Example #1
0
def viewCatItem(category_name, item_name):
    """Present a view of an item that belongs to a specific Category

    Note:
        This route is typically redirected to behind the scenes.  Which
        allows for a legible URL to be seen by the user.  The item record
        already contains it's category id.

    Returns:
        A Web view containing information about an item, including its Category
        in the URL displayed in the browser.

    """
    # Determine the Category of the item, based upon it's name.
    category = Category.query.filter_by(name=category_name).one()
    item = Item.query.filter_by(name=item_name, cat_id=category.id).one()

    return render_template(
        "generic.html",
        modelType="item",
        viewType=os.path.join("partials", "view.html"),
        category=category_name,
        key=item.id,
        name=item.name,
        traits=item.traits(),
        allowAlter=canAlter(item.user_id),
    )
Example #2
0
def editCatItem(category_name, item_name):
    """Edit an Item in a Category.

    Requires a user to be authenticated and to have created the item.

    Args:
        category_name (string): The Category of the Item to edit.

        item_name (string): The name of the Item to Edit.

    Returns:
        A GET request presents the user with a form for editing an Item.

        A POST request processes the user's input from the form and updates the
        item.

    """
    # User has been authenticated and the login_session is valid.
    if isActiveSession() is False:
        flash("Please log in to edit an item.")
        return redirect(url_for("listItem"))

    # Find the Item's category by the category's name in the database
    category = Category.query.filter_by(name=category_name).one()

    # Find the item using its name and its category's id
    item = Item.query.filter_by(name=item_name, cat_id=category.id).one()

    # The active user for the session must be the creator of the item being
    # editted.
    if canAlter(item.user_id) is False:
        flash("You are not authorized to alter that item.")
        return redirect(url_for("viewItem", key=item.id))

    # This is the right user, so show them the edit form.
    return render_template(
        "generic.html",
        modelType="item",
        viewType=os.path.join("partials", "edit.html"),
        category=category_name,
        key=item.id,
        name=item.name,
        traits=item.traits(True),
        allowAlter=canAlter(item.user_id),
    )
Example #3
0
def editCategory(key):
    """Allow an Authorized User to edit a new Category or Process the form for
    editing a Category.

    Args:
        key (int): The primary key of the category.

    Returns:
        For a GET operation returns a Web View containing a form for altering
        data for the category.

        A successful POST request directs presents a View of the new Category.

    """
    # Only an Authenticated User can add edit a category.
    if isActiveSession() is False:
        return redirect(url_for("listItem"))

    editCategory = Category.query.filter_by(id=key).one()

    # Don't allow a user to change a category they don't 'own'
    if canAlter(editCategory.user_id) is False:
        return redirect(url_for("viewCategory", key=editCategory.id))

    # Process the Edit Form when it is Submitted.
    if request.method == "POST":

        editCategory.name = request.form["name"]

        session.add(editCategory)
        session.commit()

        flash("Category edited!")
        return redirect(url_for("viewCategory", key=key))

    else:
        return render_template(
            "generic.html",
            modelType="category",
            viewType=os.path.join("partials", "edit.html"),
            key=key,
            traits=editCategory.traits(),
            allowAlter=canAlter(editCategory.user_id),
        )
Example #4
0
def delItem(item_name):
    """Retrieve the view for Deleting an Item in a Category.

    Requires a user to be authenticated and to have created the item.

    Notes:
        The actual deletion operation, when a POST request is sent, is
        performed by the deleteItem function.

    Args:
        category_name (string): The Category name of the Item to delete.

        item_name (string):     The name of the Item to delete.

    Returns:
        A GET request presents the user with choices for deleting the Item or
        canceling the operation.

    """
    if isActiveSession() is False:
        flash("Please log in to delete an item.")
        return redirect(url_for("listItem"))

    # Find the item's category by name
    category = Category.query.filter_by(name=category_name).one()

    # Find the item by matching it's name and category id to the above category.
    try:
        deleteItem = Item.query.filter_by(name=item_name, cat_id=category.id).one()

    except NoResultFound:
        flash("""No item named {0} was found in the {1} category.""".format(item_name, category_name))
        return redirect(url_for("listItem"))

    if canAlter(deleteItem.user_id) is False:
        flash("You are not authorized to delete that item.")
        return redirect(url_for("viewItem", key=deleteItem.id))

    # Forward the request to the Delete view.
    return render_template(
        "generic.html",
        viewType=os.path.join("partials", "delete.html"),
        modelType="item",
        key=deleteItem.id,
        name=item_name,
    )
Example #5
0
def deleteCategory(key):
    """Allow an Authorized User to delete a new Category or Process the
    deletion of a Category.

    Args:
        key (int): The primary key of the category.

    Returns:
        For a GET operation returns a View querying whether the user wants to
        delete the Category or cancel and go back to viewing it.

        A successful POST request deletes the Category and redirects to the
        list of Categories.

    """
    # Only an Authenticated User can add delete a category.
    if isActiveSession() is False:
        return redirect(url_for("listCategory"))

    deleteCategory = Category.query.filter_by(id=key).one()

    # If the logged in user did not create this Category then redirect.
    if canAlter(deleteCategory.user_id) is False:
        return redirect(url_for("viewCategory", key=deleteCategory.id))

    # Remove the Category from the Database
    if request.method == "POST":
        session.delete(deleteCategory)
        session.commit()

        flash("Category deleted!")
        # Back to the List of Categories
        return redirect(url_for("listCategory"))
    else:
        # Present options to Delete the Category or Cancel.
        return render_template(
            "generic.html",
            modelType="category",
            viewType=os.path.join("partials", "delete.html"),
            key=key,
            name=deleteCategory.name,
        )
Example #6
0
def editUser(key):
    """Present the Web User with an Edit View for the their User account.

    Args:
        key (int): An ID corresponding to a User record in the database.

    Returns:
        For a GET operation returns a Web View containing a form for editing
        data for the user.

        A successful POST request directs presents the updated Record view.

    """
    # Require Authentication to Edit Users
    if isActiveSession() is False:
        return redirect(url_for("listCategory"))

    edUser = User.query.filter_by(id=key).one()

    # Don't allow a user to change other user records
    if canAlter(edUser.id) is False:
        return redirect(url_for("listItem"))

    # Process the Edit User form when submitted.
    if request.method == "POST":
        edUser.name = request.form["name"]

        session.add(edUser)
        session.commit()

        return redirect(url_for("viewUser", key=edUser.id))

    else:
        # Present the Edit User Form
        return render_template(
            "generic.html",
            modelType="user",
            viewType=os.path.join("partials", "edit.html"),
            key=key,
            traits=edUser.traits(),
        )
Example #7
0
def viewCategory(key):
    """A View of a specific Category's record.

    Args:
        key (int): The primary key of the category.

    Returns:
        Presents the user with a list of all Categories

    """
    category = Category.query.filter_by(id=key).one()

    return render_template(
        "generic.html",
        modelType="category",
        viewType=os.path.join("partials", "view.html"),
        key=key,
        name=category.name,
        traits=category.traits(),
        allowAlter=canAlter(category.user_id),
    )
Example #8
0
def viewUser(key):
    """Present the Web User with a View for the Item with the id equal to key.

    Args:
        key (int): An ID corresponding to a User record in the database.

    Returns:
        The updated View in the User's browser that corresponds to the
        requested user.

    """
    vUser = User.query.filter_by(id=key).one()

    return render_template(
        "generic.html",
        modelType="user",
        viewType=os.path.join("partials", "view.html"),
        key=key,
        traits=vUser.traits(),
        name=vUser.name,
        allowAlter=canAlter(key),
    )
Example #9
0
def deleteItem(key):
    """Delete an Item selected by its primary key/id.

    Requires a user to be authenticated and to have created the item.

    Args:
        key (int): The primary key of the Item to delete.

    Returns:
        A GET request presents the user with choices for deleting the Item or
        canceling the operation.
    """
    if isActiveSession() is False:
        flash("Please log in to delete an item.")
        return redirect(url_for("listItem"))

    deleteItem = Item.query.filter_by(id=key).one()

    if canAlter(deleteItem.user_id) is False:
        # The active user did not create the item.
        flash("You are not authorized to delete this item.")
        return redirect(url_for("viewItem", key=key))

    if request.method == "POST":
        # The user submitted this item for deletion.
        session.delete(deleteItem)
        session.commit()

        flash("Item deleted!")
        return redirect(url_for("listItem"))

    else:
        # Present the Deletion View to the User for the given Item/Category
        category = Category.query.filter_by(id=deleteItem.cat_id).one()

        return redirect(url_for("delItem", category_name=category.name, item_name=deleteItem.name))