def delete_category(cat_id):
form = ConfirmForm()
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).first()
items = session.query(Item).filter_by(category_id=cat_id).all()
# Flask-WTF and WTForms is used to manage form creation and to provide
# CSRF protection
if form.validate_on_submit():
session.delete(category)
# If there are items in this category, they will be also deleted
# from the database.
# Implemented cascade property in models.py therefore this is no
# longer necessary.
# if items:
# for item in items:
# session.delete(item)
session.commit()
flash("Category deleted successfully.", "flash-success")
return redirect(url_for('index'))
if (category.user_id != login_session['user_id']):
flash("You must be the owner to delete this category.",
"flash-warning")
return redirect(url_for('category_list', cat_id=category.id))
else:
return render_template('delete_category.html',
categories=categories,
category=category,
items=items,
form=form)
def edit_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
edited_item = session.query(Item).filter_by(name=item_name,
category_id=category.id).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if edited_item.user_id != user_id:
message = json.dumps('You are not allowed to edit the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
# Post method
if request.method == 'POST':
if request.form['name']:
edited_item.name = request.form['name']
if request.form['description']:
edited_item.description = request.form['description']
if request.form['category']:
category = session.query(Category).filter_by(name=request.form
['category']).one()
edited_item.category = category
session.add(edited_item)
session.commit()
return redirect(url_for('show_category',
category_name=edited_item.category.name))
else:
categories = session.query(Category).all()
return render_template('edit_page.html', item=edited_item,
categories=categories)
def createUser(login_session):
newUser = User(username=login_session['username'],
email=login_session['email'],
picture=login_session['picture'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def create_user(login_session):
""" User helper functions
Creates a new user in our db
"""
new_user = User(name=login_session['username'],
email=login_session['email'])
session.add(new_user)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def add_category():
form = CategoryForm()
categories = session.query(Category).all()
if form.validate_on_submit():
name = form.name.data
new_category = Category(name=name, user_id=login_session['user_id'])
session.add(new_category)
session.commit()
flash('New Category Added', "flash-success")
return redirect(url_for('category_list', cat_id=new_category.id))
return render_template('add_category.html',
categories=categories,
form=form)
def add_item():
categories = session.query(Category).all()
if request.method == 'POST':
new_item = Item(
name=request.form['name'],
description=request.form['description'],
category=session.query(Category).
filter_by(name=request.form['category']).one(),
user_id=login_session['user_id'])
session.add(new_item)
session.commit()
return redirect(url_for('show_catalog'))
else:
return render_template('add_page.html', categories=categories)
def delete_item(item_id):
form = ConfirmForm()
categories = session.query(Category).all()
item = session.query(Item).filter_by(id=item_id).first()
if item.user_id != login_session['user_id']:
flash("You must be the owner to delete this item.", "flash-warning")
return redirect(url_for('item', item_id=item.id))
if form.validate_on_submit():
session.delete(item)
session.commit()
flash('Item successfully deleted.', "flash-success")
return redirect(url_for('index'))
return render_template('delete_item.html',
categories=categories,
item=item,
form=form)
def add_item(cat_id):
form = ItemForm()
categories = session.query(Category).all()
category = session.query(Category).filter_by(id=cat_id).first()
if form.validate_on_submit():
new_item = Item(name=form.name.data,
description=form.description.data or "No description",
category_id=category.id,
user_id=login_session['user_id'])
print new_item
session.add(new_item)
session.commit()
flash('Item added successfully.', "flash-success")
return redirect(url_for('category_list', cat_id=category.id))
return render_template('add_item.html',
categories=categories,
category=category,
form=form)
def edit_item(item_id):
form = ItemEditForm()
item = session.query(Item).filter_by(id=item_id).one()
if item.user_id != login_session['user_id']:
flash("You must be the owner to make changes to this item.",
"flash-warning")
return redirect(url_for('item', item_id=item.id))
# The choices for the dropdown selectfield is dynamically populated by
# querying the Category table.
categories = session.query(Category).all()
# The default value of the selectfield is also dynamically set.
category = session.query(Category).all()
select_field = [(c.id, c.name) for c in category]
if request.method == 'POST':
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category_id.data
session.commit()
flash('Item edited successfully.', "flash-success")
return redirect(url_for('item', item_id=item.id))
if request.method == 'GET':
# Dynamically assigned selectfield and default value is assigned
form.category_id.choices = select_field
form.category_id.default = item.category_id
# form.process() is run to process the choices and default value
form.process()
# The form is provided with the default values after the selectfied
# has been processed.
form.name.data = item.name
form.description.data = item.description
return render_template('edit_item.html',
categories=categories,
category=category,
item=item,
form=form)
def delete_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
item_to_delete = session.query(Item).filter_by(name=item_name,
category=category).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if item_to_delete.user_id != user_id:
message = json.dumps('You are not allowed to delete the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
if request.method == 'POST':
session.delete(item_to_delete)
session.commit()
return redirect(url_for('show_category',
category_name=category.name))
else:
return render_template('delete_page.html', item=item_to_delete)