def deleteUser(user_id):
user = getUserInfo(user_id)
if request.method == 'GET':
return render_template('deleteuser.html', user=user)
session.delete(user)
session.commit()
flash("Successfully deleted user")
return redirect(url_for('logout'))
def deleteCategory(category_id):
category = getCategoryInfo(category_id)
# we still need to check for the emptiness of the category so we may
# protect categories that are not empty from deletion
if not category.items:
if request.method == 'GET':
return render_template('deletecategory.html', category=category)
else:
session.delete(category)
session.commit()
flash("Successfully deleted category %s" % category.title)
return redirect(url_for('index'))
flash("A category may only be deleted if it doesn't have any items")
return redirect(url_for('showCategory', category_id=category.id))
def deleteItem(category_id, item_id):
item = getItemInfo(item_id)
category = getCategoryInfo(category_id)
if request.method == 'GET':
return render_template(
'deleteitem.html',
category=category,
item=item
)
else:
# Before deleting the item from the db, we delete it's picture file
deleteItemPicture(item.picture)
session.delete(item)
session.commit()
flash("Successfully deleted item %s" % item.title)
return redirect(url_for('showCategory', category_id=category.id))
def deleteItem(item_id):
"""
GET /item/item id/delete:
Render an delete item form page
POST /item/item id/delete:
Delete the selected item from database
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
if request.method == "GET":
# Only authorized user can see a delete item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
item = Item.get_by_id(session, item_id)
return render_template('delete_item.html', item=item, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get('Authorization')
# Get item to delete
item = Item.get_by_id(session, item_id)
# Only authorized user can delete this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Only authorized user can delete an item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
session.delete(item)
session.commit()
response = make_response(
json.dumps({
"message": "The item was successfully deleted.",
"redirect": url_for('basic.showMain')
}), 200
)
response.headers['Content-Type'] = 'application/json'
return response
def deleteItem(item_id):
"""
GET /item/item id/delete:
Render an delete item form page
POST /item/item id/delete:
Delete the selected item from database
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
if request.method == "GET":
# Only authorized user can see a delete item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
item = Item.get_by_id(session, item_id)
return render_template("delete_item.html", item=item, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get("Authorization")
# Get item to delete
item = Item.get_by_id(session, item_id)
# Only authorized user can delete this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
# Only authorized user can delete an item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
session.delete(item)
session.commit()
response = make_response(
json.dumps({"message": "The item was successfully deleted.", "redirect": url_for("basic.showMain")}), 200
)
response.headers["Content-Type"] = "application/json"
return response
