def edit_catalog_item(category_name, item_id): """Allows the edition of a catalog item. Shows an edit form if is a GET request, and changes the information of the item if is a POST request. You can only edit an item if you were the one that created it or if the item has no owner (gplus_id is None). Args: category_name: Name of the current category. item_id: Id of the item that will be edited. Returns: An html form if its a GET request, or redirects to the item if is a POST request. """ if 'credentials' in flask.session: if not flask.session['credentials']: flask.abort(403) else: flask.abort(403) db_session = database.get_session() prepare_login() item = db_session.query(database.Item).get(item_id) if item is None: flask.abort(404) if flask.request.method == 'GET': try: if (flask.session['gplus_id'] == item.gplus_id): categories = db_session.query(database.Category).all() return flask.render_template('edit_item.html', category_name=category_name, categories=categories, item=item) else: flask.abort(404) except KeyError: flask.abort(401) elif flask.request.method == 'POST': try: if (flask.session['gplus_id'] == item.gplus_id): item.name = flask.request.form['name'] item.description = flask.request.form['description'] filename = file_upload.save_upload() if filename: if item.image: file_upload.delete_upload(item.image) item.image = filename else: flask.abort(403) except KeyError: flask.abort(401) db_session.commit() return flask.redirect( flask.url_for('show_catalog_item', category_name=category_name, item_id=item_id))
def edit_catalog_item(category_name, item_id): """Allows the edition of a catalog item. Shows an edit form if is a GET request, and changes the information of the item if is a POST request. You can only edit an item if you were the one that created it or if the item has no owner (gplus_id is None). Args: category_name: Name of the current category. item_id: Id of the item that will be edited. Returns: An html form if its a GET request, or redirects to the item if is a POST request. """ if 'credentials' in flask.session: if not flask.session['credentials']: flask.abort(403) else: flask.abort(403) db_session = database.get_session() prepare_login() item = db_session.query(database.Item).get(item_id) if item is None: flask.abort(404) if flask.request.method == 'GET': try: if (flask.session['gplus_id'] == item.gplus_id): categories = db_session.query(database.Category).all() return flask.render_template('edit_item.html', category_name=category_name, categories=categories, item=item) else: flask.abort(404) except KeyError: flask.abort(401) elif flask.request.method == 'POST': try: if (flask.session['gplus_id'] == item.gplus_id): item.name = flask.request.form['name'] item.description = flask.request.form['description'] filename = file_upload.save_upload() if filename: if item.image: file_upload.delete_upload(item.image) item.image = filename else: flask.abort(403) except KeyError: flask.abort(401) db_session.commit() return flask.redirect(flask.url_for('show_catalog_item', category_name=category_name, item_id=item_id))
def delete_catalog_item(category_name, item_id): """Allows the deletion of a catalog item. Shows a delete confirmation in a GET request, and deletes the item on a POST request. You can only delete an item if you were the one that created it or if the item has no owner (gplus_id is None). Args: category_name: Name of the current category. item_id: Id of the item that will be deleted. Returns: An html form if its a GET request, or redirects to the item if is a POST request. """ try: if not flask.session['credentials']: flask.abort(403) except KeyError: flask.abort(403) db_session = database.get_session() prepare_login() item = db_session.query(database.Item).get(item_id) if item is None: flask.abort(404) if flask.request.method == 'GET': try: if (flask.session['gplus_id'] == item.gplus_id): categories = db_session.query(database.Category).all() return flask.render_template('delete_item.html', category_name=category_name, categories=categories, item=item) else: flask.abort(403) except KeyError: flask.abort(401) elif flask.request.method == 'POST': try: if (flask.session['gplus_id'] == item.gplus_id): if item.image: file_upload.delete_upload(item.image) db_session.delete(item) else: flask.abort(403) except KeyError: flask.abort(401) db_session.commit() return flask.redirect( flask.url_for('show_category_items', category_name=category_name))
def delete_catalog_item(category_name, item_id): """Allows the deletion of a catalog item. Shows a delete confirmation in a GET request, and deletes the item on a POST request. You can only delete an item if you were the one that created it or if the item has no owner (gplus_id is None). Args: category_name: Name of the current category. item_id: Id of the item that will be deleted. Returns: An html form if its a GET request, or redirects to the item if is a POST request. """ try: if not flask.session['credentials']: flask.abort(403) except KeyError: flask.abort(403) db_session = database.get_session() prepare_login() item = db_session.query(database.Item).get(item_id) if item is None: flask.abort(404) if flask.request.method == 'GET': try: if (flask.session['gplus_id'] == item.gplus_id): categories = db_session.query(database.Category).all() return flask.render_template('delete_item.html', category_name=category_name, categories=categories, item=item) else: flask.abort(403) except KeyError: flask.abort(401) elif flask.request.method == 'POST': try: if (flask.session['gplus_id'] == item.gplus_id): if item.image: file_upload.delete_upload(item.image) db_session.delete(item) else: flask.abort(403) except KeyError: flask.abort(401) db_session.commit() return flask.redirect(flask.url_for('show_category_items', category_name=category_name))