def post(self):
# One can only delete themselves, if they are logged in and post with a
# vaild state
if not self.request.form.get("csrf") == session.get('state'):
return self.flash_out(
"The state does not match the session, please try again", 401, url_for("myaccount_view"))
# Get the user id from session
uid = session.get('uid')
if not uid:
self.auth.logout()
return self.flash_out(
"No valid login detected", 401, url_for("login_view"))
# Revoke the access token for the provider
provider = session.get('provider')
if provider == "google":
self.google.disconnect()
elif provider == 'facebook':
self.facebook.disconnect()
# Delete all the items that belong to the user
Items.delete_by_user(dbs, uid)
# Delete the user's image
Images.delete_by_id(dbs, self.user.picture)
# Delete the user
User.delete_user(dbs, uid)
self.auth.logout()
return self.flash_out("The account has been deleted", 200, "/")
def post(self, category, item_id):
# Check CSRF state
state = self.request.form.get("csrf")
if state != session['state']:
return self.flash_out(
"The CSRF state is not valid, try again", 401, "/")
# Check if item is in the db
item = Items.get_by_id(dbs, item_id)
if not item or item.user_id != self.user_info['uid']:
return self.flash_out(
"The item you are trying to update does not belong to you.", 401, "/")
# List of fileds allowed to be updated
update_fields = ["name", "description", "category", "link"]
new_vals = {}
for field in update_fields:
new_val = self.request.form.get(field)
# if the user is choosing to update this field and it's not the
# same value as before
if new_val and not getattr(item, field) == new_val:
new_vals[field] = new_val
setattr(item, field, new_val)
# if there are updates and they are valid properties
if new_vals:
new_vals_valid, new_vals_test_error = utils.test_item_prop(
new_vals)
if not new_vals_valid:
return self.flash_out(new_vals_test_error, 401, "/")
prev_img_id = None
upload_file = self.request.files["picture"]
if upload_file:
if item.picture:
# Changing the image name in order to prevent atomicity
# problems (deleting and immediately writing to the same id)
image_name = item.picture.split(".")[0]
image_number = (
(int(image_name[-1]) + 1) if image_name[-1].isdigit() else 1)
image_name = image_name + str(image_number)
else:
image_name = utils.remove_special_characters(
item.name + item.category) + "_img"
img = self.upload_image_file(upload_file, image_name)
if img:
prev_img_id = item.picture
item.picture = img.id
# if there are no new values and no new image
elif not new_vals:
return self.flash_out(" No new updates submitted", 200, url_for(
"item_view", category=item.category, item_id=item.id))
# persist the changes
Items.update_item(dbs, item)
# Erase the previous picture from the db
if prev_img_id:
Images.delete_by_id(dbs, prev_img_id)
return self.flash_out("Item has been updated", 200, url_for(
"item_view", category=item.category, item_id=item.id))
