def viewCatItem(category_name, item_name):
"""Present a view of an item that belongs to a specific Category
Note:
This route is typically redirected to behind the scenes. Which
allows for a legible URL to be seen by the user. The item record
already contains it's category id.
Returns:
A Web view containing information about an item, including its Category
in the URL displayed in the browser.
"""
# Determine the Category of the item, based upon it's name.
category = Category.query.filter_by(name=category_name).one()
item = Item.query.filter_by(name=item_name, cat_id=category.id).one()
return render_template(
"generic.html",
modelType="item",
viewType=os.path.join("partials", "view.html"),
category=category_name,
key=item.id,
name=item.name,
traits=item.traits(),
allowAlter=canAlter(item.user_id),
)
def editCatItem(category_name, item_name):
"""Edit an Item in a Category.
Requires a user to be authenticated and to have created the item.
Args:
category_name (string): The Category of the Item to edit.
item_name (string): The name of the Item to Edit.
Returns:
A GET request presents the user with a form for editing an Item.
A POST request processes the user's input from the form and updates the
item.
"""
# User has been authenticated and the login_session is valid.
if isActiveSession() is False:
flash("Please log in to edit an item.")
return redirect(url_for("listItem"))
# Find the Item's category by the category's name in the database
category = Category.query.filter_by(name=category_name).one()
# Find the item using its name and its category's id
item = Item.query.filter_by(name=item_name, cat_id=category.id).one()
# The active user for the session must be the creator of the item being
# editted.
if canAlter(item.user_id) is False:
flash("You are not authorized to alter that item.")
return redirect(url_for("viewItem", key=item.id))
# This is the right user, so show them the edit form.
return render_template(
"generic.html",
modelType="item",
viewType=os.path.join("partials", "edit.html"),
category=category_name,
key=item.id,
name=item.name,
traits=item.traits(True),
allowAlter=canAlter(item.user_id),
)
def editCategory(key):
"""Allow an Authorized User to edit a new Category or Process the form for
editing a Category.
Args:
key (int): The primary key of the category.
Returns:
For a GET operation returns a Web View containing a form for altering
data for the category.
A successful POST request directs presents a View of the new Category.
"""
# Only an Authenticated User can add edit a category.
if isActiveSession() is False:
return redirect(url_for("listItem"))
editCategory = Category.query.filter_by(id=key).one()
# Don't allow a user to change a category they don't 'own'
if canAlter(editCategory.user_id) is False:
return redirect(url_for("viewCategory", key=editCategory.id))
# Process the Edit Form when it is Submitted.
if request.method == "POST":
editCategory.name = request.form["name"]
session.add(editCategory)
session.commit()
flash("Category edited!")
return redirect(url_for("viewCategory", key=key))
else:
return render_template(
"generic.html",
modelType="category",
viewType=os.path.join("partials", "edit.html"),
key=key,
traits=editCategory.traits(),
allowAlter=canAlter(editCategory.user_id),
)
def delItem(item_name):
"""Retrieve the view for Deleting an Item in a Category.
Requires a user to be authenticated and to have created the item.
Notes:
The actual deletion operation, when a POST request is sent, is
performed by the deleteItem function.
Args:
category_name (string): The Category name of the Item to delete.
item_name (string): The name of the Item to delete.
Returns:
A GET request presents the user with choices for deleting the Item or
canceling the operation.
"""
if isActiveSession() is False:
flash("Please log in to delete an item.")
return redirect(url_for("listItem"))
# Find the item's category by name
category = Category.query.filter_by(name=category_name).one()
# Find the item by matching it's name and category id to the above category.
try:
deleteItem = Item.query.filter_by(name=item_name, cat_id=category.id).one()
except NoResultFound:
flash("""No item named {0} was found in the {1} category.""".format(item_name, category_name))
return redirect(url_for("listItem"))
if canAlter(deleteItem.user_id) is False:
flash("You are not authorized to delete that item.")
return redirect(url_for("viewItem", key=deleteItem.id))
# Forward the request to the Delete view.
return render_template(
"generic.html",
viewType=os.path.join("partials", "delete.html"),
modelType="item",
key=deleteItem.id,
name=item_name,
)
def deleteCategory(key):
"""Allow an Authorized User to delete a new Category or Process the
deletion of a Category.
Args:
key (int): The primary key of the category.
Returns:
For a GET operation returns a View querying whether the user wants to
delete the Category or cancel and go back to viewing it.
A successful POST request deletes the Category and redirects to the
list of Categories.
"""
# Only an Authenticated User can add delete a category.
if isActiveSession() is False:
return redirect(url_for("listCategory"))
deleteCategory = Category.query.filter_by(id=key).one()
# If the logged in user did not create this Category then redirect.
if canAlter(deleteCategory.user_id) is False:
return redirect(url_for("viewCategory", key=deleteCategory.id))
# Remove the Category from the Database
if request.method == "POST":
session.delete(deleteCategory)
session.commit()
flash("Category deleted!")
# Back to the List of Categories
return redirect(url_for("listCategory"))
else:
# Present options to Delete the Category or Cancel.
return render_template(
"generic.html",
modelType="category",
viewType=os.path.join("partials", "delete.html"),
key=key,
name=deleteCategory.name,
)
def editUser(key):
"""Present the Web User with an Edit View for the their User account.
Args:
key (int): An ID corresponding to a User record in the database.
Returns:
For a GET operation returns a Web View containing a form for editing
data for the user.
A successful POST request directs presents the updated Record view.
"""
# Require Authentication to Edit Users
if isActiveSession() is False:
return redirect(url_for("listCategory"))
edUser = User.query.filter_by(id=key).one()
# Don't allow a user to change other user records
if canAlter(edUser.id) is False:
return redirect(url_for("listItem"))
# Process the Edit User form when submitted.
if request.method == "POST":
edUser.name = request.form["name"]
session.add(edUser)
session.commit()
return redirect(url_for("viewUser", key=edUser.id))
else:
# Present the Edit User Form
return render_template(
"generic.html",
modelType="user",
viewType=os.path.join("partials", "edit.html"),
key=key,
traits=edUser.traits(),
)
def viewCategory(key):
"""A View of a specific Category's record.
Args:
key (int): The primary key of the category.
Returns:
Presents the user with a list of all Categories
"""
category = Category.query.filter_by(id=key).one()
return render_template(
"generic.html",
modelType="category",
viewType=os.path.join("partials", "view.html"),
key=key,
name=category.name,
traits=category.traits(),
allowAlter=canAlter(category.user_id),
)
def viewUser(key):
"""Present the Web User with a View for the Item with the id equal to key.
Args:
key (int): An ID corresponding to a User record in the database.
Returns:
The updated View in the User's browser that corresponds to the
requested user.
"""
vUser = User.query.filter_by(id=key).one()
return render_template(
"generic.html",
modelType="user",
viewType=os.path.join("partials", "view.html"),
key=key,
traits=vUser.traits(),
name=vUser.name,
allowAlter=canAlter(key),
)
def deleteItem(key):
"""Delete an Item selected by its primary key/id.
Requires a user to be authenticated and to have created the item.
Args:
key (int): The primary key of the Item to delete.
Returns:
A GET request presents the user with choices for deleting the Item or
canceling the operation.
"""
if isActiveSession() is False:
flash("Please log in to delete an item.")
return redirect(url_for("listItem"))
deleteItem = Item.query.filter_by(id=key).one()
if canAlter(deleteItem.user_id) is False:
# The active user did not create the item.
flash("You are not authorized to delete this item.")
return redirect(url_for("viewItem", key=key))
if request.method == "POST":
# The user submitted this item for deletion.
session.delete(deleteItem)
session.commit()
flash("Item deleted!")
return redirect(url_for("listItem"))
else:
# Present the Deletion View to the User for the given Item/Category
category = Category.query.filter_by(id=deleteItem.cat_id).one()
return redirect(url_for("delItem", category_name=category.name, item_name=deleteItem.name))