def edit_item(category_name, item_name): category = session.query(Category).filter_by(name=category_name).one() edited_item = session.query(Item).filter_by(name=item_name, category_id=category.id).one() # Authorisation - check if current user can edit the item # Only a user who created an item can edit/delete it user_id = get_user_id(login_session['email']) if edited_item.user_id != user_id: message = json.dumps('You are not allowed to edit the item') response = make_response(message, 403) response.headers['Content-Type'] = 'application/json' return response # Post method if request.method == 'POST': if request.form['name']: edited_item.name = request.form['name'] if request.form['description']: edited_item.description = request.form['description'] if request.form['category']: category = session.query(Category).filter_by(name=request.form ['category']).one() edited_item.category = category session.add(edited_item) session.commit() return redirect(url_for('show_category', category_name=edited_item.category.name)) else: categories = session.query(Category).all() return render_template('edit_page.html', item=edited_item, categories=categories)
def createUser(login_session): newUser = User(username=login_session['username'], email=login_session['email'], picture=login_session['picture']) session.add(newUser) session.commit() user = session.query(User).filter_by(email=login_session['email']).one() return user.id
def create_user(login_session): """ User helper functions Creates a new user in our db """ new_user = User(name=login_session['username'], email=login_session['email']) session.add(new_user) session.commit() user = session.query(User).filter_by(email=login_session['email']).one() return user.id
def add_category(): form = CategoryForm() categories = session.query(Category).all() if form.validate_on_submit(): name = form.name.data new_category = Category(name=name, user_id=login_session['user_id']) session.add(new_category) session.commit() flash('New Category Added', "flash-success") return redirect(url_for('category_list', cat_id=new_category.id)) return render_template('add_category.html', categories=categories, form=form)
def add_item(): categories = session.query(Category).all() if request.method == 'POST': new_item = Item( name=request.form['name'], description=request.form['description'], category=session.query(Category). filter_by(name=request.form['category']).one(), user_id=login_session['user_id']) session.add(new_item) session.commit() return redirect(url_for('show_catalog')) else: return render_template('add_page.html', categories=categories)
def add_item(cat_id): form = ItemForm() categories = session.query(Category).all() category = session.query(Category).filter_by(id=cat_id).first() if form.validate_on_submit(): new_item = Item(name=form.name.data, description=form.description.data or "No description", category_id=category.id, user_id=login_session['user_id']) print new_item session.add(new_item) session.commit() flash('Item added successfully.', "flash-success") return redirect(url_for('category_list', cat_id=category.id)) return render_template('add_item.html', categories=categories, category=category, form=form)