def gconnect(): if request.args.get('state') != login_session['state']: return json_response('Invalid state parameter', 400) authorization_code = request.data try: credentials = upgrade_to_credentials(authorization_code) except FlowExchangeError: return json_response('Failed to upgrade the authorization code.', 401) access_token_info = token_info(credentials.access_token) if access_token_info.get('error') is not None: error = access_token_info.get('error') return json_response(error, 500) gplus_id = credentials.id_token['sub'] if access_token_info['user_id'] != gplus_id: return json_response("Token's user ID doesn't match given user ID.", 401) if access_token_info['issued_to'] != CLIENT_ID: return json_response("Token's client ID does not match this app.", 401) if is_already_logged_in(login_session): return json_response("Current user is already connected.", 401) user_info = get_user_info(credentials.access_token) update_login_session(login_session, credentials, gplus_id, user_info) db_update_user(session, login_session) flash("You are now logged in as %s" % login_session['username']) return '<html></html>'
def show_items_in_category(category_id): category = db_category(session, category_id) items = db_items_in_category(session, category_id) return render_template('category.html', category=category, items=items, is_logged_in=is_already_logged_in(login_session))
def catalog(): categories = db_categories(session) latest_items = db_latest_items(session) return render_template('catalog.html', categories=categories, latest_items=latest_items, is_logged_in=is_already_logged_in(login_session))
def delete_item(category_id, item_id): if request.method == 'POST': item = db_item(session, item_id) if item and is_logged_in_as_owner(login_session, item.user_id): db_delete_item(session, item) return redirect( url_for('show_items_in_category', category_id=category_id)) else: # problem with item, try again return redirect( url_for('delete_item', category_id=category_id, item_id=item_id)) else: category = db_category(session, category_id) item = db_item(session, item_id) if is_logged_in_as_owner(login_session, item): return render_template( 'deleteitem.html', category=category, item=item, is_logged_in=is_already_logged_in(login_session)) else: flash( "To delete an item, you must first be logged as the item's owner." ) return redirect(url_for('showLogin'))
def edit_item(category_id, item_id): if request.method == 'POST': item_from_database = db_item(session, item_id) item_from_form = item_from_request_post(request) if item_from_form and is_logged_in_as_owner( login_session, item_from_database.user_id): item_from_database.name = item_from_form.name item_from_database.description = item_from_form.description session.commit() return redirect( url_for('show_items_in_category', category_id=category_id)) else: # problem with item, try again return redirect( url_for('edit_item', category_id=category_id, item_id=item_id)) else: category = db_category(session, category_id) item = db_item(session, item_id) if is_logged_in_as_owner(login_session, item): cancel_url = '/catalog/category/' + str( item.category_id) + '/item/' + str(item_id) return render_template( 'edititem.html', category=category, item=item, cancel_url=cancel_url, is_logged_in=is_already_logged_in(login_session)) else: flash( "To edit an item, you must first be logged in as the item's owner." ) return redirect(url_for('showLogin'))
def add_item(category_id): if request.method == 'POST': item = item_from_request_post(request) if item and is_already_logged_in(login_session): item.category_id = category_id item.user_id = login_session['id'] db_save_item(session, item) return redirect(url_for('show_items_in_category', category_id=category_id)) else: # problem with item, try again return redirect(url_for('add_item', category_id=category_id)) else: if is_already_logged_in(login_session): category = db_category(session, category_id) return render_template('additem.html', category=category) else: flash("To add an item, you must first log in.") return redirect(url_for('showLogin'))
def show_item(category_id, item_id): category = db_category(session, category_id) item = db_item(session, item_id) return render_template('item.html', category=category, item=item, is_logged_in=is_already_logged_in(login_session), is_logged_in_owner=is_logged_in_as_owner( login_session, item.user_id))
def add_item(category_id): if request.method == 'POST': item = item_from_request_post(request) if item and is_already_logged_in(login_session): item.category_id = category_id item.user_id = login_session['id'] db_save_item(session, item) return redirect( url_for('show_items_in_category', category_id=category_id)) else: return redirect(url_for('add_item', category_id=category_id)) else: if is_already_logged_in(login_session): category = db_category(session, category_id) return render_template('additem.html', category=category) else: flash("To add an item, you must first log in.") return redirect(url_for('showLogin'))
def delete_item(category_id, item_id): if request.method == 'POST': item = db_item(session, item_id) if item and is_logged_in_as_owner(login_session, item.user_id): db_delete_item(session, item) return redirect(url_for('show_items_in_category', category_id=category_id)) else: # problem with item, try again return redirect(url_for('delete_item', category_id=category_id, item_id=item_id)) else: category = db_category(session, category_id) item = db_item(session, item_id) if is_logged_in_as_owner(login_session, item): return render_template('deleteitem.html', category=category, item=item, is_logged_in=is_already_logged_in(login_session)) else: flash("To delete an item, you must first be logged as the item's owner.") return redirect(url_for('showLogin'))
def edit_item(category_id, item_id): if request.method == 'POST': item_from_database = db_item(session, item_id) item_from_form = item_from_request_post(request) if item_from_form and is_logged_in_as_owner(login_session, item_from_database.user_id): item_from_database.name = item_from_form.name item_from_database.description = item_from_form.description session.commit() return redirect(url_for('show_items_in_category', category_id=category_id)) else: # problem with item, try again return redirect(url_for('edit_item', category_id=category_id, item_id=item_id)) else: category = db_category(session, category_id) item = db_item(session, item_id) if is_logged_in_as_owner(login_session, item): cancel_url = '/catalog/category/' + str(item.category_id) + '/item/' + str(item_id) return render_template('edititem.html', category=category, item=item, cancel_url=cancel_url, is_logged_in=is_already_logged_in(login_session)) else: flash("To edit an item, you must first be logged in as the item's owner.") return redirect(url_for('showLogin'))
def show_item(category_id, item_id): category = db_category(session, category_id) item = db_item(session, item_id) return render_template('item.html', category=category, item=item, is_logged_in=is_already_logged_in(login_session), is_logged_in_owner=is_logged_in_as_owner(login_session, item.user_id))