def deleteProduct(cid, pid):
#Check if the user is the owner of this product. Allow user to delete if they are the creator of it.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id = getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this product. Allow user to delete if they are the creator of it.
if database_service.hasProductPermission(pid, user_id):
if request.method == 'POST':
#When user clicks the Yes button, delete the product along with it's image from our database
database_service.DeleteProduct(pid)
flash('Product deleted!', 'alert-success')
return redirect(url_for('showProducts', cid=cid))
else:
sel_catagory = database_service.GetCatagoryByID(cid)
sel_product = database_service.GetProductByID(pid)
return render_template('deleteproduct.html',
catagories=catagories,
sel_catagory=sel_catagory,
sel_product=sel_product,
logged_in=logged_in,
username=username,
picture=picture)
else:
flash('No permission to delete this product!', 'alert-danger')
return redirect(url_for('showProducts', cid=cid))
def newProduct():
#Direct user to login page if not logged in. User must be logged in before creating products.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
if request.method == 'POST':
#When user clicks the submit button
#get the uploaded image information
pic_path = ''
file = request.files['file']
if file and allowed_file(file.filename):
#if there are image uploaded, save into /static/uploads
filename = secure_filename(file.filename)
pic_path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
file.save(pic_path)
#create the new product entry into our database
user_id = getSessionUserID()
database_service.NewProduct(request.form['name'], request.form['desc'],
request.form['price'],
request.form['flavour'], pic_path,
request.form['catagory'], user_id)
flash('New product created!', 'alert-success')
return redirect(url_for('newProduct'))
else:
return render_template('newproduct.html',
catagories=catagories,
logged_in=logged_in,
username=username,
picture=picture)
def deleteCatagory(cid):
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id = getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this catagory. Allow user to delete if they are the creator of it.
if database_service.hasCatagoryPermission(cid, user_id):
if request.method == 'POST':
#When user clicks the Yes button, delete the catagory from our database
database_service.DeleteCatagory(cid)
flash('Catagory deleted!', 'alert-success')
return redirect(url_for('IndexPage'))
else:
#When the page loads, load the deletecatagory.html page
sel_catagory = database_service.GetCatagoryByID(cid)
return render_template('deletecatagory.html',
catagories=catagories,
sel_catagory=sel_catagory,
logged_in=logged_in,
username=username,
picture=picture)
else:
#User is NOT the owner of this catagory. Show red alert message and redirect back to product page
flash('No permission to delete this catagory!', 'alert-danger')
return redirect(url_for('showProducts', cid=cid))
def editCatagory(cid):
#Direct user to login page if not logged in. User must be logged in before modifying catagories.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id = getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this catagory. Allow user to modify if they are the creator of it.
if database_service.hasCatagoryPermission(cid, user_id):
if request.method == 'POST':
#When user clicks the submit button, updates catagory information into our database
database_service.EditCatagory(cid, request.form['name'],
request.form['desc'])
flash('Catagory updated!', 'alert-success')
return redirect(url_for('showProducts', cid=cid))
else:
#When the page loads, load the editcatagory.html page
sel_catagory = database_service.GetCatagoryByID(cid)
return render_template('editcatagory.html',
catagories=catagories,
sel_catagory=sel_catagory,
logged_in=logged_in,
username=username,
picture=picture)
else:
#User is NOT the owner of this catagory. Show red alert message and redirect back to product page
flash('No permission to modify this catagory!', 'alert-danger')
return redirect(url_for('showProducts', cid=cid))
def IndexPage():
catagories = database_service.GetAllCatagory()
logged_in = CheckUserLoggedIn()
username = getSessionUsername()
picture = getSessionUserPic()
products = database_service.GetLatestProduct()
user_id = getSessionUserID()
return render_template('index.html',
catagories=catagories,
logged_in=logged_in,
username=username,
picture=picture,
products=products,
user_id=user_id)
def showProducts(cid):
username = getSessionUsername()
catagories = database_service.GetAllCatagory()
sel_catagory = database_service.GetCatagoryByID(cid)
products = database_service.GetProductByCatagory(cid)
user_id = getSessionUserID()
logged_in = CheckUserLoggedIn()
picture = getSessionUserPic()
return render_template('products.html',
catagories=catagories,
sel_catagory=sel_catagory,
products=products,
logged_in=logged_in,
username=username,
user_id=user_id,
picture=picture)
def showLogin():
logged_in = CheckUserLoggedIn()
picture = getSessionUserPic()
if logged_in:
username = getSessionUsername()
flash('You are already logged in as %s' % username, 'alert-success')
return redirect(url_for('IndexPage'))
catagories = database_service.GetAllCatagory()
#Generate state key
state = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for x in xrange(32))
login_session['state'] = state
return render_template('login.html',
catagories=catagories,
STATE=state,
picture=picture)
def editProduct(cid, pid):
#Direct user to login page if not logged in. User must be logged in before modifying products.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id = getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this catagory. Allow user to modify if they are the creator of it.
if database_service.hasProductPermission(pid, user_id):
if request.method == 'POST':
#When user clicks the submit button
pic_path = ''
file = request.files['file']
if file and allowed_file(file.filename):
#if there are new image uploaded, save into /static/uploads
filename = secure_filename(file.filename)
pic_path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
file.save(pic_path)
#update the modified product detail into our database
database_service.EditProduct(pid, request.form['name'],
request.form['desc'],
request.form['price'],
request.form['flavour'], pic_path,
request.form['catagory'])
flash('Product updated!', 'alert-success')
return redirect(url_for('showProducts', cid=cid))
else:
sel_catagory = database_service.GetCatagoryByID(cid)
sel_product = database_service.GetProductByID(pid)
return render_template('editproduct.html',
catagories=catagories,
sel_catagory=sel_catagory,
sel_product=sel_product,
logged_in=logged_in,
username=username,
picture=picture)
else:
#User is NOT the owner of this product. Show red alert message and redirect back to product page
flash('No permission to modify this product!', 'alert-danger')
return redirect(url_for('showProducts', cid=cid))
def newCatagory():
#Direct user to login page if not logged in. User must be logged in before creating catagories.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
if request.method == 'POST':
#When user clicks the submit button, create new catagory entry into our database
user_id = getSessionUserID()
database_service.NewCatagory(request.form['name'],
request.form['desc'], user_id)
flash('New catagory created!', 'alert-success')
return redirect(url_for('newCatagory'))
else:
#When the page loads, load the newcatagory.html page
return render_template('newcatagory.html',
catagories=catagories,
logged_in=logged_in,
username=username,
picture=picture)