def deleteCategory(category_id):
""" View function for deleting category. Performs CSFR validation"""
if request.method == 'POST':
csfr_delete_token = request.form.get('_csrf_delete_token')
validate_delete_csfr(csfr_delete_token)
category = db_session.query(Category).filter_by(id=category_id).first()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], category.picture))
items = db_session.query(Item).filter_by(category_id=category_id).all()
for i in items:
item_id = i.id
db_session.delete(i)
db_session.commit()
pictures = db_session.query(Picture).filter_by(
item_id=item_id).all()
for p in pictures:
db_session.delete(p)
db_session.commit()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], p.name))
likes = db_session.query(Like).filter_by(
item_id=item_id, category_id=category_id).all()
for l in likes:
db_session.delete(l)
db_session.commit()
db_session.delete(category)
db_session.commit()
return redirect(url_for('showCategory'))
def viewItem(category_id, item_id):
""" View function for displaying item"""
category = check_category(category_id)
if category is None:
flash('Could not find the category')
return redirect(url_for('errorNotFound'))
item = check_item(item_id, category_id)
if item is None:
flash('Could not find the item')
return redirect(url_for('errorNotFound'))
likes = db_session.query(Like).filter_by(category_id=item.category.id,
item_id=item.id).count()
if session.get('user_id'):
liked = db_session.query(Like).filter_by(
category_id=item.category.id,
item_id=item.id,
user_id=session.get('user_id')).first()
else:
liked = False
pictures = db_session.query(Picture.name).filter_by(
item_id=item.id).order_by(Picture.id.desc()).all()
if pictures == []:
default_picture = "sample_image.jpg"
else:
default_picture = pictures[0].name
return render_template('viewitem.html',
item=item,
pictures=pictures,
default_picture=default_picture,
liked=liked,
likes=likes)
def viewCategory(category_id):
"""View Function that returns details (Items) for a category """
category = check_category(category_id)
if category is None:
flash('Could not find the category')
return redirect(url_for('errorNotFound'))
final_items = []
all_items = db_session.query(Item).filter_by(category_id=category_id).all()
for item in all_items:
picture = db_session.query(Picture.name).filter_by(
item_id=item.id).order_by(Picture.id.desc()).first()
if not picture:
picture_name = "sample_image.jpg"
else:
picture_name = picture.name
tmp = {
'id': item.id,
'category_id': item.category_id,
'picture_name': picture_name,
'name': item.name,
'description': item.description,
'time_created': item.time_created
}
final_items.append(tmp)
return render_template('viewcategory.html', items=final_items)
def showRoot():
"""View function for '/' and '/hot' URL. Displays most liked 8 items"""
most_liked = db_session.query(
Like.item_id,
func.count(Like.item_id).label('item_count')).group_by(
Like.item_id).order_by('item_count DESC').limit(8).all()
hot_items = [
db_session.query(Item).filter_by(id=id[0]).one() for id in most_liked
]
final_items = []
for item in hot_items:
picture = db_session.query(Picture.name).filter_by(
item_id=item.id).order_by(Picture.id.desc()).first()
if not picture:
picture_name = "sample_image.jpg"
else:
picture_name = picture.name
tmp = {
'id': item.id,
'category_id': item.category_id,
'picture_name': picture_name,
'name': item.name,
'description': item.description,
'time_created': item.time_created
}
final_items.append(tmp)
return render_template('root.html', items=final_items)
def createUser(session):
newUser = User(name=session['username'],
email=session['email'],
picture=session['picture'])
db_session.add(newUser)
db_session.commit()
user = db_session.query(User).filter_by(email=session['email']).one()
return user.id
def addImage(category_id, item_id):
""" View function for adding new images to item """
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
pic_num = db_session.query(Picture.id).order_by(
Picture.id.desc()).first()
if pic_num is None:
pic_num = 0
else:
pic_num = pic_num[0]
pic_num += 1
# If file is present, store the meta data in the db and store the image in the file directory
if file and allowed_file(file.filename):
item = check_item(item_id, category_id)
filename = rename_file(item.name, file.filename,
item.category.name, item_id, pic_num)
new_picture = Picture(name=filename,
item_id=item_id,
user_id=session['user_id'])
db_session.add(new_picture)
db_session.commit()
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('Picture upload successful')
return redirect(
url_for('viewItem',
item_id=item_id,
category_id=item.category.id))
else:
flash('Invalid file format')
return redirect(request.url)
else:
category = check_category(category_id)
if category is None:
flash('We could not find that category')
return redirect(url_for('errorNotFound'))
item = check_item(item_id, category_id)
if item is None:
flash('We could not find that item')
return redirect(url_for('errorNotFound'))
return render_template('addimage.html',
item_id=item_id,
category_id=category_id)
def editCategory(category_id):
""" View function for editing category. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
if file.filename == '':
flash('No selected file')
return redirect(request.url)
categories = db_session.query(Category).all()
if file and allowed_file(file.filename):
filename = rename_file(catName, file.filename)
print filename
#user = db_session.query(User).filter_by(id=session['user_id']).one()
category = db_session.query(Category).filter_by(
id=category_id).one()
category.name = catName
old_filename = category.picture
category.picture = filename
db_session.add(category)
db_session.commit()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], old_filename))
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('Category %s edited!' % catName)
return render_template('category.html', categories=categories)
category = db_session.query(Category).filter_by(id=category_id).one()
category.name = catName
db_session.add(category)
db_session.commit()
return render_template('category.html', categories=categories)
app.jinja_env.globals['csrf_token'] = generate_csrf_token
app.jinja_env.globals['csrf_delete_token'] = generate_csrf_delete_token
category = db_session.query(Category).filter_by(id=category_id).one()
print category.name
return render_template('editcategory.html', category=category)
def viewItemJSON(category_id, item_id):
category = check_category(category_id)
if category is None:
return jsonify(error=[{'e_response': "No Category Found"}])
item = check_item(item_id, category_id)
if item is None:
return jsonify(error=[{'e_response': "No Items Found"}])
pictures = db_session.query(Picture).filter_by(item_id=item.id).order_by(
Picture.id.desc()).all()
return jsonify(Items=[item.serialize],
Pictures=[p.serialize for p in pictures])
def ajaxLike(): """ Ajax request handler for validating and updating database for likes on items""" if request.method == 'POST': new_like = Like(category_id= request.json['category_id'], item_id= request.json['item_id'], user_id=request.json['user_id'] ) if request.json['status'] != "None": exsisting_like = db_session.query(Like).filter_by(category_id= request.json['category_id'], item_id= request.json['item_id'], user_id=request.json['user_id']).first() db_session.delete(exsisting_like) db_session.commit() return 'Deleted' db_session.add(new_like) db_session.commit() return 'Liked'
def editItem(category_id, item_id):
""" View function for editing Item. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
itemName = request.form.get('itemName')
itemDescription = request.form.get('itemDescription')
item = db_session.query(Item).filter_by(
id=item_id, category_id=category_id).first()
item.name = itemName
item.description = itemDescription
db_session.add(item)
db_session.commit()
return redirect(
url_for('viewItem', item_id=item_id, category_id=category_id))
app.jinja_env.globals['csrf_token'] = generate_csrf_token
app.jinja_env.globals['csrf_delete_token'] = generate_csrf_delete_token
item = db_session.query(Item).filter_by(id=item_id,
category_id=category_id).first()
return render_template('edititem.html', item=item)
def deleteItemImage(image):
""" View function for deleting item images"""
picture = db_session.query(Picture).filter_by(name=image).first()
if not picture:
flash('Could not find the image')
return redirect(url_for('errorNotFound'))
if session.get('user_id') == picture.item.user_id:
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], picture.name))
db_session.delete(picture)
db_session.commit()
return redirect(
url_for('viewItem',
category_id=picture.item.category_id,
item_id=picture.item.id))
else:
return redirect(
url_for('viewItem',
category_id=picture.item.category_id,
item_id=picture.item.id))
return redirect(url_for('showCategory'))
def viewCategoryJSON(category_id):
category = check_category(category_id)
if category is None:
return jsonify(error=[{'e_response': "No Category Found"}])
all_items = db_session.query(Item).filter_by(category_id=category_id).all()
return jsonify(CategorylItems=[i.serialize for i in all_items])
def newItem():
""" View function to create new Item. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
itemName = request.form.get('itemName')
itemDescription = request.form.get('itemDescription')
# Field validations are already performed at client side with JS
# Catches empty field value in case of forged post request
if not catName or not itemName or not itemDescription:
return redirect(request.url)
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if not itemName:
return redirect(request.url)
# Find the id of next item and its image in db and use it in rename the file
# accordingly for storage
item_id = db_session.query(Item.id).order_by(Item.id.desc()).first()
pic_num = db_session.query(Picture.id).order_by(
Picture.id.desc()).first()
if item_id is None:
item_id = 0
else:
item_id = item_id[0]
if pic_num is None:
pic_num = 0
else:
pic_num = pic_num[0]
item_id += 1
pic_num += 1
print item_id, pic_num
if file:
if allowed_file(file.filename):
filename = rename_file(itemName, file.filename, catName,
item_id, pic_num)
category = db_session.query(
Category.id).filter_by(name=catName).one()
new_item = Item(name=itemName,
description=itemDescription,
category_id=category.id,
user_id=session['user_id'])
db_session.add(new_item)
db_session.commit()
new_picture = Picture(name=filename,
item_id=new_item.id,
user_id=session['user_id'])
db_session.add(new_picture)
db_session.commit()
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('New Item %s added!' % itemName)
return redirect(url_for('showCategory'))
else:
flash("Invalid format")
return redirect(request.url)
else:
category = db_session.query(
Category.id).filter_by(name=catName).one()
new_item = Item(name=itemName,
description=itemDescription,
category_id=category.id,
user_id=session['user_id'])
db_session.add(new_item)
db_session.commit()
flash('New Item %s added!' % itemName)
return redirect(url_for('showCategory'))
else:
app.jinja_env.globals['csrf_token'] = generate_csrf_token
categories = db_session.query(Category.name).all()
# To make this list JSON serializable for autocomplete functionality in template
categories = [category[0] for category in categories]
return render_template('newitem.html', categories=categories)
def showCategoryJSON():
categories = db_session.query(Category).all()
return jsonify(Categories=[c.serialize for c in categories])
def showCategory():
""" View function for showing different categories"""
categories = db_session.query(Category).all()
return render_template('category.html', categories=categories)
def getUserID(email):
try:
user = db_session.query(User).filter_by(email=email).one()
return user.id
except:
return None
def getUserInfo(user_id):
user = db_session.query(User).filter_by(id=user_id).one()
return user
