def delete_item_by_id(category_id, item_id):
"""
HTML endpoint providing a form to delete an item
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to delete an item')
return redirect('/login')
item = session.query(Item).filter_by(id=item_id).one()
# Users may delete only items they created
if not Permissions.get_user_permissions_for_item(item).delete:
flash('you may delete only items you created')
return redirect(url_for('get_category_by_id', category_id=category_id))
if request.method == 'POST':
session.delete(item)
session.commit()
flash('item deleted')
return redirect(url_for('get_category_by_id', category_id=category_id))
else:
category = session.query(Category).filter_by(id=category_id).one()
return UserUtils.render_user_template('item_delete.html',
category=category,
category_id=category_id,
item=item,
page_title="%s %s Item" %
("Delete", item.title))
def update_item_by_id(category_id, item_id):
"""
HTML endpoint providing a form to edit an item
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to edit an item')
return redirect('/login')
item = session.query(Item).filter_by(id=item_id).one()
# Users may update only items they created
if not Permissions.get_user_permissions_for_item(item).update:
flash('you may edit only items you created')
return redirect(url_for('get_category_by_id', category_id=category_id))
category = session.query(Category).filter_by(id=category_id).one()
if request.method == 'POST':
# Extract and validate the form inputs
(title, title_error) = \
extract_and_validate_item_title(request.form)
(description, description_error) = \
extract_and_validate_item_description(request.form)
if title_error or description_error:
return UserUtils.render_user_template(
'item_update.html',
category=category,
category_id=category_id,
item=item,
page_title="%s %s Item" % ("Edit", item.title),
title=title,
title_error=title_error,
description=description,
description_error=description_error)
# Create the item in the data store
item.title = title
item.description = description
session.add(item)
session.commit()
flash('item updated')
return redirect(url_for('get_category_by_id', category_id=category_id))
else:
return UserUtils.render_user_template('item_update.html',
category=category,
category_id=category_id,
item=item,
page_title="%s %s Item" %
("Edit", item.title),
title=item.title,
description=item.description)
def get_item_by_id(category_id, item_id):
"""
HTML endpoint providing details for a given item within a category
"""
category = session.query(Category).filter_by(id=category_id).one()
item = session.query(Item).filter_by(id=item_id).one()
return UserUtils.render_user_template(
'item_read.html',
category=category,
category_id=category_id,
item=item,
page_title="%s Item" % item.title,
can=Permissions.get_user_permissions_for_item(item))
