def gconnect():
if request.args.get('state') != login_session['state']:
return json_response('Invalid state parameter', 400)
authorization_code = request.data
try:
credentials = upgrade_to_credentials(authorization_code)
except FlowExchangeError:
return json_response('Failed to upgrade the authorization code.', 401)
access_token_info = token_info(credentials.access_token)
if access_token_info.get('error') is not None:
error = access_token_info.get('error')
return json_response(error, 500)
gplus_id = credentials.id_token['sub']
if access_token_info['user_id'] != gplus_id:
return json_response("Token's user ID doesn't match given user ID.", 401)
if access_token_info['issued_to'] != CLIENT_ID:
return json_response("Token's client ID does not match this app.", 401)
if is_already_logged_in(login_session):
return json_response("Current user is already connected.", 401)
user_info = get_user_info(credentials.access_token)
update_login_session(login_session, credentials, gplus_id, user_info)
db_update_user(session, login_session)
flash("You are now logged in as %s" % login_session['username'])
return '<html></html>'
def show_items_in_category(category_id):
category = db_category(session, category_id)
items = db_items_in_category(session, category_id)
return render_template('category.html',
category=category,
items=items,
is_logged_in=is_already_logged_in(login_session))
def catalog():
categories = db_categories(session)
latest_items = db_latest_items(session)
return render_template('catalog.html',
categories=categories,
latest_items=latest_items,
is_logged_in=is_already_logged_in(login_session))
def gconnect():
if request.args.get('state') != login_session['state']:
return json_response('Invalid state parameter', 400)
authorization_code = request.data
try:
credentials = upgrade_to_credentials(authorization_code)
except FlowExchangeError:
return json_response('Failed to upgrade the authorization code.', 401)
access_token_info = token_info(credentials.access_token)
if access_token_info.get('error') is not None:
error = access_token_info.get('error')
return json_response(error, 500)
gplus_id = credentials.id_token['sub']
if access_token_info['user_id'] != gplus_id:
return json_response("Token's user ID doesn't match given user ID.",
401)
if access_token_info['issued_to'] != CLIENT_ID:
return json_response("Token's client ID does not match this app.", 401)
if is_already_logged_in(login_session):
return json_response("Current user is already connected.", 401)
user_info = get_user_info(credentials.access_token)
update_login_session(login_session, credentials, gplus_id, user_info)
db_update_user(session, login_session)
flash("You are now logged in as %s" % login_session['username'])
return '<html></html>'
def delete_item(category_id, item_id):
if request.method == 'POST':
item = db_item(session, item_id)
if item and is_logged_in_as_owner(login_session, item.user_id):
db_delete_item(session, item)
return redirect(
url_for('show_items_in_category', category_id=category_id))
else:
# problem with item, try again
return redirect(
url_for('delete_item',
category_id=category_id,
item_id=item_id))
else:
category = db_category(session, category_id)
item = db_item(session, item_id)
if is_logged_in_as_owner(login_session, item):
return render_template(
'deleteitem.html',
category=category,
item=item,
is_logged_in=is_already_logged_in(login_session))
else:
flash(
"To delete an item, you must first be logged as the item's owner."
)
return redirect(url_for('showLogin'))
def edit_item(category_id, item_id):
if request.method == 'POST':
item_from_database = db_item(session, item_id)
item_from_form = item_from_request_post(request)
if item_from_form and is_logged_in_as_owner(
login_session, item_from_database.user_id):
item_from_database.name = item_from_form.name
item_from_database.description = item_from_form.description
session.commit()
return redirect(
url_for('show_items_in_category', category_id=category_id))
else:
# problem with item, try again
return redirect(
url_for('edit_item', category_id=category_id, item_id=item_id))
else:
category = db_category(session, category_id)
item = db_item(session, item_id)
if is_logged_in_as_owner(login_session, item):
cancel_url = '/catalog/category/' + str(
item.category_id) + '/item/' + str(item_id)
return render_template(
'edititem.html',
category=category,
item=item,
cancel_url=cancel_url,
is_logged_in=is_already_logged_in(login_session))
else:
flash(
"To edit an item, you must first be logged in as the item's owner."
)
return redirect(url_for('showLogin'))
def add_item(category_id):
if request.method == 'POST':
item = item_from_request_post(request)
if item and is_already_logged_in(login_session):
item.category_id = category_id
item.user_id = login_session['id']
db_save_item(session, item)
return redirect(url_for('show_items_in_category', category_id=category_id))
else:
# problem with item, try again
return redirect(url_for('add_item', category_id=category_id))
else:
if is_already_logged_in(login_session):
category = db_category(session, category_id)
return render_template('additem.html', category=category)
else:
flash("To add an item, you must first log in.")
return redirect(url_for('showLogin'))
def show_item(category_id, item_id):
category = db_category(session, category_id)
item = db_item(session, item_id)
return render_template('item.html',
category=category,
item=item,
is_logged_in=is_already_logged_in(login_session),
is_logged_in_owner=is_logged_in_as_owner(
login_session, item.user_id))
def add_item(category_id):
if request.method == 'POST':
item = item_from_request_post(request)
if item and is_already_logged_in(login_session):
item.category_id = category_id
item.user_id = login_session['id']
db_save_item(session, item)
return redirect(
url_for('show_items_in_category', category_id=category_id))
else:
return redirect(url_for('add_item', category_id=category_id))
else:
if is_already_logged_in(login_session):
category = db_category(session, category_id)
return render_template('additem.html', category=category)
else:
flash("To add an item, you must first log in.")
return redirect(url_for('showLogin'))
def delete_item(category_id, item_id):
if request.method == 'POST':
item = db_item(session, item_id)
if item and is_logged_in_as_owner(login_session, item.user_id):
db_delete_item(session, item)
return redirect(url_for('show_items_in_category', category_id=category_id))
else:
# problem with item, try again
return redirect(url_for('delete_item', category_id=category_id, item_id=item_id))
else:
category = db_category(session, category_id)
item = db_item(session, item_id)
if is_logged_in_as_owner(login_session, item):
return render_template('deleteitem.html', category=category, item=item,
is_logged_in=is_already_logged_in(login_session))
else:
flash("To delete an item, you must first be logged as the item's owner.")
return redirect(url_for('showLogin'))
def edit_item(category_id, item_id):
if request.method == 'POST':
item_from_database = db_item(session, item_id)
item_from_form = item_from_request_post(request)
if item_from_form and is_logged_in_as_owner(login_session, item_from_database.user_id):
item_from_database.name = item_from_form.name
item_from_database.description = item_from_form.description
session.commit()
return redirect(url_for('show_items_in_category', category_id=category_id))
else:
# problem with item, try again
return redirect(url_for('edit_item', category_id=category_id, item_id=item_id))
else:
category = db_category(session, category_id)
item = db_item(session, item_id)
if is_logged_in_as_owner(login_session, item):
cancel_url = '/catalog/category/' + str(item.category_id) + '/item/' + str(item_id)
return render_template('edititem.html', category=category, item=item, cancel_url=cancel_url,
is_logged_in=is_already_logged_in(login_session))
else:
flash("To edit an item, you must first be logged in as the item's owner.")
return redirect(url_for('showLogin'))
def show_item(category_id, item_id):
category = db_category(session, category_id)
item = db_item(session, item_id)
return render_template('item.html', category=category, item=item,
is_logged_in=is_already_logged_in(login_session),
is_logged_in_owner=is_logged_in_as_owner(login_session, item.user_id))
def show_items_in_category(category_id):
category = db_category(session, category_id)
items = db_items_in_category(session, category_id)
return render_template('category.html', category=category, items=items,
is_logged_in=is_already_logged_in(login_session))
def catalog():
categories = db_categories(session)
latest_items = db_latest_items(session)
return render_template('catalog.html', categories=categories, latest_items=latest_items,
is_logged_in=is_already_logged_in(login_session))
