def user_profile(): """View current user's profile page.""" user_id = session["user_id"] user = db.query(User).filter_by(id = user_id).one() # sort user items alphabetically items = db.query(Item).filter_by(user_id = user_id).order_by(Item.name).all() return render_template("api/user.html", user = user, items = items)
def view_category(category_id): """View a specific category.""" try: category = db.query(Category).filter_by(id = category_id).one() except NoResultFound: abort(404) items = db.query(Item).filter_by(category_id = category.id) return render_template("api/category.html", category = category, items = items)
def view_category(category_id): """Shows a specific category.""" try: category = db.query(Category).filter_by(id=category_id).one() except NoResultFound: abort(404) items = db.query(Item).filter_by(category_id=category.id) return render_template("api/category.html", category=category, items=items)
def view_category_json(category_id): """Category in json format.""" try: category = db.query(Category).filter_by(id = category_id).one() except NoResultFound: abort(404) items = db.query(Item).filter_by(category_id = category.id).all() return jsonify(category = category.serialize, items = [i.serialize for i in items])
def view_catalog(): """Catalog homepage.""" categories = db.query(Category).all() items = db.query(Item).order_by(Item.name).all() latest_items = db.query(Item).order_by(Item.updated.desc()) \ .limit(LATEST_ITEMS_TO_SHOW).all() return render_template("api/catalog.html", categories = categories, items = items, latest_items = latest_items)
def view_catalog(): """homepage.""" categories = db.query(Category).all() items = db.query(Item).order_by(Item.name).all() latest_items = db.query(Item).order_by(Item.updated.desc()) \ .limit(LATEST_ITEMS_TO_SHOW).all() return render_template("api/catalog.html", categories=categories, items=items, latest_items=latest_items)
def view_item_json(item_id): """Item in json format.""" try: item = db.query(Item).filter_by(id = item_id).one() except NoResultFound: abort(404) return jsonify(item = item.serialize)
def delete_item(item_id): """Delete an item.""" try: item = db.query(Item).filter_by(id = item_id).one() except NoResultFound: abort(404) # only author can delete item if item.user_id != session['user_id']: flash(message = "You are not allowed to remove this item", category = "error") return render_template("api/item.html", item = item) # populate form - just a base form here for csrf validation form = CSRFForm(request.form) # display and validate form if request.method != 'POST' or not form.validate(): return render_template('api/delete_item.html', form = form, item = item) # delete the item db.delete(item) db.commit() flash(message = "Item successfully removed", category = "success") return redirect(url_for('api.view_catalog'))
def new_item(): """Creates new item.""" form = ItemForm(request.form) categories = db.query(Category).order_by(Category.name).all() form.category_id.choices = [(c.id, c.name) for c in categories] if request.method != 'POST' or not form.validate(): return render_template('api/new_item.html', form=form) form_file = request.files[form.image.name] img_filename = None if form_file: filename = secure_filename(form_file.filename) filename = generate_unique_filename(filename) form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) img_filename = filename new_item = Item(name=form.name.data, description=form.description.data, category_id=form.category_id.data, image=img_filename, user_id=session['user_id']) db.add(new_item) db.commit() flash(message="Item successfully created", category="success") return redirect(url_for('api.view_item', item_id=new_item.id))
def new_item(): """Create new item.""" # populate form form = ItemForm(request.form) categories = db.query(Category).order_by(Category.name).all() # sort alphabetically form.category_id.choices = [(c.id, c.name) for c in categories] # display and validate form if request.method != 'POST' or not form.validate(): return render_template('api/new_item.html', form = form) # get image file form_file = request.files[form.image.name] img_filename = None if form_file: filename = secure_filename(form_file.filename) filename = generate_unique_filename(filename) form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) img_filename = filename # create item new_item = Item( name = form.name.data, description = form.description.data, category_id = form.category_id.data, image = img_filename, user_id = session['user_id']) db.add(new_item) db.commit() flash(message = "Item successfully created", category = "success") return redirect(url_for('api.view_item', item_id = new_item.id))
def view_item(item_id): """Shows a specific item.""" try: item = db.query(Item).filter_by(id=item_id).one() except NoResultFound: abort(404) return render_template("api/item.html", item=item)
def view_item(item_id): """View a specific item.""" try: item = db.query(Item).filter_by(id = item_id).one() except NoResultFound: abort(404) return render_template("api/item.html", item = item)
def create_user(login_session): newUser = User(name=login_session['username'], email=login_session['email'], picture=login_session['picture']) db.add(newUser) db.commit() user = db.query(User).filter_by(email=login_session['email']).one() return user.id
def users_json(): """List of users in json format. This is for debugging and should probably be removed or protected. TODO (pt314): Remove or protect this endpoint. """ users = db.query(User).all() return jsonify(users = [u.serialize for u in users])
def create_user(login_session): newUser = User( name = login_session['username'], email = login_session['email'], picture = login_session['picture']) db.add(newUser) db.commit() user = db.query(User).filter_by(email = login_session['email']).one() return user.id
def edit_item(item_id): """Edit an item.""" try: item = db.query(Item).filter_by(id = item_id).one() except NoResultFound: abort(404) # only author can edit item if item.user_id != session['user_id']: flash(message = "You are not allowed to update this item", category = "error") return render_template("api/item.html", item = item) # populate form form = ItemForm(request.form, item) categories = db.query(Category).order_by(Category.name).all() # sort alphabetically form.category_id.choices = [(c.id, c.name) for c in categories] # display and validate form if request.method != 'POST' or not form.validate(): return render_template('api/edit_item.html', form = form, item = item) # get image file form_file = request.files[form.image.name] img_filename = None if form_file: filename = secure_filename(form_file.filename) filename = generate_unique_filename(filename) form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) img_filename = filename # edit item item.name = form.name.data item.description = form.description.data item.category_id = form.category_id.data # only replace image if new image is uploaded if img_filename: item.image = img_filename db.add(item) db.commit() flash(message = "Item successfully updated", category = "success") return redirect(url_for('api.view_item', item_id = item.id))
def edit_item(item_id): """Edit an item.""" try: item = db.query(Item).filter_by(id=item_id).one() except NoResultFound: abort(404) if item.user_id != session['user_id']: flash(message="You access to update this item id denied", category="error") return render_template("api/item.html", item=item) form = ItemForm(request.form, item) categories = db.query(Category).order_by(Category.name).all() form.category_id.choices = [(c.id, c.name) for c in categories] if request.method != 'POST' or not form.validate(): return render_template('api/edit_item.html', form=form, item=item) form_file = request.files[form.image.name] img_filename = None if form_file: filename = secure_filename(form_file.filename) filename = generate_unique_filename(filename) form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) img_filename = filename item.name = form.name.data item.description = form.description.data item.category_id = form.category_id.data if img_filename: item.image = img_filename db.add(item) db.commit() flash(message="Item updation is successfull", category="success") return redirect(url_for('api.view_item', item_id=item.id))
def recent_atom_feed(): """Atom feed with recently created and updated items.""" feed = AtomFeed('Latest Items', feed_url = request.url, url = request.url_root) items = db.query(Item).order_by(Item.updated.desc()).limit(ATOM_FEED_SIZE).all() for item in items: item_url = url_for('api.view_item', item_id = item.id) feed.add(title = item.name, content = unicode(item.name + " (" + item.category.name + "): " + item.description), content_type = 'text', author = item.user.name, url = make_external(item_url), updated = item.updated, published = item.created) return feed.get_response()
def delete_item(item_id): """Deletes an item.""" try: item = db.query(Item).filter_by(id=item_id).one() except NoResultFound: abort(404) if item.user_id != session['user_id']: flash(message="You access to remove this item is denied", category="error") return render_template("api/item.html", item=item) form = CSRFForm(request.form) if request.method != 'POST' or not form.validate(): return render_template('api/delete_item.html', form=form, item=item) db.delete(item) db.commit() flash(message="Item successfully removed", category="success") return redirect(url_for('api.view_catalog'))
def view_catalog_json(): """Catalog in json format.""" categories = db.query(Category).all() items = db.query(Item).all() return jsonify(categories = [c.serialize for c in categories], items = [i.serialize for i in items])
def get_user_id(email): try: user = db.query(User).filter_by(email=email).one() return user.id except: return None
def get_user_info(user_id): user = db.query(User).filter_by(id=user_id).one() return user
def users_json(): """List of users.""" users = db.query(User).all() return jsonify(users=[u.serialize for u in users])
def get_user_id(email): try: user = db.query(User).filter_by(email = email).one() return user.id except: return None