Ejemplo n.º 1
0
def item_details_add():
    """
    item_details_add: add item to selected category
    :return: html create item or redirect in case of POST (item creation)
    """
    if request.method == 'POST':
        item = CatalogItem()
        item.name = request.form['name']
        item.description = request.form['description']
        item.category = session.query(Category).filter(
            func.lower(Category.name) == func.lower(
                request.form['category_name'])).first()

        item.user = session.query(CatalogUser).filter_by(
            id=login_session['user_id']).one()

        session.add(item)

        session.commit()

        return redirect(url_for('home'), code=301)

    else:
        categories = session.query(Category).all()
        item = CatalogItem()

        item.name = ''
        item.description = ''

        return render_template(
            'item_details_add.html',
            item=item,
            categories=categories,
            username=login_session.get("username", None),
        )
Ejemplo n.º 2
0
def newMenuItem(categories_id):
    categories = session.query(Categories).filter_by(id=categories_id).one()
    if login_session['user_id'] != categories.user_id:
        return """
        <script>
        function myFunction() {alert(
            'You are not authorized to add menu items to this restaurant.
            Please create your own restaurant in order to add items.')}
            </script> < body onload = 'myFunction()''>"""
    if request.method == 'POST':
        newItem = CatalogItem(categories_id=categories_id,
                              user_id=categories.user_id)
        if request.form['name'] == "" or request.form[
                'description'] == "" or request.form['price'] == "":
            flash('All input fields required')
        else:
            newItem.name = request.form['name']
            newItem.description = request.form['description']
            newItem.price = request.form['price']
            session.add(newItem)
            session.commit()
            flash('New Catalog %s Item Successfully Created' % (newItem.name))
        return redirect(url_for('showMenu', categories_id=categories_id))
    else:
        return render_template('newmenuitem.html', categories_id=categories_id)
Ejemplo n.º 3
0
def newItem(catalog_id):
    if 'username' not in login_session:
        return redirect('/login')
    catalog = session.query(Catalog).filter_by(id=catalog_id).one()
 
    if login_session['user_id'] != catalog.user_id:
                                               
        return '''<script>function myFunction() {alert('You are not authorized to add items to this catalog.');}
                  </script><body onload='myFunction()''>
               '''
    if request.method == 'POST':
        if request.form['name'] == []:
            flash("Name needed!")
            return render_template('newitem.html', catalog_id = catalog_id)  
        newItem = CatalogItem(name = request.form['name'])
        newItem.description = request.form['description']
        newItem.price = request.form['price']
        newItem.catalog_id = catalog_id
        newItem.user_id = catalog.user_id

        session.add(newItem)
        session.commit()
  
        flash("New item created!")
        items = session.query(CatalogItem).filter_by(catalog_id=catalog_id).all()
        return  render_template('Items.html', catalog = catalog, items = items)
       
    else:
        return render_template('newitem.html', catalog_id = catalog_id)  
Ejemplo n.º 4
0
def addItem(category_id):
    '''
    Method: add a CatalogItem in the database
    Args:
        arg1(int): category_id, parent category for the new item
    Returns:
        for GET:
            Renders HTML template for the additem.html page
        for POST:
            Adds item to database and redirects to showCategory method
    '''
    category = session.query(Category).filter_by(id=category_id).one_or_none()
    if request.method == 'POST':
        if request.form['name']:
            user_id = getUserID(login_session['email'])
            if (request.files):
                filename = upload_file(request)
                newItem = CatalogItem(name=request.form['name'],
                                      description=request.form['description'],
                                      category_id=category.id,
                                      picture=filename,
                                      user_id=user_id)
            else:
                newItem = CatalogItem(name=request.form['name'],
                                      description=request.form['description'],
                                      category_id=category.id,
                                      user_id=user_id)
            session.add(newItem)
            flash('Item %s Successfully Created' % newItem.name)
            session.commit()
        return redirect(url_for('showCategory', category_id=category.id))
    return render_template('additem.html',
                           category_id=category_id,
                           login_session=login_session)
Ejemplo n.º 5
0
def addItem():

    if checkLogin() == False:
        flash('Only registered users my add items to the catalog. Please log in!')
        return redirect('/catalog/')

    if request.method == 'POST':

        name = request.form['name']
        description = request.form['description']
        category = request.form['category']
        image = request.form['image']

        if name != "" and description != "" and category != "":
            item = CatalogItem(name=name, description=description,
                               category=category, user_id=login_session['user_id'])

            # Use the image input field and name of item to write the file to disk
            # If the file can't be downloaded for any reason it will be ignored
            item.image = writeImage(name, image)
            session.add(item)
            session.commit()

            flash('Added ' + name + ' to the catalog!')
            return redirect(url_for('mainPage'))
        else:
            flash('Invalid input')
            return render_template(ADD_ITEM_TEMPLATE, login_session=login_session)

    else:
        return render_template(ADD_ITEM_TEMPLATE, login_session=login_session)
Ejemplo n.º 6
0
def new_item():
  if request.method == 'POST':
    #null check
    if not request.json or not 'name' in request.json:
      abort(400)
    DBSession = sessionmaker(bind = engine)
    session = DBSession()

    #if creating item and category does not yet exist, create it.
    try:
        categ = session.query(Category).filter_by(name=request.json['category_name']).one()
    except NoResultFound:
        categ = Category(name = request.json['category_name'], description="")
        session.add(categ)
        session.commit()
    #create new item and persist it
    newItem = CatalogItem(name = request.json['name'], price=request.json['price'], description=request.json.get('description',""), owner_id=request.json['owner_id'],category_id=categ.id)
    session.add(newItem)
    session.commit()
    session.close()
    return jsonify({'status':'success'})
  elif request.method == 'GET':
    #return all catalog items
    DBSession = sessionmaker(bind = engine)
    session = DBSession()
    items = session.query(CatalogItem).all()
    data = []
    for item in items:
        print item
        data.append(item.serialize())
    session.close()
    return jsonify({'items':data})
  else:
    abort(400)
Ejemplo n.º 7
0
def create_item(session, item_name, desc, cat_name):
    # Create a new item
    catalogItem = CatalogItem(name=item_name, description=desc,
                              category=cat_name)
    # Add and commit the item
    add_commit(session, catalogItem)
    return
Ejemplo n.º 8
0
def add_item():
    """
    Handles the inserting of a new item.
    """
    if request.method == 'POST':
        # Get posted values
        title = request.form['title']
        description = request.form['description']
        category_id = request.form['category_id']

        # Create new item
        new_item = CatalogItem(name=title,
                               description=description,
                               category_id=category_id,
                               user_id=login_session['user_id'])
        session.add(new_item)
        session.commit()

        return redirect(
            url_for('itemcatalog.catalog_items',
                    category_name=new_item.category.name))

    else:
        cat = session.query(Category).all()
        return render_template('add-item.html',
                               categories=cat,
                               login_session=login_session)
Ejemplo n.º 9
0
def newCatalogItem(cat_name):
    """
    newCatalogItem creates a new catalogItem
    args:
        takes post method and category name
    """

    if request.method == 'POST':
        category = session.query(Category).filter_by(name=cat_name).one()
        newItem = CatalogItem(name=request.form['name'],
                              title=request.form['title'],
                              description=request.form['description'],
                              price=request.form['price'],
                              img=request.form['img'],
                              category_id=category.id,
                              user=getUserInfo(login_session['user_id']))

        session.add(newItem)
        session.commit()
        flash("new catalog item created!")

        return redirect(
            url_for('categoryMenu',
                    cat_name=cat_name,
                    login_session=login_session))
    else:
        return render_template('newcatalogitem.html',
                               cat_name=cat_name,
                               login_session=login_session)
def addItem(catalog_id):
    if request.method == 'POST':
        catalog = Catalog.query.filter_by(id=catalog_id).first()
        if catalog.created_by == current_user:
            newItem = CatalogItem(name=request.form['item_name'],
                                  description=request.form['item_description'],
                                  catalog_id=request.form['catalog_select'])
            db.session.add(newItem)
            db.session.commit()
            flash('Item Added Succesfully')
            return redirect(
                url_for('catalogDetails', catalog_id=newItem.catalog_id))
        else:
            flash('Only creator of this category can add the item')
            catalog = Catalog.query.filter_by(id=catalog_id).first()
            items = CatalogItem.query.filter_by(catalog_id=catalog_id).all()
            return render_template('catalog_item.html',
                                   catalog=catalog,
                                   catalogItems=items)
    else:
        catalogs = Catalog.query.all()
        catalog = Catalog.query.filter_by(id=catalog_id).first()
        return render_template('add_item.html',
                               catalogs=catalogs,
                               catalog=catalog,
                               method="ADD")
Ejemplo n.º 11
0
def newCatalogItem(category_name):
    """Create a new item in the database

    Args:
        category_name(str): the name of the category the item belongs to

    Returns:
        render the newcatalogitem template if a GET request is sent
        redirect to the category page if the POST request succeeds"""
    if 'provider' in login_session:
        form = FormItem()
        if form.validate_on_submit():
            category = session.query(Category).filter_by(
                name=category_name).one()
            newItem = CatalogItem(name=form.name.data,
                                  description=form.description.data,
                                  category_id=category.id,
                                  image_loc=form.image_loc.data)
            session.add(newItem)
            session.commit()
            return redirect(
                url_for('showCategory', category_name=category_name))
        return render_template('newcatalogitem.html',
                               category_name=category_name,
                               form=form)
    else:
        flash("Please login to be able to add a new item")
        return redirect(url_for('showCategory', category_name=category_name))
Ejemplo n.º 12
0
def addItem():
    if is_logged_in():
        categories_names = session.query(Category).all()
        # if the method is GET just show the adding item
        # form.
        if request.method == 'GET':
            return render_template("addItem.html",
                                   categories_names=categories_names)
        # if the method is POST the code will process
        # the sent data and act accordingly
        if request.method == 'POST':
            if request.form['itemName'] == '' \
                    or request.form['category_selection'] == '':
                flash("Couldn't add the "
                      "item because you didn't fill the fields")
                return showCategories()
            item_name = request.form['itemName']
            category_id = request.form['category_selection']
            item_description = request.form['itemDescription']
            new_item = CatalogItem(name=item_name,
                                   category_id=category_id,
                                   user_id=str(login_session['userId']),
                                   description=item_description)
            print("After adding : ")
            print(login_session['userId'])
            session.add(new_item)
            session.commit()
            flash("Item added successfully")
            return showCategories()
    else:
        flash("You aren't logged in")
        return showCategories()
Ejemplo n.º 13
0
def newCatalogItem():
    categories = session.query(Category).order_by(asc(Category.name))
    if request.method == 'POST':
        item = session.query(CatalogItem).filter_by(
            title=request.form['title']).first()
        if not item:
            category = session.query(Category).filter_by(
                id=request.form['category']).one()
            newCatalogItem = CatalogItem(
                title=request.form['title'],
                description=request.form['description'],
                category=category,
                user_id=login_session['user_id'])
            session.add(newCatalogItem)
            flash('New Catalog Item %s Successfully Created' %
                  newCatalogItem.title)
            session.commit()
            return redirect(
                url_for('showCatalogItem',
                        category_name=category.name,
                        catalogitem_title=newCatalogItem.title))
        else:
            return render_template('formCatalogItem.html',
                                   isNew=True,
                                   categories=categories,
                                   username=checkUserLogged())
    else:
        return render_template('formCatalogItem.html',
                               isNew=True,
                               categories=categories,
                               username=checkUserLogged())
Ejemplo n.º 14
0
def add_item():
    """
    Show page with add item form.
    If the form was filled out, process the form and add new item
    to database.

    :return: Redirect the user to the new item page on
    a successful additon, else return to the add_item page.
    """
    if request.method == 'POST':
        title = request.form['title']
        description = request.form['description']

        category_id = int(request.form['category_id'])
        category = session.query(Category).get(category_id)

        image = request.files['image']
        image_path = store_image_to_media(image)

        if image_path is not None:
            new_item = CatalogItem(
                title=title,
                description=description,
                image_path=image_path,
                category=category
            )
            session.add(new_item)
            session.commit()
            return redirect(url_for('view_item', item_id=new_item.id))

    categories = session.query(Category).all()
    return render_template('add_new_item.html', categories=categories)
Ejemplo n.º 15
0
def newCatalogItem(catalog_name):
    if 'username' not in login_session:
        return redirect('/login')
    catalog = session.query(Catalog).filter_by(name=catalog_name).one()
    if login_session['user_id'] != catalog.user_id:
        return "<script>function myFunction() " \
               "{alert('You are not authorized to " \
               "add menu items to this catalog." \
               " Please create your own catalog in " \
               "order to add items.');}" \
               "</script><body onload='myFunction()'>"
    if request.method == 'POST':
        print('create item post')
        newItem = CatalogItem(name=request.form['name'],
                              description=request.form['description'],
                              price=request.form['price'],
                              course=request.form['course'],
                              catalog_id=catalog.id,
                              user_id=catalog.user_id)
        session.add(newItem)
        session.commit()
        flash('New Menu %s Item Successfully Created' % (newItem.name))
        return redirect(url_for('showCatalog', catalog_id=catalog_name))
    else:
        return render_template('newmenuitem.html', catalog_name=catalog_name)
Ejemplo n.º 16
0
def itemCreate():

    if 'username' not in login_session:
        return redirect(url_for('homepage'))

    print(login_session)

    if request.method == 'GET':
        return render_template('create.html')
    elif request.method == 'POST':

        session = DBSession()
        try:
            category_id = session.query(Category).filter_by(
                name=request.form['category']).one().id
        except:
            newCategory = Category(name=request.form['category'])
            session.add(newCategory)
            session.commit()
            category_id = session.query(Category).filter_by(
                name=request.form['category']).one().id

        user_id = getUserID(login_session['email'])
        print('current user id:', user_id)

        newItem = CatalogItem(name=request.form['name'],
                              description=request.form['description'],
                              category_id=category_id,
                              timestamp=datetime.now(),
                              user_id=user_id)
        session.add(newItem)
        session.commit()
        return redirect(url_for('homepage'))
    else:
        pass
Ejemplo n.º 17
0
def newCatalogItem(catalog_name):
    if 'username' in login_session:
        isLogin = True
    else:
        isLogin = False
    if request.method == 'POST':
        selectedCatalog = session.query(Catalog).filter_by(
            name=catalog_name).one()

        allItems = session.query(CatalogItem).all()
        names = []

        for item in allItems:
            names.append(item.name)

        newItem = CatalogItem(name=request.form['name'],
                              description=request.form['description'],
                              catalog=selectedCatalog,
                              user=login_session['username'])

        if newItem.name not in names:
            session.add(newItem)
            session.commit()
            flash('Item named ' + request.form['name'] + ' created')
            return redirect(
                url_for('ListItems',
                        catalog_name=catalog_name,
                        islogin=isLogin))
        flash('Item already exists')
        return redirect(url_for('Index'))
    else:
        return render_template('newCatalogItem.html',
                               catalog_name=catalog_name,
                               islogin=isLogin)
Ejemplo n.º 18
0
def addItem(category_name):
    category = \
        session.query(CatalogCategory).filter_by(name=category_name).first()
    if 'user_id' in login_session:
        if request.method == 'POST':
            if request.form['ItemName'] and request.form['ItemDescription']:
                newItem = \
                    CatalogItem(name=request.form['ItemName'],
                                description=request.form['ItemDescription'],
                                category_id=category.id,
                                user_id=login_session['user_id'])
                session.add(newItem)
                session.commit()
                flash('New Item Added: %s' % newItem.name)
                return redirect(
                    url_for('showItems', category_name=category.name))
            else:
                flash('Error adding new item.  Please provide a name \
                and a description.')
                return render_template('item_add.html',
                                       login_session=login_session,
                                       category=category)
        else:
            return render_template('item_add.html',
                                   login_session=login_session,
                                   category=category)
    else:
        response = jsonify({'message': 'Shoundn\'t you be logged in?'})
        return response, 401
Ejemplo n.º 19
0
def main():
    """Creats catalog database entries from a JSON file
    """
    current_dir = os.path.dirname(os.path.abspath(__file__))
    engine = create_engine(database_path)
    Base.metadata.create_all(engine)
    DBSession = sessionmaker(bind=engine)
    session = DBSession()

    json_file_path = os.path.join(current_dir, 'initial_catalog_data.json')

    with open(json_file_path, 'r') as f:
        data = json.load(f)

    for catalog_data in data:
        catalog = Catalog(name=catalog_data['name'])
        session.add(catalog)
        session.commit()
        catalog_id = session.query(Catalog)\
            .filter_by(name=catalog_data['name'])\
            .one()\
            .id

        for item_data in catalog_data['items']:
            item = CatalogItem(name=item_data['name'],
                               description=item_data['description'],
                               catalog_id=catalog_id,
                               creation_date=datetime.now(),
                               user_id=item_data['user_id'])
            session.add(item)
            session.commit()

    session.close()
Ejemplo n.º 20
0
def newItem():
    if 'username' not in login_session:
        flash('You are not logged in!')
        return redirect('/catalog')

    categories = session.query(Category).order_by(asc(Category.name))

    if request.method == 'GET':
        return render_template('newItem.html', categories=categories)
    else:
        newItem = CatalogItem()
        if request.form['title']:
            newItem.title = request.form['title']
            # FriendlyTitle is used for an items route URL.
            # Removes spaces and transforms to lowercase
            friendlyTitle = request.form['title'].lower()
            friendlyTitle = friendlyTitle.replace(' ', '')
            newItem.friendlyTitle = friendlyTitle
        if request.form['description']:
            newItem.description = request.form['description']
        if request.form['category']:
            category = session.query(Category).filter_by(
                name=request.form['category']).one()
            newItem.category_id = category.id
        newItem.user_id = login_session['user_id']
        session.add(newItem)
        session.commit()
        flash('Item successfully added!')
        return redirect(url_for('catalog'))
Ejemplo n.º 21
0
def newCatalogItem():
    if request.method == 'POST':
        newCatalog = CatalogItem(title=request.form.get('title'),
                                 content=request.form.get('content'),
                                 catalog_type=request.form.get('catalog_type'))
        session.add(newCatalog)
        session.commit()
        flash("new post has been created!")
        return redirect(url_for('showCatalogs'))
    else:
        return render_template('newCatalog.html')
Ejemplo n.º 22
0
def newcatalog():
    if 'username' not in login_session:
        return redirect('/login')
    if request.method == 'POST':
        newCatalog = CatalogItem(name=request.form['name'],
                                 user_id=login_session['user_id'])
        session.add(newCatalog)
        flash('new catalog %s is successfully created' % newCatalog.name)
        session.commit()
        return redirect(url_for('Catalog'))
    else:
        return render_template('newCatalog.html')
def newItem(category_name):

    if 'username' in login_session:
        if request.method == 'POST':
            #Post Block
            #CSRF mitigation
            if request.form['token_id'] != login_session['securityState']:
                flash("Error, incorrect security Key. please try again")
                return redirect(url_for('showCatalog'))
            else:  #Authenticated actuallly change
                #actually post change
                file = request.files['file']
                if file and allowed_file(file.filename):
                    filename = secure_filename(file.filename)
                    print "file to be saved: %s" % filename
                    #should check to see if file exists, if so increment name
                    #
                    #
                    #
                    #
                    #
                    #
                    file.save(
                        os.path.join(app.config['UPLOAD_FOLDER'], filename))
                    print "file saved at: %s" % os.path.join(UPLOAD_FOLDER +
                                                             "/" +
                                                             file.filename)
                category = session.query(Category).filter_by(
                    name=request.form['Category']).one()

                newItem = CatalogItem(user_id=login_session['user_id'],
                                      name=request.form['name'],
                                      description=request.form['description'],
                                      category_id=category.id,
                                      catalog_image_url=os.path.join(
                                          file.filename))
                session.add(newItem)
                session.commit()
                return redirect(url_for('showCatalog'))
        else:
            #GET Block
            #page to create new item
            login_session['securityState'] = createState()
            categories = session.query(Category).all()
            return render_template('ItemNew.html',
                                   category_name=category_name,
                                   state=login_session['securityState'],
                                   categories=categories,
                                   logged_in=1)
    #if the user isnt' logged in they can't edit the catalog
    else:
        return redirect(url_for('login'))
Ejemplo n.º 24
0
def create_category_item(login_session):
    """
    Create new item
    :param login_session: user login info
    :return:
    """
    add_new_item = CatalogItem(name=request.form['name'],
                               description=request.form['description'],
                               price=request.form['price'],
                               category_id=request.form['category'],
                               user_id=login_session['user_id'])
    session.add(add_new_item)
    session.commit()
Ejemplo n.º 25
0
def newCatalogItem(catalog_id):
    if request.method == 'POST':
        newItem = CatalogItem(name=request.form['name'],
                              description=request.form['description'],
                              catalog_id=catalog_id)
        session.add(newItem)
        session.commit()

        return redirect(url_for('showItem', catalog_id=catalog_id))
    else:
        return render_template('newcatalogitem.html', catalog_id=catalog_id)

    return render_template('newcatalogitem.html', catalog=catalog)
Ejemplo n.º 26
0
def addItem(item_name, item_desc, cat_id):
    catitem = CatalogItem()
    catitem.item_name = item_name
    catitem.description = item_desc
    catitem.cat_id = cat_id
    catitem.user_id = login_session['userid']
    db_session.add(catitem)
    db_session.commit()
Ejemplo n.º 27
0
def newCatalogItem():
    # If statement to allow only logged in personale to create items.
    if 'username' not in login_session:
        return redirect('/login')
    items = session.query(CatalogItem)
    if request.method == 'POST':
        # This if statement ceates a new name, description, or price for the new catalog item.
        newItem = CatalogItem(name=request.form['name'], description=request.form['description'], price=request.form['price'],
            user_id=login_session['user_id'])
        session.add(newItem)
        session.commit()
        return redirect(url_for('ListCatalog', items = items))
    else:
        return render_template('newitemmenu.html', items = items)
Ejemplo n.º 28
0
def initAll():
    # clean up by deleting old resources

    session.query(Category).delete()
    session.query(CatalogItem).delete()
    session.query(User).delete()

    # load users

    for user in loadData('usersInit.json', 'Users'):
        session.add(
            User(name=user['name'],
                 email=user['email'],
                 picture=user['picture']))
        session.commit()

    # load categories

    for category in loadData('categoriesInit.json', 'Categories'):

        user_id = category['user_id']
        user = session.query(User).filter_by(id=user_id).one()

        session.add(Category(
            name=category['name'],
            user=user,
        ))
        session.commit()

    # load catalog items

    for catalogItem in loadData('itemsInit.json', 'CatalogItems'):

        category_id = catalogItem['category_id']
        user_id = catalogItem['user_id']

        category = session.query(Category).filter_by(id=category_id).one()
        user = session.query(User).filter_by(id=user_id).one()

        session.add(
            CatalogItem(
                name=catalogItem['name'],
                title=catalogItem['title'],
                description=catalogItem['description'],
                price=catalogItem['price'],
                category=category,
                img=catalogItem['img'],
                user=user,
            ))
        session.commit()
def add_catalog_item(catalog_item,
                     creation_date,
                     catalog_id,
                     name,
                     description,
                     user_id):
    catalog_item = CatalogItem(catalog_item,
                               creation_date,
                               catalog_id,
                               name,
                               description,
                               user_id)
    session.add(catalog_item)
    session.commit()
Ejemplo n.º 30
0
def newcatalog():

    if 'email' not in login_session:
        return redirect('/login')

    if request.method == 'POST':
        new = CatalogItem(name=request.form['name'],
                         user_id=login_session['user_id'])
        session.add(new)
        session.commit()
        flash("New Catalog added")
        return redirect(url_for('showcatalogs'))
    else:
        return render_template('newcatalog.html')
Ejemplo n.º 31
0
def newCatalogItem():
    all_categories = session.query(Category).all()
    if request.method == 'POST':
        addNewItem = CatalogItem(name=request.form['name'],
                                 description=request.form['desc'],
                                 price=request.form['price'],
                                 category_id=request.form['category'],
                                 user_id=login_session['user_id'])
        session.add(addNewItem)
        session.commit()
        flash("New catalog item created!", 'success')
        return redirect(url_for('show_Catalog'))

    return render_template('new_item.html', categories=all_categories)
Ejemplo n.º 32
0
def newMovie():
    """return "This page will be for adding new movie" """
    categories = session.query(Category).all()
    if request.method == 'POST':
        addNewItem = CatalogItem(name=request.form['name'],
                                 description=request.form['description'],
                                 category_id=request.form['category'],
                                 user_id=login_session['user_id'])
        session.add(addNewItem)
        session.commit()
        flash("New movie has been created!", 'success')
        return redirect(url_for('showMovieCatalog'))
    else:
        return render_template('new_movie.html', categories=categories)
Ejemplo n.º 33
0
def create_item(category_id):
    insert_signin_state()

    # Check if user is logged in. If not, user is not authorized to create new items.
    if not session['logged_in']:
        return not_authorized()

    if request.method == 'GET':
        # If user is logged in and is trying to access the "create item" form,
        # insert CSRF token for validation when the form is POST'ed.
        insert_csrf_token()

        return render_template('create_item.html',
                               STATE=get_signin_token(),
                               csrf_token=get_csrf_token(),
                               user=get_current_user_profile(),
                               item=CatalogItem(),
                               category_id=category_id,
                               category_summary=get_category_summary())

    # Name, description, and category fields are required, so make sure they're
    # present before inserting any new items into the database.
    elif request.method == 'POST':

        # If code reaches this far, form data was valid. First thing is to check
        # the CSRF token to ensure that the user who requested the item creation
        # form is the user who is submitting the data.
        if request.form['csrf_token'] != get_csrf_token():
            return bad_csrf_token()

        if not request.form['name']:
            flash('Name field is required', 'error')
        if not request.form['description']:
            flash('Description field is required', 'error')
        if not request.form['category']:
            flash('Description field is required', 'error')

        # If there are any flashed messages, then the submitted form contained
        # invalid data. User will be presented with the form again, including
        # an explanation as to why the previously submitted form was rejected.
        if len(get_flashed_messages()) > 0:
            item = CatalogItem(name=request.form['name'],
                               description=request.form['description'])

            return render_template('create_item.html',
                                   STATE=get_signin_token(),
                                   csrf_token=get_csrf_token(),
                                   user=get_current_user_profile(),
                                   item=item,
                                   category_id=category_id,
                                   category_summary=get_category_summary())

        user = get_user(session['google_id'])

        new_item = CatalogItem(name=request.form['name'],
                               description=request.form['description'],
                               category_id=request.form['category'],
                               user_id=user.id)

        image_file = request.files['image_file']

        # First check to see if form data contains image data.
        if image_file:
            # ... then check to see if submitted image has valid extension.
            file_extension = image_file.filename.lower().rsplit('.', 1)[1]
            if file_extension not in ALLOWED_EXTENSIONS:
                flash('Only image files (extensions jpg, jpeg, png, gif) are '
                      'allowed for item images.', 'error')

                # If extension was invalid, redirect user back to item creation
                # form.
                return redirect(url_for('create_item', category_id=category_id))
            else:
                new_item.image_blob = image_file.read()

        db_session.add(new_item)
        db_session.commit()

        flash('"' + new_item.name + '" was successfully created!', 'success')

        # Item was accepted; redirect user to newly-created item's page.
        return redirect(url_for('view_item', category_id=category_id,
                                item_id=new_item.id))