def addItem():
if 'username' not in login_session:
return redirect(url_for('displayItems'))
cats = session.query(Category).all()
new_item = CategoryItem(name="", description="", category_id=-1)
if request.method == 'POST':
print request.form['_csrf_token']
print
if request.form['_csrf_token'] != login_session['_csrf_token']:
response = make_response(json.dumps("Invalid web token."), 400)
response.headers['Content-Type'] = 'application/json'
return response
new_item.name = request.form['name']
new_item.description = request.form['description']
new_item.category_id = request.form['category']
session.add(new_item)
session.commit()
return redirect(url_for('displayItemDetails', item_id=new_item.id))
else:
login_session['_csrf_token'] = randomToken()
return render_template('item_edit.html.j2', cats=cats, item=None, login_session=login_session)
def newCategoryItem(category_id):
""" Allow the category creator to create a new item. """
category = session.query(Category).filter_by(id=category_id).one()
# Prevent non-creator users adding new items.
if login_session['user_id'] != category.user_id:
flash(
'You are not authorized to add category items to this category. Please create your own category in order to add items.'
)
return redirect(url_for('categoryItems', category_id=category_id))
if request.method == 'POST':
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
price=request.form['price'],
category_id=category_id,
user_id=category.user_id)
# Check new item formatting, and reformat as default dollars if none given.
if not newItem.price.startswith(
str('$')) or not newItem.price.startswith(str('£')):
newItem.price = '$' + newItem.price
session.add(newItem)
# Flush and obtain default created item id.
session.flush()
createdItemID = newItem.id
flash('New Category %s Item Successfully Created' % (newItem.name))
# If upload selected, proceed to upload photo page for item.
if request.form['button'] == 'upload-image':
return redirect(
url_for('editCategoryItemImage',
category_id=category.id,
item_id=createdItemID))
# Otherwise create item without image and return to category items page.
else:
return redirect(url_for('categoryItems', category_id=category_id))
else:
return render_template('newCategoryItem.html', category=category)
def addNewItem():
DBSession = sessionmaker(bind=engine)
session = DBSession()
if 'username' not in login_session:
return redirect('/login')
if request.method == 'GET':
return render_template("addNewItem.html")
else:
categoryName = request.form['Item Category']
# categoryInStoreList = session.query(Category).filter_by(name=categoryName).all()
categoryInStoreList = session.query(Category).filter_by(
name=categoryName).all()
if len(categoryInStoreList) == 0:
newCate = Category(name=categoryName)
session.add(newCate)
session.commit()
newItem = CategoryItem(name=request.form['Item Name'],
info=request.form['Item Info'],
creator_id=login_session['user_id'],
category_id=newCate.id)
else:
newItem = CategoryItem(name=request.form['Item Name'],
info=request.form['Item Info'],
category_id=categoryInStoreList[0].id)
session.add(newItem)
session.commit()
return redirect(url_for('catalogList'))
def newCategoryItem(category_id):
""" Allow the category creator to create a new item. """
category = session.query(Category).filter_by(id=category_id).one()
# Prevent non-creator users adding new items.
if login_session['user_id'] != category.user_id:
flash('You are not authorized to add category items to this category. Please create your own category in order to add items.')
return redirect(url_for('categoryItems', category_id=category_id))
if request.method == 'POST':
newItem = CategoryItem(name=request.form['name'], description=request.form['description'], price=request.form[
'price'], category_id=category_id, user_id=category.user_id)
# Check new item formatting, and reformat as default dollars if none given.
if not newItem.price.startswith(str('$')) or not newItem.price.startswith(str('£')):
newItem.price = '$' + newItem.price
session.add(newItem)
# Flush and obtain default created item id.
session.flush()
createdItemID = newItem.id
flash('New Category %s Item Successfully Created' % (newItem.name))
# If upload selected, proceed to upload photo page for item.
if request.form['button'] == 'upload-image':
return redirect(url_for('editCategoryItemImage', category_id=category.id, item_id=createdItemID))
# Otherwise create item without image and return to category items page.
else:
return redirect(url_for('categoryItems', category_id=category_id))
else:
return render_template('newCategoryItem.html', category=category)
def addItem():
cats = session.query(Category).all()
new_item = CategoryItem(name="", description="", category_id=-1)
if request.method == 'POST':
new_item.name = request.form['name']
new_item.description = request.form['description']
new_item.category_id = request.form['category']
session.add(new_item)
session.commit()
return redirect(url_for('displayItemDetails', item_id= new_item.id))
else:
return render_template('item_edit.html.j2', cats=cats, item=None)
def addItem():
#if not logged in then redirect to login screen
if 'username' not in login_session:
return redirect('/login')
#post event when users creates item
if request.method == 'POST':
#query category item from database
categories = session.query(Category).order_by(asc(Category.name))
#get id of selected category
cat_id = getCategories(categories, request.form['category'])
#create new item in database
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
category_id=cat_id,
user_id=login_session['user_id'],
date_added=func.now())
session.add(newItem)
session.commit()
#show message confirming item is created and redirect to home page
flash('New Item %s Successfully Created' % (newItem.name))
return redirect(url_for('showCategories'))
else:
#query category item from database
categories = session.query(Category.id,
Category.name).order_by(asc(Category.name))
#if user is not logged in goto home page otherwise show CRUD page
if 'username' not in login_session:
return redirect(url_for('showCategories'))
else:
return render_template('additem.html', categories=categories)
def editCategory(category_id):
if 'username' not in login_session:
return render_template('login.html')
editedCategory = session.query(Category).filter_by(id=category_id).one()
if login_session['user_id'] != editedCategory.user_id:
flash('Cannot edit this category as you are not its owener')
return redirect(url_for('showCategories'))
if request.method == 'POST' and \
request.form['name'] != editedCategory.name:
if request.form['name']:
editedCategory.name = request.form['name']
flash('Category successfully edited to %s' % editedCategory.name)
return redirect(url_for('showCategories'))
elif request.method == 'POST':
flash('Nothing changed, operation cancelled or inputs where NULL')
return redirect(url_for('showCategories'))
else:
return render_template('editCategory.html', category=editedCategory)
if request.method == 'POST' and \
request.form['name'] != '' and request.form['description'] != '':
insertNewItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
user_id=login_session['user_id'],
category_id=category_id)
session.add(insertNewItem)
flash('New item %s created' % insertNewItem.name)
session.commit()
return redirect(url_for('showCategories'))
elif request.method == 'POST':
flash('Nothing changed, operation cancelled or inputs where NULL')
return redirect(url_for('showCategories'))
else:
return render_template('new_category_item.html')
def newItem():
if 'username' not in login_session:
return redirect(url_for('showAllCategories'))
# POST - Create new item and redirect back to the Catalog
if request.method == 'POST':
item = db_session.query(CategoryItem).filter_by(
title=request.form['item_title']).scalar()
if (item):
return """<script>function myFunction() {
alert('Name already taken. Please select a new name.');
window.history.back();}
</script><body onload='myFunction()'>"""
else:
category = db_session.query(Category).filter_by(
title=request.form['category_title']).one()
newItem = CategoryItem(last_updated=datetime.datetime.now(),
title=request.form['item_title'],
description=request.form['description'],
category_id=category.id,
user_id=login_session['user_id'])
db_session.add(newItem)
db_session.commit()
return redirect(url_for('showAllCategories'))
# GET - Return form for new item Creation
else:
categories = db_session.query(Category).order_by(asc(Category.title))
return render_template('newCategoryItem.html', categories=categories)
def add_item():
if 'user_id' not in login_session:
redirect('/index')
session = DBSession()
categories = session.query(Category).order_by(asc(Category.category_name))
if request.method == 'POST':
item_name = request.form['item_name']
item_description = request.form['item_description']
category_id = request.form['category_id']
user_id = login_session['user_id']
item = CategoryItem(name=item_name, description=item_description,
category_id=category_id, user_id=user_id)
session.add(item)
session.commit()
flash("Item Added!!")
session.close()
return redirect(
url_for(
'index',
categories=categories,
is_logged=True))
session.close()
return render_template(
'new_item.html',
is_logged=True,
categories=categories)
def addCategoryItem():
# Check if user is logged in
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
if not (request.form['name'] and request.form['description']):
flash('fill in all fields')
return redirect(url_for('addCategoryItem'))
# Add category item
newCategoryItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
category_id=request.form['category'],
user_id=login_session['user_id'])
session.add(newCategoryItem)
session.commit()
return redirect(url_for('showCategories'))
else:
# Get all categories
categories = session.query(Category).all()
return render_template('addCategoryItem.html', categories=categories)
def newItem():
"""This function renders the page for creating a new item in a category."""
# Check to see if the user is logged in.
if 'username' not in login_session:
return redirect('login')
# POST request allows us to modify our database.
if request.method == 'POST':
# Gather the information from the form.
newItem = CategoryItem(item_name=request.form['name'],
description=request.form['description'],
category_id=request.form['categories'],
user_id=login_session['user_id'])
session.add(newItem)
# Add the new item to the database.
session.commit()
flash('New Item Successfully Created')
return redirect(url_for('main_page'))
else:
# Query for all the categories users can select
categories = session.query(Category).all()
# Return the html that contains the form for creating a new item.
# Pass in the variable categories that the form needs to complete
# its job.
return render_template('newItem.html', categories=categories)
def newItem(category_name):
if 'username' not in login_session:
return redirect('/login')
category = session.query(Category).filter_by(name=category_name).one()
if login_session['user_id'] != category.user_id:
return "<script>function myFunction() {alert(\
'You are not authorized to add items to this category. '\
+'Please create your own category in order to add items.'\
);}</script><body onload='myFunction()'>"
if request.method == 'POST':
if request.form['name'] == '':
return "<script>function myFunction() {alert(\
'Name can not be empty.'\
);}</script><body onload='myFunction()'>"
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
price='$' + request.form['price'],
category=category,
user_id=category.user_id)
session.add(newItem)
session.commit()
flash('New Item %s Successfully Created' % (newItem.name))
return redirect(url_for('showCategory', category_name=category_name))
else:
return render_template('newItem.html', category=category)
def category_item_add(category_id):
cat = session.query(Category).get(category_id)
'''
If GET, render a template containing a form to add items.
'''
if request.method == "GET":
if "username" in login_session:
return render_template("itemform.html",
cat=cat,
new=True)
else:
return jsonify(message="You are not authorized to add items."), 401
'''
If POST, add new item.
'''
if request.method == "POST":
if "username" in login_session:
item = CategoryItem(name=request.form["name"],
description=request.form["desc"],
category_id=cat.id,
user_id=login_session["user_id"])
session.add(item)
session.commit()
return redirect(url_for(".category_index",
category_id=category_id))
def addCategoryItem(category_name):
"""
Adds an item to a category provided by input values in the
addcategoryitem.html form.
[C]RUD
"""
if not loggedIn():
return redirect(url_for('showLogin'))
category = session.query(Category).filter_by(name=category_name).one()
if request.method == 'POST':
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
image_url=request.form['image_url'],
category_id=category.id,
item_type=request.form['image_url'],
user_id=login_session['user_id'])
session.add(newItem)
session.commit()
flash("New category item (%s) created." % request.form['name'])
## After submitting new item, redirects back to main page.
return redirect(
url_for('showCategory',
category_name=category_name,
login_session=login_session))
else:
return render_template('addcategoryitem.html',
category=category,
login_session=login_session)
def newCategoryItem(category_id):
"""Create new items for category"""
# Get the item information
newItemCategory = (session.query(Category).filter_by(
id=category_id).one_or_none())
# Looks for a post request
if request.method == 'POST':
# checks the creator information
user_id = getUserId(login_session['email'])
# extracts the name field from my form using request.form
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
category_id=category_id,
user_id=user_id)
session.add(newItem)
session.commit()
flash("New category item created!")
return redirect(url_for('showCategory', category_id=category_id))
# If it's a get request
else:
return render_template('newcategoryitem.html',
category_id=category_id,
category=newItemCategory)
def addBook(category_id):
if 'username' not in login_session:
return redirect('/login')
selectedCategory = session.query(Category).filter_by(id=category_id).one()
if selectedCategory.user_id != login_session['user_id']:
return ("<script>function myFunction() " +
"{ alert('You are not authorized to add a book to"
" this category."
"You can only add the book with category "
"that you have created');"
"setTimeout(function() {history.go(-1);}, 100);}"
"</script><body onload='myFunction()''>")
if request.method == 'POST':
newBook = CategoryItem(name=request.form['name'],
author=request.form['author'],
description=request.form['description'],
category_id=category_id,
user_id=login_session['user_id'])
session.add(newBook)
session.commit()
flash('New Book %s Successfully Created' % newBook.name)
return redirect(url_for('showItems', category_id=category_id))
else:
return render_template('addBook.html',
category_id=category_id,
category_name=selectedCategory.name)
def newCategoryItem(category_name):
if "username" not in login_session:
return redirect("/login")
category = session.query(Category).filter_by(name=category_name).one()
if login_session["user_id"] != category.user_id:
return '''<script>function myFunction() {alert('You
are not authorized to add item items to this category.
Please create your own category in order to add items.
');}</script><body onload='myFunction()'>'''
if request.method == "POST":
request_name = request.form["name"]
count = session.query(CategoryItem).filter_by(
name=request_name).count()
if count > 0:
flash("Item %s already exists" % request_name)
else:
category = session.query(Category).filter_by(
name=category_name).one()
newItem = CategoryItem(
name=request.form["name"],
description=request.form["description"],
category=category,
user_id=category.user_id,
)
session.add(newItem)
session.commit()
flash("New Item %s Item Successfully Created" % (newItem.name))
return redirect(url_for("showItem", category_name=category_name))
else:
return render_template("newcategoryitem.html",
category_name=category_name)
def addItem(category_id):
category = session.query(Category).filter_by(id=category_id).one()
if request.method == 'POST':
# Set deafult image name
filename = 'placeholder-image.jpg'
# Required fileds are name and description
if (request.form['name'] and request.form['description']):
file = request.files.get('file') # Equal to None if there's no file
if file and allowed_file(file.filename):
# Get a secure filename and save the file into img folder
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
# Save item to DB and redirect
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
image='img/'+filename,
category_id=category_id)
category.total_item += 1
session.add(newItem)
session.commit()
flash('New item created')
return redirect(url_for('showItemList', category_id=category.id))
else:
return render_template('newItem.html', category=category,
login_session=login_session)
def addItem():
"""HTML endpoint add new item for logined user"""
if 'username' not in login_session:
return redirect('/login')
existCategoryNames = [i.name for i in session.query(Category).all()]
if request.method == 'POST':
if not (request.form['title'] and request.form['description']):
flash("Category name, Item title and description are necessary!")
return render_template('newitem.html')
newItem = CategoryItem(
title=request.form['title'],
description=request.form['description'],
user_id=login_session['user_id'],
category_id=getCategoryID(request.form.get('name'))
)
session.add(newItem)
session.commit()
flash('New item %s successfully created' % newItem.title)
return redirect(url_for('showCategories'))
else:
# return render_template('newitem.html')
return render_template('newitem.html', categories=existCategoryNames)
def newCategoryItem():
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
if (request.form['Title'] and request.form['Author']
and request.form['Description']):
categoryId = session.query(Category).filter_by(
name=request.form.get('category')).first().id
picture = save_file(request.files['file'], request.form['Title'],
request.form['Author'])
newItem = CategoryItem(title=request.form['Title'],
description=request.form['Description'],
categoryId=categoryId,
user_id=login_session['user_id'],
author=request.form['Author'],
picture=picture)
session.add(newItem)
session.commit()
return redirect(
url_for('showCategoryItems',
category_name=request.form.get('category')))
return redirect(url_for('showAllCategory'))
else:
if 'email' in login_session:
userId = getUserID(login_session['email'])
if userId:
userInfo = getUserInfo(userId)
else:
userInfo = None
userId = None
return render_template('newItemPage.html',
user_loged_in='username' in login_session,
userInfo=userInfo)
def newItem(category_id):
category = session.query(Category).filter_by(id=category_id).one_or_none()
creator_id = category.user_id
# Check if the user is the owner of the category
if login_session['user_id'] != creator_id:
# If a wrong user is logged in inform them
flash("You don't have the permission to do that.")
return redirect(url_for('showCategories'))
# Check to see if there is a POST request from the interface
if request.method == 'POST':
# Create a new item and commit it to the database
# title: the title entered in the form
# user_id: use the id of the logged in user
if request.form['title'] != '' and request.form['description'] != '':
item = CategoryItem(title=request.form['title'],
user_id=login_session['user_id'],
category_id=category_id,
description=request.form['description'])
session.add(item)
session.commit()
# Notify the user
flash('~*New Item Created')
return redirect(url_for('showItems', category_id=category_id))
else:
flash('your input was invalid, please try again')
return render_template('newItem.html', category_id=category_id)
return render_template('newItem.html', category_id=category_id)
def newcategoryItem(categories_id):
if 'username' not in login_session:
return redirect('/login')
categories = session.query(Categories).filter_by(id=categories_id).one()
# See if the logged in user is not the owner of book
creator = getUserInfo(categories.user_id)
user = getUserInfo(login_session['user_id'])
# If logged in user != item owner redirect them
if creator.id != login_session['user_id']:
flash("You can't add new category items"
" This belongs to %s" % creator.name)
return redirect(
url_for('showcategoryitems', categories_id=categories.id))
if request.method == 'POST':
newcategoryItem = CategoryItem(name=request.form['name'],
likes=request.form['likes'],
dislikes=request.form['dislikes'],
views=request.form['views'],
img_url=request.form['img_url'],
categories_id=categories_id,
user_id=categories.user_id)
session.add(newcategoryItem)
session.commit()
flash('New category item %s Successfully Created' %
(newcategoryItem.name))
return redirect(
url_for('showcategoryitems', categories_id=categories_id))
else:
return render_template('newcategoryitems.html',
categories_id=categories_id,
Categories=movielist)
def newItem():
isLoggedIn = 'username' in login_session
# The user must be Authenticated to use this function
if not isLoggedIn:
msg = "Sorry, you do not have access to this page.<br>"
msg = msg + "You must first login."
return render_template('error.html', message=msg)
# If it's a POST, add the item in the database
if request.method == 'POST':
newItem = CategoryItem(title=request.form['title'],
description=request.form['description'],
category_id=request.form['category_id'],
user_id=login_session['user_id'])
session.add(newItem)
session.commit()
return redirect(url_for('showCatalog'))
# If it's not a POST, just show the form
else:
categories = session.query(Category).order_by(Category.name).all()
return render_template('itemAdd.html', categories=categories)
def addCategoryItem(category_name):
message = "Please Fill Out All Required Fields"
if (request.method == 'POST'):
category = session.query(Category).filter_by(
name=request.form['category']).first()
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
category=category)
if newItem.name == "":
print("Empty Item Name")
message = "Error: Empty Item Name, please fill out all fields"
return render_template('addcategoryitem.html',
category_name=category_name,
message=message)
else:
session.add(newItem)
session.commit()
items = session.query(CategoryItem).filter_by(category=category)
return render_template('catalogitems.html',
category=category,
items=items)
else:
return render_template('addcategoryitem.html',
category_name=category_name,
message=message)
def add_category_item(item_name, item_description, category_id, user_id):
category_item = CategoryItem(name=item_name,
description=item_description,
category_id=category_id,
created_by_id=user_id)
session.add(category_item)
session.commit()
def addCategoryItem():
''' This route will go to the add item page where user can create or
add item if he is authorized to do it, authorization can be done
by third party api eg: google '''
DBSession = sessionmaker(bind=engine)
session = DBSession()
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
newCategoryItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
category_id=request.form['category'],
user_id=login_session['email'])
user_id = login_session['email']
session.add(newCategoryItem)
session.commit()
# flash message
return redirect(url_for('showCategories'))
else:
categories = session.query(Category).all()
return render_template('addcategory.html', categories=categories)
def newItem():
if 'username' not in login_session:
return redirect('/login')
categories = session.query(Category).all()
if session.query(User).filter_by(id=login_session['user_id']):
if request.method == 'POST':
user = session.query(User).filter_by(
name=login_session['username']).one()
category = session.query(Category).filter_by(
name=request.form['category']).one()
if request.form['name'] == '':
return render_template('newItem.html\
',
categories=categories,
login_session=login_session)
newItem = CategoryItem(name=request.form['name\
'],
description=request.form['description\
'],
category_id=category.id,
category=category,
user=user,
user_id=login_session['user_id'])
session.add(newItem)
session.commit()
flash('New %s Item Successfully Created' % (newItem.name))
return redirect(url_for('showCategory'))
else:
return render_template('newItem.html',
categories=categories,
login_session=login_session)
def addCategoryItem():
# Check if user is logged in
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
# TODO: Retain data when there is an error
if not request.form['name']:
flash('Please add a course name')
return redirect(url_for('addCategoryItem'))
if not request.form['description']:
flash('Please add a description')
return redirect(url_for('addCategoryItem'))
# Add category item
newCategoryItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
category_id=request.form['category'],
user_id=login_session['user_id'])
session.add(newCategoryItem)
session.commit()
return redirect(url_for('showCategories'))
else:
# Get all categories
categories = session.query(Category).all()
return render_template('addCategoryItem.html', categories=categories)
def categoryItemCreate(category_id):
""" Create a new item for the category using provided category ID.
User is required to be logged. If not, the method will redirect to a login
page.
Params:
category_id: category ID
Returns:
on GET, return a web-page presentation to create a new item.
on POST with Create button pressed, add new item to the database
and redirect to a list items for the category web-page.
on other POST requests, redirect to a list items for the category
web-page without user creation.
"""
if 'user_id' not in login_session:
return redirect('/login')
if request.method == 'POST':
if 'Create' in request.form:
newItem = CategoryItem(title=request.form['title'],
description=request.form['description'],
category_id=category_id,
user_id=login_session['user_id'])
session.add(newItem)
session.commit()
print "new category item "+newItem.title+" created!"
return redirect(url_for('listCategoryItems', category_id=category_id))
else:
return render_template("categoryItemCreate.html",
category_id=category_id)
def addNewItem(category):
if 'username' not in login_session:
return redirect('/login')
categoryForItems = session.query(Category).filter_by(name=category).one()
if login_session['user_id'] != categoryForItems.user_id:
return "<script>function myFunction() {"
+ "alert('You are not authorized to add items to this category. "
+ "Please create your own category in order to add items.');}"
+ "</script>"
+ "<body onload='myFunction()'>"
if request.method == 'POST':
filename = photos.save(request.files['photo'])
newItem = CategoryItem(name=request.form['name'],
description=request.form['description'],
price=request.form['price'],
picture=filename,
category=categoryForItems)
session.add(newItem)
flash('New Item %s Successfully Created' % newItem.name)
session.commit()
return redirect(url_for('index'))
else:
return render_template('newItem.html', category=category)
def addCategoryItem():
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
if not request.form['name']:
flash('Please add item name')
return redirect(url_for('addCategoryItem'))
if not request.form['description']:
flash('Please add a description')
return redirect(url_for('addCategoryItem'))
newCategoryItem = CategoryItem(name = request.form['name'],
description = request.form['description'],
category_id = request.form['category'],
user_id = login_session['user_id'])
session.add(newCategoryItem)
session.commit()
return redirect(url_for('showCategories'))
else:
categories = session.query(Category).all()
return render_template('addCategoryItem.html', categories = categories)
def newCategoryItem():
if 'username' not in login_session:
return redirect('/login')
if request.method == 'POST':
category = session.query(
Category).filter_by(name=request.form['categoryname']).one()
newItem = CategoryItem(
name=request.form['name'],
category_id=category.id)
if request.form['description']:
newItem.description = request.form['description']
else:
newItem.description = 'no description added yet'
session.add(newItem)
session.commit()
flash("new item created!")
return redirect(url_for('categories'))
else:
categories = session.query(Category).all()
return render_template('newitem.html', categories=categories)
def newCategoryItem(category_id):
'''
function to create a new item category
Args:
category_id: int the id of the category where we want to create
a new item.
We pick from the form POST the title and the description
as well as the picture
'''
# make sure the user is login
if 'username' not in login_session:
return redirect('/login')
# we get the category
category = session.query(Category).filter_by(id=category_id).one()
# make sure the user is the creator of the category
if login_session['user_id'] != category.user_id:
flash("You are not authorized to execute this action")
return redirect(url_for('showCategories'))
# if it is POST we will create
if request.method == 'POST':
# get the title and clean it a bit
title = request.form['title']
title = bleach.clean(title)
title = bleach.linkify(title)
# get the description and clean it a bit
description = request.form['description']
description = bleach.clean(description)
description = bleach.linkify(description)
# validating the request form
if not title:
flash("Please enter a Item title.")
return render_template('newitem.html', category_id=category_id)
newItem = CategoryItem(
title=title,
description=description,
category_id=category_id,
user_id=category.user_id
)
# first we are gonna declare the picture(file name)
# and the picture data binary as none
# validate the data and load them if necesary
picture_data = None
picture = None
# verify that we are getting an image file
# and that it is not too big>5Mb
picture = request.files['image']
if picture:
# only these options are allowed as a image
extensions = {".jpg", ".png", ".jpeg"}
# if not we let the client know
if not any(
str(picture.filename).endswith(ext)
for ext in extensions
):
flash
(
"Please load a Item image; " +
"only jpg, jpeg or png are allowed."
)
return render_template('newitem.html', category_id=category_id)
else:
# verify the size of the image
picture_data = request.files['image'].read()
if len(picture_data) > 5242880:
flash("Please load a Item image with size less than 5Mb.")
return render_template(
'newitem.html',
category_id=category_id
)
else:
newItem.image = picture.filename
newItem.image_data = picture_data
# verify that within the category there isn't another
# item with the same title
existingItem = session.query(CategoryItem).filter_by(
title=request.form['title'],
category_id=category_id).first()
if existingItem:
flash
(
"A Item with the same name already exists in this Category. " +
"Please choose a different name"
)
return render_template('newitem.html', category_id=category_id)
else:
# create item
session.add(newItem)
session.commit()
flash('New Item %s Successfully Created' % (newItem.title))
return redirect(url_for('showItem', category_id=category_id))
else:
# if not login render the public page
return render_template('newitem.html', category_id=category_id)
