def remove_item(item_id):
"""
Remove item from data base
:param item_id:
:return string: JSON
"""
item = get_item_by_id(item_id) or None
# check the item exist
if not item:
return jsonify({'error': 'This record don\'t exist'})
# check the user is the owner
if int(item.author) != int(g.user.id):
return jsonify(
{'error': 'You don\'t have permission to delete this record'})
images = get_images_by_item_id(item_id)
# remove images files
for image in images:
path = ''.join([BASE_DIR, image.url])
if os.path.isfile(path):
os.unlink(path)
# remove item and images from database
delete_item(item_id)
remove_images_by_item_id(item_id)
return jsonify({'message': 'Record was deleted'})
def edit_item_handler(catalog_id, item_id):
"""Edits an item in a catalog
Parameters:
- catalog_id: integer id of catalog to which item belongs
- item_id: integer id of item to edit
Returns:
- HTTP response
"""
user = models.get_current_user()
catalog_id = int(catalog_id)
catalog_entity = models.Catalog.get_by_id(catalog_id)
item_id = int(item_id)
item_entity = models.get_item_by_id(catalog_id, item_id)
# Check parameters
if not catalog_entity:
raise BadRequest('Could not find catalog with id %d' % catalog_id)
if not (item_entity):
raise BadRequest('Could not find item with id %d!' % item_id)
if not catalog_entity.user_can_edit(user):
raise Unauthorized
if flask.request.method == 'GET':
# Render edit item form
categories = models.get_categories(catalog_id)
return flask.render_template('edititem.html',
user=user,
catalog=catalog_entity,
categories=categories,
category_id=item_entity.category.id(),
item=item_entity)
elif flask.request.method == 'POST':
# Handle item edit from form
picture_obj = flask.request.files.get('picture')
picture_url = uploadfile.save_file(picture_obj)
try:
price = float(flask.request.form.get('price'))
except:
price = 0.00
# Update entity
item_entity.name = flask.request.form.get('name')
item_entity.description = flask.request.form.get('description')
item_entity.price = price
item_entity.picture = picture_url
# Allow possibility of item without category
category_id = flask.request.form.get('category_id')
if category_id:
category_id = int(category_id)
category_entity = models.get_category_by_id(catalog_id, category_id)
if category_entity:
item_entity.category = category_entity.key
item_entity.put()
models.wait_for(item_entity)
return flask.redirect('/catalog/%d' % catalog_entity.key.id())
def item_page(item_id):
"""
Return item
:param item_id:
:return string: JSON
"""
item = get_item_by_id(item_id)
return jsonify(item.serialize), 200
def get_user_item(car_id):
"""
Return items by user id
:return string: JSON
"""
car = get_item_by_id(car_id)
return jsonify(car.serialize), 200
def show_car(item_id):
"""
Show car page
:param item_id: int
:return:
"""
car = get_item_by_id(item_id)
return render('catalog/car.html', brands=brands, car=car.serialize)
def edit_item(item_id):
"""
Edit item by id
:param item_id:
:return string: JSON
"""
# get item data
_item = dict()
_item['title'] = clean(request.json.get('title'))
_item['model'] = clean(request.json.get('model'))
_item['description'] = clean(request.json.get('description'))
_item['brand'] = request.json.get('brand')
_item['price'] = request.json.get('price')
_item['author'] = int(g.user.id)
# get item
item = get_item_by_id(item_id) or None
# check item exist
if not item:
return jsonify({'error': 'This record don\'t exist'})
# check the user is the owner
if int(item.author) != _item['author']:
return jsonify(
{'error': 'You don\'t have permission to edit the record'})
# Check data
if len(_item['title']) < 5:
return jsonify({'error': 'too short title, minimum 5 characters'}), 206
if len(_item['model']) < 2:
return jsonify({'error': 'too short model, minimum 2 characters'}), 206
if len(_item['description']) < 5:
return jsonify({'error': 'too short description, min 5 symbols'}), 206
# convert data to integer
try:
_item['brand'] = int(_item['brand']['id'])
except TypeError:
return jsonify({'error': 'invalid brand type'}), 206
try:
_item['price'] = int(_item['price'])
except TabError:
return jsonify({'error': 'invalid price type'}), 206
# update item and send response
item = update_item(_item, item_id)
return jsonify(item.serialize), 200
def edit_car(item_id):
"""
Edit item
:param item_id:
:return mix:
"""
# get user
user = get_user_by_id(session['uid'])
# Get car
car = get_item_by_id(item_id)
# Check the user is the owner
if int(session['uid']) != int(car.author):
flash('You don\'t have permission to edit it.', 'error')
return redirect('/profile', 302)
# Get token
token = user.generate_auth_token(3600)
if request.method == 'POST' and request.form['csrf_token'] == csrf_token:
_car = dict()
# cleaning data
try:
_car['description'] = clean(request.form['description'])
_car['title'] = clean(request.form['title'])
_car['model'] = clean(request.form['model'])
_car['price'] = clean(request.form['price'])
_car['brand'] = clean(request.form['brand'])
_car['author'] = session['uid']
except TypeError:
flash('fields can\'t be empty', 'error')
return render('catalog/new_car.html',
brands=brands,
csrf=csrf_token)
# update car, create success message and redirect user
item = update_item(_car, item_id)
flash('Record "%s" was successfully updated' % item.title, 'success')
return redirect('/profile', 302)
return render('catalog/edit_car.html',
brands=brands,
car=car.serialize,
token=token,
user=user.serialize,
csrf_token=csrf_token)
def delete_car(item_id):
"""
Remove car and all images
:param item_id:
:return:
"""
# Get car
car = get_item_by_id(item_id)
# check if the user is the owner
if int(car.author) != int(session['uid']):
# crate a error message and redirect user
flash('You don\'t have permission to remove this object', 'error')
return redirect('/profile', 302)
if request.method == 'POST':
# get images
images = get_images_by_item_id(item_id)
# get title
title = car.title
# remove images files
for image in images:
# get absolute path to image
path = ''.join([BASE_DIR, image.url])
# if file exist remove the image file
if os.path.isfile(path):
os.unlink(path)
# remove images from from database
remove_images_by_item_id(item_id)
# remove data of car from database
delete_item(item_id)
# crate a success message and redirect user
flash('Car: "%s" was removed' % title, 'success')
return redirect('/profile', 302)
return render('catalog/delete_car.html',
brands=brands,
car=car.serialize,
csrf_token=csrf_token)
def delete_item_handler(catalog_id, item_id):
"""Deletes an item in a catalog
Parameters:
- catalog_id: integer id of catalog to which item belongs
- item_id: integer id of item to delete
Returns:
- HTTP response redirecting to catalog page
"""
catalog_id = int(catalog_id)
catalog_entity = models.get_catalog_by_id(catalog_id)
item_id = int(item_id)
item_entity = models.get_item_by_id(catalog_id, item_id)
# Check parameters
if not catalog_entity:
raise BadRequest('Could not find catalog with id %d' % catalog_id)
if not (item_entity):
raise BadRequest('Could not find item with id %d!' % item_id)
if not catalog_entity.user_can_edit(models.get_current_user()):
raise Unauthorized
models.delete_item(catalog_id, item_id)
return flask.redirect('/catalog/%d' % catalog_entity.key.id())
