def show_item(category_name, item_name, type='html'): """Show description of item. Accepts GET method. Does not require authentication. If the optional type parameter is set and is equal to JSON, return a JSON response with item=item_name with category=category_name. Parameters: category_name: category name of item item_name: name of the item """ item = Item.by_name(category_name, item_name) if not item: flash('Could not find item: {}.'.format(item_name)) return redirect('/') categories = Item.get_categories() category_items = Item.by_category(category_name) if type.lower() == 'json': return jsonify(item=item.serialize) return render_template('catalog-item.html', item=item, categories=categories, category_items=category_items)
def edit_item(category_name, item_name): """Edit an item. Accepts GET and POST methods. Redirect to show_item page if user is not authenticated/authorized. Parameters: category_name: category name of item to edit item_name: name of the item to edit """ item = Item.by_name(category_name, item_name) if not item: flash('Could not find item: {}.'.format(item_name)) return redirect('/') if not signed_in(): flash('You must be logged in to edit an item.') return redirect( url_for('catalog.show_item', category_name=item.category, tem_name=item.name)) if not item.is_owned_by(session['user_id']): flash('You do not have permission to edit this item.') return redirect( url_for('catalog.show_item', category_name=item.category, item_name=item.name)) if request.method == 'POST': name = request.form.get('name') description = request.form.get('description') category = request.form.get('category') csrftoken = request.form.get('csrftoken') if csrftoken != session['csrf']: flash('Invalid CSRF token.') elif not name or not description or not category: flash('All fields must be filled.') else: del session['csrf'] item.name = name item.description = description item.category = category flash('Item successfully updated.') return redirect( url_for('catalog.show_item', category_name=item.category, item_name=item.name)) categories = Item.get_categories() category_items = Item.by_category(category_name) session['csrf'] = token() return render_template('catalog-item-edit.html', item=item, categories=categories, category_items=category_items)
def delete_item(category_name, item_name): """Delete an item. Accepts GET and POST methods. Redirect to show_item page if user is not authenticated/authorized. Parameters: category_name: category name of item to delete item_name: name of the item to delete """ item = Item.by_name(category_name, item_name) if not item: flash('Could not find item: {}.'.format(item_name)) return redirect('/') if not signed_in(): flash('You must be logged in to delete an item.') return redirect( url_for('catalog.show_item', category_name=item.category, item_name=item.name)) if not item.is_owned_by(session['user_id']): flash('You do not have permission to delete this item.') return redirect( url_for('catalog.show_item', category_name=item.category, item_name=item.name)) if request.method == 'POST': csrftoken = request.form.get('csrftoken') if csrftoken != session['csrf']: flash('Invalid CSRF token.') else: del session['csrf'] item.delete() flash('Item successfully deleted.') return redirect('/') categories = Item.get_categories() category_items = Item.by_category(category_name) session['csrf'] = token() return render_template('catalog-item-delete.html', item=item, categories=categories, category_items=category_items)