user in database")
m = hashlib.md5()
m.update(d['email'])
gravatar = 'https://secure.gravatar.com/avatar/' + m.hexdigest(
) + '?size=35'
user = User(name=d['name'], email=d['email'], picture=gravatar)
session.add(user)
session.commit()
# Update the Amazon ID for the user if not already set
if user.client_id != d['user_id']:
user.client_id = d['user_id']
session.commit()
login_session['userid'] = user.id
login_session['picture'] = user.picture
login_session['name'] = user.name
login_session['email'] = user.email
login_session['client_id'] = user.client_id
flash('You were successfully logged in')
return redirect_dest(next_redirect)
def newitem(categoryid):
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
# If user clicks button add item, check if item title is not an ampty
# string. Then store the new item in table items.
if request.method == 'POST':
_itemtitle = request.form['newitemtitle']
if _itemtitle == '':
_flashmessage = 'Name of item must not be empty!'
flash(_flashmessage)
return render_template('newmetalitem.html', categoryid=categoryid)
else:
_itemdescription = request.form['newitemdescription']
_user_id = login_session['userid']
_newItem = Item(title=_itemtitle, description=_itemdescription,
category_id=categoryid, user_id=_user_id)
session.add(_newItem)
session.commit()
# Let the user know his new item has been safed.
_flashmessage = 'Item ' + _itemtitle + ' has been created.'
flash(_flashmessage)
# Return to main page.
return redirect(url_for('metalitems'))
# If request is not post but get go here (comming from main page
# metalitems).
else:
_category = session.query(Category).filter_by(
id=categoryid).first()
return render_template('newmetalitem.html', categoryid=categoryid,
categoryname=_category.name)
def sign_up():
if 'email' in session:
return redirect(url_for('contacts'))
form = SignUpForm()
if request.method == 'POST':
if form.validate() is False:
flash('Please fill out the form completely')
return render_template('Signup.html', form=form)
else:
if db_session.query(User).filter_by(email=form.email.data).first():
flash('Email already in use')
return render_template('Signup.html', form=form)
else:
pw_hash = bcrypt.generate_password_hash(form.password.data)
users = User(form.first_name.data,
form.last_name.data, pw_hash,
form.email.data)
db_session.add(users)
db_session.commit()
session['email'] = form.email.data
return redirect(url_for('contacts'))
elif request.method == 'GET':
return render_template('Signup.html', form=form)
def editItem(category_name, item_name):
loggedIn = 'access_token' in login_session \
and login_session['access_token'] is not None
name = ''
user_email = ''
if loggedIn:
name = login_session['name']
user_email = login_session['email']
item = session.query(Item).join(Category).filter(
Category.name == category_name, Item.name == item_name).first()
if request.method == 'POST':
if loggedIn == False and user_email == request.form['user_email']:
abort(403)
item.name = request.form['name']
item.description = request.form['description']
item.category_id = request.form['category_id']
session.add(item)
session.commit()
category = session.query(Category).filter(
Category.id == item.category_id).first()
return redirect(
url_for('showItems',
category_name=category.name,
item_name=item.name))
else:
categories = session.query(Category).all()
return render_template('catalog/editItem.html',
categories=categories,
category_name=category_name,
item_name=item_name,
item=item,
loggedIn=loggedIn,
name=name,
user_email=user_email)
from database_setup import Restaurant, MenuItem, setup, session
setup()
# Menu for UrbanBurger
restaurant1 = Restaurant(name="Urban Burger")
session.add(restaurant1)
session.commit()
menuItem2 = MenuItem(
name="Veggie Burger",
description="Juicy grilled veggie patty with tomato mayo and lettuce",
price="$7.50",
course="Entree",
restaurant=restaurant1)
session.add(menuItem2)
session.commit()
menuItem1 = MenuItem(name="French Fries",
description="with garlic and parmesan",
price="$2.99",
course="Appetizer",
restaurant=restaurant1)
session.add(menuItem1)
session.commit()
menuItem2 = MenuItem(
name="Chicken Burger",
session.query(Item).delete()
# Art Supplies Store Categories
cat_brush = Category(category_name="Brushes")
cat_mats = Category(category_name="Materials")
cat_pen = Category(category_name="Pens")
session.add_all([
cat_brush,
cat_mats,
cat_pen])
# Add users
user_me = User(email="*****@*****.**", name="Andrew")
session.add(user_me)
# commit to get access to ids
session.commit()
# Add 2 brushes and a pen from me
# get id corresponding to email
my_id = session.query(User).filter(User.email == "*****@*****.**")
my_id = my_id.one().id
# get category ids
brush_id = return_one_category("Brushes")
