def deleteAuthor(author_id):
authorToDelete = session.query(Authors).filter_by(id=author_id).one()
creator = getUserInfo(authorToDelete.user_id)
if creator.id != login_session['user_id']:
flash('You are not authorised to delete this profile')
return redirect(url_for('showAuthors'))
if request.method == 'POST':
session.delete(authorToDelete)
flash('%s Successfully Deleted' % authorToDelete.name)
session.commit()
return redirect(url_for('showAuthors', author_id=author_id))
else:
return render_template('deleteAuthor.html', author=authorToDelete)
def editAuthor(author_id):
editedAuthor = session.query(Authors).filter_by(id=author_id).one()
creator = getUserInfo(editedAuthor.user_id)
if creator.id != login_session['user_id']:
flash('You are not authorised to edit this profile')
return redirect(url_for('showAuthors'))
if request.method == 'POST':
if request.form['name']:
editedAuthor.name = request.form['name']
flash('Author detail Successfully Edited %s' % editedAuthor.name)
return redirect(url_for('showAuthors'))
else:
return render_template('editAuthor.html', author=editedAuthor)
def deleteBooks(author_id, book_id):
authorQuery = session.query(Authors).filter_by(id=author_id).one()
itemToDelete = session.query(Books).filter_by(id=book_id).one()
creator = getUserInfo(authorQuery.user_id)
if creator.id != login_session['user_id']:
flash('You are not authorised to delete this book')
return redirect(url_for('showAuthors'))
if request.method == 'POST':
session.delete(itemToDelete)
session.commit()
flash('Book Successfully Deleted')
return redirect(url_for('showBooks', author_id=author_id))
else:
return render_template('deleteBook.html', item=itemToDelete)
def showBooks(author_id):
author = session.query(Authors).filter_by(id=author_id).one()
creator = getUserInfo(author.user_id)
book = session.query(Books).filter_by(author_id=author_id).all()
if 'username' not in login_session\
or creator.id != login_session['user_id']:
return render_template('publicbooks.html',
author=author,
books=book,
creator=creator)
else:
return render_template('books.html',
author=author,
books=book,
creator=creator)
def editBooks(author_id, book_id):
editbook = session.query(Books).filter_by(id=book_id).one()
authorQuery = session.query(Authors).filter_by(id=author_id).one()
creator = getUserInfo(authorQuery.user_id)
if creator.id != login_session['user_id']:
flash('You are not authorised to edit this book')
return redirect(url_for('showAuthors'))
if request.method == 'POST':
if request.form['name']:
editbook.name = request.form['name']
if request.form['description']:
editbook.description = request.form['description']
if request.form['price']:
editbook.price = request.form['price']
session.add(editbook)
session.commit()
flash('Book Successfully Edited')
return redirect(url_for('showBooks', author_id=author_id))
else:
return render_template('editBook.html',
author_id=author_id,
book_id=book_id,
item=editbook)