def request_item():
item_id = request.vars.get('id')
item_info = db_access.get_item(db, item_id)
item_owner = item_info.owner_id
trade_id = db_access.create_trade(db, current_user, item_owner, item_id)
redirect(URL('trade', 'trade_details', args=trade_id))
return dict()
def index():
"""
Display details of a single item. The item should be specified by passing
its ID as a query parameter, e.g. /item?id=123
"""
# Check that an ID was passed in, and show a 404 error if not.
try:
item_id = int(request.vars.get('id'))
except ValueError as error:
redirect(URL('error', 'not_found', args='item'))
# Retrieve the item from the database.
item = db_access.get_item(db, item_id)
# Check that the item actually exists.
if item is None:
redirect(URL('error', 'not_found', args='item'))
# Check if the item is private. If it is, the logged in user must match
# the owner of the item.
if item.private:
if auth.user_id != item.owner_id:
redirect(URL('error', 'private', args='item'))
# Get the details of the item's owner.
user = db_access.get_user(db, item.owner_id)
# Set the title of the page to show the user where they are.
response.title = item.name
# Create a link to the user's profile.
user_link = A(user.username, _href=URL('collection', 'index', vars={'id': user.id}))
# Set the subtitle to say who owns the item.
if item.on_wishlist:
response.subtitle = 'On {user}\'s wishlist'.format(user=user_link)
else:
response.subtitle = 'Owned by {user}'.format(user=user_link)
# The action buttons depend on whether the item belongs to the logged-in
# user. They shouldn't be able to delete or edit someone else's item.
if item.owner_id == auth.user_id:
# Add buttons to the top of the page to edit and delete the item.
page_actions = [
('Edit', URL('item', 'edit', vars={'id': item.id}), 'pencil'),
('Delete', URL('item', 'confirm_delete', vars={'id': item.id}), 'trash')
]
else:
# Add a button to request a trade with the current item. This is shown
# even if no user is logged in, so that people don't get confused by
# there being no way to actually trade things. The create trade screen
# will ask for a login anyway.
page_actions = [
('Request Trade', URL('trade', 'request_item', vars={'id': item.id}), 'transfer')
]
return dict(item=item, user=user, page_actions=page_actions)
def delete():
"""
Actually delete an item after they user confirms they want to.
"""
requested_id = request.vars.get('id')
# Sometimes web2py is an idiot and returns the id as a list of one item.
if type(requested_id) == type([]):
item_id = requested_id[0]
else:
item_id = requested_id
# Check that an ID was passed in, and show a 404 error if not.
try:
item_id = int(item_id)
except ValueError as error:
redirect(URL('error', 'not_found', args='item'))
# Retrieve the item from the database.
item = db_access.get_item(db, item_id)
# Check that the item actually exists.
if item is None:
redirect(URL('error', 'not_found', args='item'))
# Check if the item belongs to the logged in user.
if auth.user_id != item.owner_id:
redirect(URL('error', 'private', vars={'edit': 'true'}))
# Set the title of the page.
response.title = 'Deleted'
# See if the item is currently involved in any unfinished trades.
trades = db_access.find_trades_containing_item(db, item_id)
finished_trades = [trade for trade in trades if not trade.finished]
num_trades = len(finished_trades)
# Actually delete the item.
db_access.delete_item(db, item_id)
return dict(item=item, num_trades=num_trades)
def edit():
"""
Display a form for a logged-in user to edit their own item.
"""
requested_id = request.vars.get('id')
# Sometimes web2py is an idiot and returns the id as a list of one item.
if type(requested_id) == type([]):
item_id = requested_id[0]
else:
item_id = requested_id
# Check that an ID was passed in, and show a 404 error if not.
try:
item_id = int(item_id)
except ValueError as error:
redirect(URL('error', 'not_found', args='item'))
# Retrieve the item from the database.
item = db_access.get_item(db, item_id)
# Check that the item actually exists.
if item is None:
redirect(URL('error', 'not_found', args='item'))
# Check if the item belongs to the logged in user.
if auth.user_id != item.owner_id:
redirect(URL('error', 'private', args='item', vars={'edit': 'true'}))
# Set the title of the page.
response.title = 'Edit Item'
# Create an item editing form, passing in the ID of the item to set the
# values of the form, and to put the SQLFORM into update mode.
form = item_edit_form(db, auth.user_id, category=item.category, item_id=item.id,
private=item.private, on_wishlist=item.on_wishlist,
submit_button='Save Changes')
# Validate and process the form.
if form.process(onvalidation=validate_item_form_for_edit).accepted:
# Fill in the missing fields in the item, which were not
# set by the SQLFORM because the fields weren't in the list.
category = form.vars.get('category')
# Note that the privacy and wishlist checks here are more complicated
# than in add() - this is because for some reason if you don't click
# any of the buttons, web2py sets its value to an empty string, which
# would make the value wrong when checking against "private" or "wishlist".
form_privacy = form.vars.get('item-privacy')
if form_privacy is not None and form_privacy in ['public', 'private']:
privacy = form_privacy
private = privacy == 'private'
else:
private = item.private
form_list = form.vars.get('item-list')
if form_list is not None and form_list in ['owned', 'wishlist']:
wishlist = form_list
on_wishlist = wishlist == 'wishlist'
else:
on_wishlist = item.on_wishlist
db_access.update_item(db, item.id, category=category,
private=private, on_wishlist=on_wishlist)
# Return to the item's page.
redirect(URL('item', 'index', vars={'id': item.id}))
return dict(form=form)
