def create_item(): """Add an item. Accepts GET and POST methods. Redirect if user is not signed in. """ if not signed_in(): flash('You must be logged in to add an item.') return redirect(url_for('catalog.full_catalog')) if request.method == 'POST': name = request.form.get('name') description = request.form.get('description') category = request.form.get('category') csrftoken = request.form.get('csrftoken') if csrftoken != session['csrf']: flash('Invalid CSRF token.') elif not name or not description or not category: flash('All fields must be filled.') else: # Everything valid. Create item. del session['csrf'] item = Item.create_item(name, description, category, session['user_id']) if item: flash('Item successfully updated.') return redirect( url_for('catalog.show_item', category_name=item.category, item_name=item.name)) categories = Item.get_categories() session['csrf'] = token() return render_template('catalog-add.html', categories=categories)
Base.metadata.bind = _engine _db_session = sessionmaker(bind=_engine) _session = _db_session() _session.query(User).delete() _session.query(Item).delete() _session.commit() u1 = User.create_user({'name': 'Adam', 'email': '*****@*****.**'}) u2 = User.create_user({'name': 'Bob', 'email': '*****@*****.**'}) u3 = User.create_user({'name': 'Carl', 'email': '*****@*****.**'}) Item.create_item("Stick", "Lorem ipsum dolor sit amet, consectetur adipiscing elit.", "Hockey", u1.id) Item.create_item("Goggles", "Mauris et ante feugiat, laoreet felis id, convallis nunc.", "Snowboarding", u2.id) Item.create_item("Snowboard", "Mauris venenatis turpis non justo scelerisque maximus.", "Snowboarding", u3.id) Item.create_item("Two shinguards", "Mauris placerat ipsum eget ligula facilisis posuere.", "Soccer", u1.id) Item.create_item("Shinguards", "Curabitur cursus mauris vitae tortor varius porta.", "Soccer", u2.id) Item.create_item("Frizbee", "Phasellus suscipit metus ac purus pretium feugiat.",