def edit_item(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
if login_session.get('user_id') != item.user_id:
flash('Sorry you cannot edit item created by another user.')
return redirect(url_for(
'show_item', category_id=item.category_id,
slug=item.category.slug, item_id=item_id, item_slug=item.slug))
if request.method == 'POST':
picture_file = request.files['picture']
if picture_file and _allowed_file(picture_file.filename):
filename = str(uuid.uuid4()) + \
secure_filename(picture_file.filename)
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
picture_file.save(filepath)
else:
filename = ''
if filename:
original_filepath = os.path.join(
app.config['UPLOAD_FOLDER'], item.picture)
os.remove(original_filepath)
category_id = request.form['category_id']
name = request.form['name']
description = request.form['description']
edited_item = dbo.edit_item(
item_id, category_id, name, description, filename)
flash('Item %s is successfully edited.' % edited_item.name)
return redirect(url_for(
'show_item', category_id=edited_item.category_id,
slug=edited_item.category.slug, item_id=edited_item.id,
item_slug=edited_item.slug))
else:
return render_template(
'edit_item.html', category_id=category_id, item=item)
def edit_item(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
if login_session.get('user_id') != item.user_id:
flash('Sorry you cannot edit item created by another user.')
return redirect(
url_for('show_item',
category_id=item.category_id,
slug=item.category.slug,
item_id=item_id,
item_slug=item.slug))
if request.method == 'POST':
picture_file = request.files['picture']
if picture_file and _allowed_file(picture_file.filename):
filename = str(uuid.uuid4()) + \
secure_filename(picture_file.filename)
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
picture_file.save(filepath)
else:
filename = ''
if filename:
original_filepath = os.path.join(app.config['UPLOAD_FOLDER'],
item.picture)
os.remove(original_filepath)
category_id = request.form['category_id']
name = request.form['name']
description = request.form['description']
edited_item = dbo.edit_item(item_id, category_id, name, description,
filename)
flash('Item %s is successfully edited.' % edited_item.name)
return redirect(
url_for('show_item',
category_id=edited_item.category_id,
slug=edited_item.category.slug,
item_id=edited_item.id,
item_slug=edited_item.slug))
else:
return render_template('edit_item.html',
category_id=category_id,
item=item)
def delete_item(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
if login_session.get('user_id') != item.user_id:
flash('Sorry you cannot delete item created by another user.')
return redirect(
url_for('show_item',
category_id=item.category_id,
slug=item.category.slug,
item_id=item_id,
item_slug=item.slug))
if request.method == 'POST':
# Make sure csrf_token matches,
# to protect against cross-site request forgery
if request.form['csrf_token'] != login_session['csrf_token']:
response = make_response(json.dumps('Invalid csrf token'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if item.picture:
original_filepath = os.path.join(app.config['UPLOAD_FOLDER'],
item.picture)
os.remove(original_filepath)
name = item.name
slug = item.category.slug
dbo.delete_item(category_id, item_id)
flash('Item %s is successfully deleted.' % name)
return redirect(
url_for('show_category', category_id=category_id, slug=slug))
else:
# Generate csrf_token, and pass it to html form,
# to protect against cross-site request forgery
csrf_token = get_csrf_token()
login_session['csrf_token'] = csrf_token
return render_template('delete_item.html',
category_id=category_id,
item=item,
csrf_token=csrf_token)
def delete_item(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
if login_session.get('user_id') != item.user_id:
flash('Sorry you cannot delete item created by another user.')
return redirect(url_for(
'show_item', category_id=item.category_id,
slug=item.category.slug, item_id=item_id,
item_slug=item.slug))
if request.method == 'POST':
# Make sure csrf_token matches,
# to protect against cross-site request forgery
if request.form['csrf_token'] != login_session['csrf_token']:
response = make_response(json.dumps('Invalid csrf token'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if item.picture:
original_filepath = os.path.join(
app.config['UPLOAD_FOLDER'], item.picture)
os.remove(original_filepath)
name = item.name
slug = item.category.slug
dbo.delete_item(category_id, item_id)
flash('Item %s is successfully deleted.' % name)
return redirect(url_for(
'show_category', category_id=category_id, slug=slug))
else:
# Generate csrf_token, and pass it to html form,
# to protect against cross-site request forgery
csrf_token = get_csrf_token()
login_session['csrf_token'] = csrf_token
return render_template('delete_item.html',
category_id=category_id,
item=item,
csrf_token=csrf_token)
def show_item(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
return render_template('item.html', item=item)
def show_item_json(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
return jsonify(Item=item.serialize)
def show_item(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
return render_template('item.html', item=item)
def show_item_json(category_id, slug, item_id, item_slug=None):
item = dbo.get_item(category_id, item_id)
return jsonify(Item=item.serialize)
