Ejemplo n.º 1
0
def deleteItem(category_name, item_name):
    loggedIn = 'access_token' in login_session \
        and login_session['access_token'] is not None
    name = ''
    user_email = ''
    if loggedIn:
        name = login_session['name']
        user_email = login_session['email']

    itemToDelete = session.query(Item).join(Category).filter(
        Category.name == category_name, Item.name == item_name).first()
    if request.method == 'POST':
        if loggedIn == False and user_email == request.form['user_email']:
            abort(403)
        session.delete(itemToDelete)
        session.commit()
        return redirect(
            url_for('showItems',
                    category_name=category_name,
                    item_name='items'))
    else:
        return render_template('catalog/deleteItem.html',
                               category_name=category_name,
                               item_name=item_name,
                               loggedIn=loggedIn,
                               name=name,
                               user_email=user_email)
Ejemplo n.º 2
0
def deleteitem(itemid):

    # Check if user is authorized
    if isauthorized() == False:
        return redirect('/welcome')

    if request.method == 'GET':
        _user_id = login_session['userid']


        _itemToDelete = session.query(Item).filter_by(
            id=itemid, user_id=_user_id).first()

        # Check if item to be deleted is in databes and if not tell the user.
        if _itemToDelete is None:

            _flashmessage = "Unfortunately you're not authorized to delete \
                            this item!"
            flash(_flashmessage)

            return redirect(url_for('metalitems'))

        else:

            session.delete(_itemToDelete)
            session.commit()

            # Let the user know that his item has been deleted.
            _flashmessage = 'Item ' + _itemToDelete.title \
                + ' has been deleted.'
            flash(_flashmessage)

            # return to main page
            return redirect(url_for('metalitems'))
Ejemplo n.º 3
0
def deleteitem(itemid):

    # Check if user is authorized
    if isauthorized() == False:
        return redirect('/welcome')

    if request.method == 'GET':
        _user_id = login_session['userid']

        _itemToDelete = session.query(Item).filter_by(
            id=itemid, user_id=_user_id).first()

        # Check if item to be deleted is in databes and if not tell the user.
        if _itemToDelete is None:

            _flashmessage = "Unfortunately you're not authorized to delete \
                            this item!"

            flash(_flashmessage)

            return redirect(url_for('metalitems'))

        else:

            session.delete(_itemToDelete)
            session.commit()

            # Let the user know that his item has been deleted.
            _flashmessage = 'Item ' + _itemToDelete.title \
                + ' has been deleted.'
            flash(_flashmessage)

            # return to main page
            return redirect(url_for('metalitems'))
Ejemplo n.º 4
0
def deleteMenuItem(restaurant_id, menu_id):
    menuitem = session.query(MenuItem).filter_by(id=menu_id).one()
    if request.method == 'POST':
        session.delete(menuitem)
        session.commit()
        flash("Menu-Item deleted")
        return redirect(url_for('listMenuItems', restaurant_id=restaurant_id))
    return render_template('deleteMenuItem.html', menuitem=menuitem)
Ejemplo n.º 5
0
def deleteRestaurant(restaurant_id):
    restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
    if request.method == 'POST':
        session.delete(restaurant)
        session.commit()
        flash("Restaurant deleted")
        return redirect(url_for('listRestaurants'))
    return render_template('deleteRestaurant.html', restaurant=restaurant)
Ejemplo n.º 6
0
def itemDelete(redirect_category_id, item_id=None):
    """Handles two possibilities:

    1) User clicks delete while on screen to create new item - reload
       to category list page.
    2) User clicks delete while modifying an item - remove item from
       table and reload to parent category's page.
    """
    if item_id is None:
        # User escaped from new item process
        return redirect('/')
    else:
        item = Item.by_id(item_id)
        if item:
            session.delete(item)
            session.commit()
        return redirect('/category/' + redirect_category_id)
Ejemplo n.º 7
0
def categoryDelete(category_id):
    """Delete the category, per the users input.

    Arg:
        category_id: category to be deleted

    Result:
        redirects user to full category list, showing them category is deleted.
    """
    items = Item.by_category_id(category_id)
    for item in items:
        session.delete(item)
        session.commit()
    category = Category.by_id(category_id)
    session.delete(category)
    session.commit()
    return redirect('/')
Ejemplo n.º 8
0
def delete_item_details(item_id):
    """
    Delete item for specified ID
    CSRF Token regenerated for each new page
    :param item_id:
    :return:
    """
    item = is_user_the_creator(item_id)
    item_name = item.Item.name
    if request.method == 'GET':
        return render_template('item_delete_confirm.html',
                               item_name=item_name,
                               item_id=item_id,
                               login_session=login_session,
                               csrf_token=generate_csrf_token())
    else:
        session.delete(item.Item)
        session.commit()
        flash(item_name + " deleted")
        return redirect(url_for('show_homepage'))
Ejemplo n.º 9
0
def delete_contact(contact):
    if 'email' not in session:
        return redirect(url_for('login'))
    form = ContactForm()
    contactDetails = db_session.query(Contact).filter_by(
        contactId=contact).first()
    if request.method == 'GET':
        return render_template('deletecontact.html', contact=contactDetails)
    if request.method == 'POST':
        useremail = db_session.query(User).filter_by(
            id=contactDetails.UserId).first()
        if useremail.email == session['email']:
            contactDetails = db_session.query(Contact).filter_by(
                contactId=contact).first()
            db_session.delete(contactDetails)
            db_session.commit()
            flash('Contact has been deleted.')
            return redirect(url_for('contacts'))
        else:
            flash('You are not the owner of this contact.')
            return redirect(url_for('login'))
Ejemplo n.º 10
0
def delete_item(category_name, item_name):
    category = session.query(Category).filter_by(name=category_name).one()
    item_to_delete = session.query(Item).filter_by(name=item_name,
                                                   category=category).one()

    # Authorisation - check if current user can edit the item
    # Only a user who created an item can edit/delete it
    user_id = get_user_id(login_session['email'])
    if item_to_delete.user_id != user_id:
        message = json.dumps('You are not allowed to delete the item')
        response = make_response(message, 403)
        response.headers['Content-Type'] = 'application/json'
        return response

    if request.method == 'POST':
        session.delete(item_to_delete)
        session.commit()
        return redirect(url_for('show_category',
                                category_name=category.name))

    else:
        return render_template('deleteitem.html', item=item_to_delete)
Ejemplo n.º 11
0
def deleteItem(item_id):
    # If the request is POST, try to delete the item
    if request.method == "POST":
        item = database_session.query(Items).filter_by(id=item_id).join(
            Items.catagory).one()
        if item.user_id != session['user_id']:
            flash('You have no permission to delete item %s' % (item.name,))
            redirect('/')
        database_session.delete(item)
        database_session.commit()
        flash("Item \"%s\" has already deleted!" %
              (item.name, ))
        return redirect("/")
    else:
        # Try to find the item and render to the confirmation page
        try:
            item = database_session.query(Items).filter_by(id=item_id).join(
                Items.catagory).one()
            return render_template("delete.html", item=item, id=item_id)
        except NoResultFound:
            flash("Cannot find the item!")
            return redirect('/')
Ejemplo n.º 12
0
def deletecategory(categoryid):

    # Check if user is authorized
    if isauthorized() == False:
        return redirect('/welcome')

    # Make sure site is only accessible by clicking the button and not by typing
    # url in browser.
    if request.method == 'POST':

        _user_id = login_session['userid']


        _categoryToDelete = session.query(Category).filter_by(
            id=categoryid, user_id=_user_id).first()
        # Check if category to be deleted is in database. And if not, tell the
        # user.
        if _categoryToDelete is None:

                _flashmessage = "Unfortunately you're not authorized to delete \
                this category!"
                flash(_flashmessage)

                return redirect(url_for('metalitems'))
        else:

                # Tell user category has been deleted.
                _flashmessage = 'Category ' + _categoryToDelete.name \
                + ' has been delete!'
                flash(_flashmessage)

                # Do it!
                session.delete(_categoryToDelete)
                session.commit()

                return redirect(url_for('metalitems'))
Ejemplo n.º 13
0
def deletecategory(categoryid):

    # Check if user is authorized
    if isauthorized() == False:
        return redirect('/welcome')

    # Make sure site is only accessible by clicking the button and not by typing
    # url in browser.
    if request.method == 'POST':

        _user_id = login_session['userid']

        _categoryToDelete = session.query(Category).filter_by(
            id=categoryid, user_id=_user_id).first()
        # Check if category to be deleted is in database. And if not, tell the
        # user.
        if _categoryToDelete is None:

            _flashmessage = "Unfortunately you're not authorized to delete \
                this category!"

            flash(_flashmessage)

            return redirect(url_for('metalitems'))
        else:

            # Tell user category has been deleted.
            _flashmessage = 'Category ' + _categoryToDelete.name \
            + ' has been delete!'
            flash(_flashmessage)

            # Do it!
            session.delete(_categoryToDelete)
            session.commit()

            return redirect(url_for('metalitems'))