def category(category_name): '''Shows categories and all items in a selected category''' category_id = db.get_category_id_by_name(category_name) items = db.get_items_by_category_id(category_id) categories = db.get_categories() num_items = len(items) items_string = 'items' if (num_items == 1): items_string = 'item' (state, logged_in, username) = gplus.get_login_state() data = { 'category_name': category_name, 'categories': [category.name for category in categories], 'items': [[db.get_category_name_by_id(item.category_id), item.name] for item in items], #NOQA 'num_items': num_items, 'items_string': items_string, 'state': state, 'logged_in': logged_in, 'username': username } return render_template('category.html', data = data)
def delete_item(item_name): '''Allows a logged-in user to delete an item they created''' # Ensure there is a user logged in: if not gplus.is_logged_in(): return redirect('/') # Ensure the item being edited exists: query = db.session.query(Item).filter_by(name = item_name) if not db.session.query(query.exists()): return redirect('/') # Ensure the logged-in user owns this item: item = query.one() if item.user_id != login_session['user_id']: return redirect('/') if request.method == 'POST': category_id = item.category_id category_name = db.get_category_name_by_id(category_id) db.session.delete(item) return redirect('/catalog/%s/items' % category_name) elif request.method == 'GET': (state, logged_in, username) = gplus.get_login_state() data = { 'item_name': item_name, 'state': state, 'logged_in': logged_in, 'username': username } return render_template('delete.html', data = data)
def category(category_name): '''Shows categories and all items in a selected category''' category_id = db.get_category_id_by_name(category_name) items = db.get_items_by_category_id(category_id) categories = db.get_categories() num_items = len(items) items_string = 'items' if (num_items == 1): items_string = 'item' (state, logged_in, username) = gplus.get_login_state() data = { 'category_name': category_name, 'categories': [category.name for category in categories], 'items': [[db.get_category_name_by_id(item.category_id), item.name] for item in items], #NOQA 'num_items': num_items, 'items_string': items_string, 'state': state, 'logged_in': logged_in, 'username': username } return render_template('category.html', data=data)
def delete_item(item_name): '''Allows a logged-in user to delete an item they created''' # Ensure there is a user logged in: if not gplus.is_logged_in(): return redirect('/') # Ensure the item being edited exists: query = db.session.query(Item).filter_by(name=item_name) if not db.session.query(query.exists()): return redirect('/') # Ensure the logged-in user owns this item: item = query.one() if item.user_id != login_session['user_id']: return redirect('/') if request.method == 'POST': category_id = item.category_id category_name = db.get_category_name_by_id(category_id) db.session.delete(item) return redirect('/catalog/%s/items' % category_name) elif request.method == 'GET': (state, logged_in, username) = gplus.get_login_state() data = { 'item_name': item_name, 'state': state, 'logged_in': logged_in, 'username': username } return render_template('delete.html', data=data)
def index(): '''Shows categories and latest items''' categories = db.get_categories() categories = [category.name for category in categories] items = db.get_items() latest_items = [[item.name, db.get_category_name_by_id(item.category_id)] for item in items] #NOQA (state, logged_in, username) = gplus.get_login_state() data = { 'categories': categories, 'latest_items': latest_items, 'state': state, 'logged_in': logged_in, 'username': username } return render_template('index.html', data = data)
def index(): '''Shows categories and latest items''' categories = db.get_categories() categories = [category.name for category in categories] items = db.get_items() latest_items = [[item.name, db.get_category_name_by_id(item.category_id)] for item in items] #NOQA (state, logged_in, username) = gplus.get_login_state() data = { 'categories': categories, 'latest_items': latest_items, 'state': state, 'logged_in': logged_in, 'username': username } return render_template('index.html', data=data)
def gconnect(): if is_logged_in(): categories = db.get_categories() categories = [category.name for category in categories] latest_items = db.get_items() latest_items = [[item.name, db.get_category_name_by_id(item.category_id)] for item in latest_items] #NOQA data = { 'categories': categories, 'latest_items': latest_items, 'logged_in': True, 'username': views.login_session['username'] } return render_template('index.html', data = data) if request.args.get('state') != views.login_session['state']: response = make_response(views.json.dumps('Invalid state paremeter'), 401) response.headers['Content-Type'] = 'application/json' return response code = request.data try: # Upgrade the authorization code into a credentials object oauth_flow = views.flow_from_clientsecrets('client_secrets.json', scope='') oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(code) except views.FlowExchangeError: response = make_response(views.json.dumps('Failed to upgrade the authorization code.'), 401) #NOQA response.headers['Content-Type'] = 'application/json' return response # Check that the access token is valid: access_token = credentials.access_token url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) #NOQA http = httplib2.Http() result = views.json.loads(http.request(url, 'GET')[1]) # If there was an error in the access token info, abort. if result.get('error') is not None: response = make_response(views.json.dumps(result.get('error')), 500) response.headers['Content-Type'] = 'application/json' # Verify that the access token is used for the intended user: gplus_id = credentials.id_token['sub'] if result['user_id'] != gplus_id: response = make_response("Token's user ID doesn't match given user ID.", 401) #NOQA response.headers['Content-Type'] = 'application/json' return response # Verify that the access token is valid for this app: if result['issued_to'] != views.CLIENT_ID: response = make_response(views.json.dumps("Token's client ID does not match app's."), 401) #NOQA print("Token's client ID does not match app's.") response.headers['Content-Type'] = 'application/json' return response # Check to see if user is already logged in stored_credentials = views.login_session.get('credentials') stored_gplus_id = views.login_session.get('gplus_id') if stored_credentials is not None and gplus_id == stored_gplus_id: response = make_response(views.json.dumps("Current user is already connected."), 200) #NOQA response.headers['Content-Type'] = 'application/json' # Get user info userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo' params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params = params) data = views.json.loads(answer.text) # Store the access token in the session for later use. views.login_session['credentials'] = credentials.access_token views.login_session['gplus_id'] = gplus_id views.login_session['username'] = data['name'] # Add a new user if this user doesn't already exist user_id = db.get_user_id_by_name(data['name']) if not user_id: user_id = db.create_user(views.login_session) views.login_session['user_id'] = user_id return redirect('/')
def gconnect(): if is_logged_in(): categories = db.get_categories() categories = [category.name for category in categories] latest_items = db.get_items() latest_items = [[ item.name, db.get_category_name_by_id(item.category_id) ] for item in latest_items] #NOQA data = { 'categories': categories, 'latest_items': latest_items, 'logged_in': True, 'username': views.login_session['username'] } return render_template('index.html', data=data) if request.args.get('state') != views.login_session['state']: response = make_response(views.json.dumps('Invalid state paremeter'), 401) response.headers['Content-Type'] = 'application/json' return response code = request.data try: # Upgrade the authorization code into a credentials object oauth_flow = views.flow_from_clientsecrets('client_secrets.json', scope='') oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(code) except views.FlowExchangeError: response = make_response( views.json.dumps('Failed to upgrade the authorization code.'), 401) #NOQA response.headers['Content-Type'] = 'application/json' return response # Check that the access token is valid: access_token = credentials.access_token url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) #NOQA http = httplib2.Http() result = views.json.loads(http.request(url, 'GET')[1]) # If there was an error in the access token info, abort. if result.get('error') is not None: response = make_response(views.json.dumps(result.get('error')), 500) response.headers['Content-Type'] = 'application/json' # Verify that the access token is used for the intended user: gplus_id = credentials.id_token['sub'] if result['user_id'] != gplus_id: response = make_response( "Token's user ID doesn't match given user ID.", 401) #NOQA response.headers['Content-Type'] = 'application/json' return response # Verify that the access token is valid for this app: if result['issued_to'] != views.CLIENT_ID: response = make_response( views.json.dumps("Token's client ID does not match app's."), 401) #NOQA print("Token's client ID does not match app's.") response.headers['Content-Type'] = 'application/json' return response # Check to see if user is already logged in stored_credentials = views.login_session.get('credentials') stored_gplus_id = views.login_session.get('gplus_id') if stored_credentials is not None and gplus_id == stored_gplus_id: response = make_response( views.json.dumps("Current user is already connected."), 200) #NOQA response.headers['Content-Type'] = 'application/json' # Get user info userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo' params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params=params) data = views.json.loads(answer.text) # Store the access token in the session for later use. views.login_session['credentials'] = credentials.access_token views.login_session['gplus_id'] = gplus_id views.login_session['username'] = data['name'] # Add a new user if this user doesn't already exist user_id = db.get_user_id_by_name(data['name']) if not user_id: user_id = db.create_user(views.login_session) views.login_session['user_id'] = user_id return redirect('/')