def delete_item_by_id(category_id, item_id): """ HTML endpoint providing a form to delete an item """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to delete an item') return redirect('/login') item = session.query(Item).filter_by(id=item_id).one() # Users may delete only items they created if not Permissions.get_user_permissions_for_item(item).delete: flash('you may delete only items you created') return redirect(url_for('get_category_by_id', category_id=category_id)) if request.method == 'POST': session.delete(item) session.commit() flash('item deleted') return redirect(url_for('get_category_by_id', category_id=category_id)) else: category = session.query(Category).filter_by(id=category_id).one() return UserUtils.render_user_template('item_delete.html', category=category, category_id=category_id, item=item, page_title="%s %s Item" % ("Delete", item.title))
def update_item_by_id(category_id, item_id): """ HTML endpoint providing a form to edit an item """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to edit an item') return redirect('/login') item = session.query(Item).filter_by(id=item_id).one() # Users may update only items they created if not Permissions.get_user_permissions_for_item(item).update: flash('you may edit only items you created') return redirect(url_for('get_category_by_id', category_id=category_id)) category = session.query(Category).filter_by(id=category_id).one() if request.method == 'POST': # Extract and validate the form inputs (title, title_error) = \ extract_and_validate_item_title(request.form) (description, description_error) = \ extract_and_validate_item_description(request.form) if title_error or description_error: return UserUtils.render_user_template( 'item_update.html', category=category, category_id=category_id, item=item, page_title="%s %s Item" % ("Edit", item.title), title=title, title_error=title_error, description=description, description_error=description_error) # Create the item in the data store item.title = title item.description = description session.add(item) session.commit() flash('item updated') return redirect(url_for('get_category_by_id', category_id=category_id)) else: return UserUtils.render_user_template('item_update.html', category=category, category_id=category_id, item=item, page_title="%s %s Item" % ("Edit", item.title), title=item.title, description=item.description)
def get_category_by_id(category_id): """ HTML endpoint providing details for a given category """ category = session.query(Category).filter_by(id=category_id).one() items = session.query(Item).filter_by(category_id=category_id).all() return UserUtils.render_user_template( 'category_items.html', category=category, items=items, page_title="%s Category" % category.name, can=Permissions.get_user_permissions_for_category(category))
def get_item_by_id(category_id, item_id): """ HTML endpoint providing details for a given item within a category """ category = session.query(Category).filter_by(id=category_id).one() item = session.query(Item).filter_by(id=item_id).one() return UserUtils.render_user_template( 'item_read.html', category=category, category_id=category_id, item=item, page_title="%s Item" % item.title, can=Permissions.get_user_permissions_for_item(item))
def api_get_items_by_category_id(category_id): """ API endpoint providing a list of all items within a given category """ items = session.query(Item).filter_by(category_id=category_id).all() def serialize(i): """ Provides a representation of an item, suitable for conversion to JSON format """ return { 'id': i.id, 'url': url_for('api_get_item_by_id', category_id=i.category_id, item_id=i.id), 'user_id': i.user_id, 'category_id': i.category_id, 'title': i.title, 'description': i.description } return jsonify(items=[serialize(item) for item in items])
def delete_category_by_id(category_id): """ HTML endpoint providing a form to delete a category """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to delete categories') return redirect('/login') category = session.query(Category).filter_by(id=category_id).one() if not Permissions.get_user_permissions_for_category(category).delete: flash('you may delete only empty categories you created') return redirect(url_for('get_categories')) if request.method == 'POST': session.delete(category) session.commit() flash('category deleted') return redirect(url_for('get_categories')) else: return UserUtils.render_user_template('category_delete.html', category=category, page_title="%s %s Category" % ("Delete", category.name))
def api_get_category(category_id): """ API endpoint providing details for a given category """ category = \ session.query(Category).filter_by(id=category_id).one() items = \ session.query(Item).filter_by(category_id=category_id).all() def serialize_item(i): """ Provides a representation of an item, suitable for conversion to JSON format """ return { 'id': i.id, 'user_id': i.user_id, 'category_id': i.category_id, 'url': url_for('api_get_item_by_id', category_id=i.category_id, item_id=i.id), 'title': i.title, 'description': i.description } items = [serialize_item(item) for item in items] def serialize(c): """ Provides a representation of a category, suitable for conversion to JSON format """ return { 'id': c.id, 'user_id': c.user_id, 'name': c.name, 'items': items } return jsonify(category=serialize(category))
def get_categories(): """ HTML endpoint providing a list of all categories """ items = session.query(Category).all() return UserUtils.render_user_template('category_list.html', categories=items, page_title="Category List")
def try_get_user_by_email(email): """ Retrieves and returns a user by email from the data repository, or None if the user is not found :type email: String :rtype: User """ try: return session.query(User).filter_by(email=email).one() except: return None
def create_user(fields): """ Creates and returns a new user in the data repository given a dictionary containing the user's username, email, and picture :rtype: User """ user = User(name=fields['username'], email=fields['email'], picture=fields['picture']) session.add(user) session.commit() return session.query(User).filter_by(email=fields['email']).one()
def create_item(category_id): """ HTML endpoint providing a form to create a new item within a category """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to create an item') return redirect('/login') category = \ session.query(Category).filter_by(id=category_id).one() if request.method == 'POST': # Extract and validate the form inputs (title, title_error) = \ extract_and_validate_item_title(request.form) (description, description_error) = \ extract_and_validate_item_description(request.form) if title_error or description_error: return UserUtils.render_user_template( 'item_create.html', category=category, category_id=category_id, title=title, title_error=title_error, description=description, description_error=description_error) # Create the item in the data store item = Item(title=title, description=description, category_id=category_id, user_id=UserUtils.get_authenticated_user_id()) session.add(item) session.commit() flash('item created') return redirect(url_for('get_category_by_id', category_id=category_id)) else: return UserUtils.render_user_template('item_create.html', category=category, category_id=category_id)
def get_user_permissions_for_category(category): """ :param category: Category :rtype: Permissions """ belongs_to_user = \ category.user_id == UserUtils.get_authenticated_user_id() is_in_use = \ session.query(Item). \ filter_by(category_id=category.id). \ count() return Permissions(create=True, read=True, update=belongs_to_user, delete=belongs_to_user and not is_in_use)
def update_category_by_id(category_id): """ HTML endpoint providing a form to edit a category """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to edit categories') return redirect('/login') category = session.query(Category).filter_by(id=category_id).one() if not Permissions.get_user_permissions_for_category(category).update: flash('you may edit only categories you created') return redirect(url_for('get_categories')) if request.method == 'POST': # Extract and validate the form inputs (name, name_error) = \ extract_and_validate_category_name(request.form) if name_error: return UserUtils.render_user_template('category_update.html', category=category, page_title="%s %s Category" % ("Edit", category.name), name=name, name_error=name_error) # Create the item in the data store category.name = name session.add(category) session.commit() flash('category updated') return redirect(url_for('get_category_by_id', category_id=category_id)) else: return UserUtils.render_user_template('category_update.html', category=category, page_title="%s %s Category" % ("Edit", category.name), name=category.name)
def api_get_categories(): """ API endpoint providing a list of all categories """ categories = session.query(Category).all() def serialize(c): """ Provides a representation of a category, suitable for conversion to JSON format """ return { 'id': c.id, 'user_id': c.user_id, 'name': c.name, 'items_url': url_for('api_get_items_by_category_id', category_id=c.id) } return jsonify(categories=[serialize(category) for category in categories])
def api_get_item_by_id(category_id, item_id): """ API endpoint providing details for a given item within a category """ item = session.query(Item). \ filter_by(category_id=category_id, id=item_id). \ one() def serialize_item(i): """ Provides a representation of an item, suitable for conversion to JSON format """ return { 'id': i.id, 'user_id': i.user_id, 'category_id': i.category_id, 'category_url': url_for('api_get_category', category_id=i.category_id), 'title': i.title, 'description': i.description } return jsonify(item=serialize_item(item))