def edit_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
edited_item = session.query(Item).filter_by(name=item_name,
category_id=category.id).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if edited_item.user_id != user_id:
message = json.dumps('You are not allowed to edit the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
# Post method
if request.method == 'POST':
if request.form['name']:
edited_item.name = request.form['name']
if request.form['description']:
edited_item.description = request.form['description']
if request.form['category']:
category = session.query(Category).filter_by(name=request.form
['category']).one()
edited_item.category = category
session.add(edited_item)
session.commit()
return redirect(url_for('show_category',
category_name=edited_item.category.name))
else:
categories = session.query(Category).all()
return render_template('edit_page.html', item=edited_item,
categories=categories)
def createUser(login_session):
newUser = User(username=login_session['username'],
email=login_session['email'],
picture=login_session['picture'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def create_user(login_session):
""" User helper functions
Creates a new user in our db
"""
new_user = User(name=login_session['username'],
email=login_session['email'])
session.add(new_user)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def add_category():
form = CategoryForm()
categories = session.query(Category).all()
if form.validate_on_submit():
name = form.name.data
new_category = Category(name=name, user_id=login_session['user_id'])
session.add(new_category)
session.commit()
flash('New Category Added', "flash-success")
return redirect(url_for('category_list', cat_id=new_category.id))
return render_template('add_category.html',
categories=categories,
form=form)
def add_item():
categories = session.query(Category).all()
if request.method == 'POST':
new_item = Item(
name=request.form['name'],
description=request.form['description'],
category=session.query(Category).
filter_by(name=request.form['category']).one(),
user_id=login_session['user_id'])
session.add(new_item)
session.commit()
return redirect(url_for('show_catalog'))
else:
return render_template('add_page.html', categories=categories)
def add_item(cat_id):
form = ItemForm()
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).first()
if form.validate_on_submit():
new_item = Item(name=form.name.data,
description=form.description.data or "No description",
category_id=category.id,
user_id=login_session['user_id'])
print new_item
session.add(new_item)
session.commit()
flash('Item added successfully.', "flash-success")
return redirect(url_for('category_list', cat_id=category.id))
return render_template('add_item.html',
categories=categories,
category=category,
form=form)