def deleteUser(user_id): user = getUserInfo(user_id) if request.method == 'GET': return render_template('deleteuser.html', user=user) session.delete(user) session.commit() flash("Successfully deleted user") return redirect(url_for('logout'))
def deleteCategory(category_id): category = getCategoryInfo(category_id) # we still need to check for the emptiness of the category so we may # protect categories that are not empty from deletion if not category.items: if request.method == 'GET': return render_template('deletecategory.html', category=category) else: session.delete(category) session.commit() flash("Successfully deleted category %s" % category.title) return redirect(url_for('index')) flash("A category may only be deleted if it doesn't have any items") return redirect(url_for('showCategory', category_id=category.id))
def deleteItem(category_id, item_id): item = getItemInfo(item_id) category = getCategoryInfo(category_id) if request.method == 'GET': return render_template( 'deleteitem.html', category=category, item=item ) else: # Before deleting the item from the db, we delete it's picture file deleteItemPicture(item.picture) session.delete(item) session.commit() flash("Successfully deleted item %s" % item.title) return redirect(url_for('showCategory', category_id=category.id))
def deleteItem(item_id): """ GET /item/item id/delete: Render an delete item form page POST /item/item id/delete: Delete the selected item from database """ token = request.cookies.get('token') expire_time = request.cookies.get('expire_time') # Only authorized user can see an edit item page if not token: flash("You are not authorized.") return redirect(url_for('basic.showMain')) if request.method == "GET": # Only authorized user can see a delete item page user_data = validate_token(token, expire_time) if not user_data: flash("You are not authorized.") return redirect(url_for('basic.showMain')) item = Item.get_by_id(session, item_id) return render_template('delete_item.html', item=item, user=user_data) if request.method == "POST": # When user send POST request, # we get a token again from HTTP header, not from cookie token = request.headers.get('Authorization') # Get item to delete item = Item.get_by_id(session, item_id) # Only authorized user can delete this item user_data = validate_token(token, expire_time) if not user_data: response = make_response( json.dumps({ "message": "You are not authorized", "redirect": url_for('basic.showItemDetail', category_id=item.category_id, item_id=item_id) }), 401 ) response.headers['Content-Type'] = 'application/json' return response # Only authorized user can delete an item # Authorized user id must be the same as # the user's id who created the item before. user = User.get_by_id(session, user_data.get("id")) if not User.is_authorized(session, user.id, item_id): response = make_response( json.dumps({ "message": "You are not authorized", "redirect": url_for('basic.showItemDetail', category_id=item.category_id, item_id=item_id) }), 401 ) response.headers['Content-Type'] = 'application/json' return response session.delete(item) session.commit() response = make_response( json.dumps({ "message": "The item was successfully deleted.", "redirect": url_for('basic.showMain') }), 200 ) response.headers['Content-Type'] = 'application/json' return response
def deleteItem(item_id): """ GET /item/item id/delete: Render an delete item form page POST /item/item id/delete: Delete the selected item from database """ token = request.cookies.get("token") expire_time = request.cookies.get("expire_time") # Only authorized user can see an edit item page if not token: flash("You are not authorized.") return redirect(url_for("basic.showMain")) if request.method == "GET": # Only authorized user can see a delete item page user_data = validate_token(token, expire_time) if not user_data: flash("You are not authorized.") return redirect(url_for("basic.showMain")) item = Item.get_by_id(session, item_id) return render_template("delete_item.html", item=item, user=user_data) if request.method == "POST": # When user send POST request, # we get a token again from HTTP header, not from cookie token = request.headers.get("Authorization") # Get item to delete item = Item.get_by_id(session, item_id) # Only authorized user can delete this item user_data = validate_token(token, expire_time) if not user_data: response = make_response( json.dumps( { "message": "You are not authorized", "redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id), } ), 401, ) response.headers["Content-Type"] = "application/json" return response # Only authorized user can delete an item # Authorized user id must be the same as # the user's id who created the item before. user = User.get_by_id(session, user_data.get("id")) if not User.is_authorized(session, user.id, item_id): response = make_response( json.dumps( { "message": "You are not authorized", "redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id), } ), 401, ) response.headers["Content-Type"] = "application/json" return response session.delete(item) session.commit() response = make_response( json.dumps({"message": "The item was successfully deleted.", "redirect": url_for("basic.showMain")}), 200 ) response.headers["Content-Type"] = "application/json" return response