def user_profile():
"""View current user's profile page."""
user_id = session["user_id"]
user = db.query(User).filter_by(id = user_id).one()
# sort user items alphabetically
items = db.query(Item).filter_by(user_id = user_id).order_by(Item.name).all()
return render_template("api/user.html", user = user, items = items)
def user_profile():
"""View current user's profile page."""
user_id = session["user_id"]
user = db.query(User).filter_by(id = user_id).one()
# sort user items alphabetically
items = db.query(Item).filter_by(user_id = user_id).order_by(Item.name).all()
return render_template("api/user.html", user = user, items = items)
def view_category(category_id):
"""View a specific category."""
try:
category = db.query(Category).filter_by(id = category_id).one()
except NoResultFound:
abort(404)
items = db.query(Item).filter_by(category_id = category.id)
return render_template("api/category.html", category = category, items = items)
def view_category(category_id):
"""Shows a specific category."""
try:
category = db.query(Category).filter_by(id=category_id).one()
except NoResultFound:
abort(404)
items = db.query(Item).filter_by(category_id=category.id)
return render_template("api/category.html", category=category, items=items)
def view_category_json(category_id):
"""Category in json format."""
try:
category = db.query(Category).filter_by(id = category_id).one()
except NoResultFound:
abort(404)
items = db.query(Item).filter_by(category_id = category.id).all()
return jsonify(category = category.serialize,
items = [i.serialize for i in items])
def view_catalog():
"""Catalog homepage."""
categories = db.query(Category).all()
items = db.query(Item).order_by(Item.name).all()
latest_items = db.query(Item).order_by(Item.updated.desc()) \
.limit(LATEST_ITEMS_TO_SHOW).all()
return render_template("api/catalog.html",
categories = categories,
items = items,
latest_items = latest_items)
def view_catalog():
"""homepage."""
categories = db.query(Category).all()
items = db.query(Item).order_by(Item.name).all()
latest_items = db.query(Item).order_by(Item.updated.desc()) \
.limit(LATEST_ITEMS_TO_SHOW).all()
return render_template("api/catalog.html",
categories=categories,
items=items,
latest_items=latest_items)
def view_item_json(item_id):
"""Item in json format."""
try:
item = db.query(Item).filter_by(id = item_id).one()
except NoResultFound:
abort(404)
return jsonify(item = item.serialize)
def delete_item(item_id):
"""Delete an item."""
try:
item = db.query(Item).filter_by(id = item_id).one()
except NoResultFound:
abort(404)
# only author can delete item
if item.user_id != session['user_id']:
flash(message = "You are not allowed to remove this item", category = "error")
return render_template("api/item.html", item = item)
# populate form - just a base form here for csrf validation
form = CSRFForm(request.form)
# display and validate form
if request.method != 'POST' or not form.validate():
return render_template('api/delete_item.html', form = form, item = item)
# delete the item
db.delete(item)
db.commit()
flash(message = "Item successfully removed", category = "success")
return redirect(url_for('api.view_catalog'))
def new_item():
"""Creates new item."""
form = ItemForm(request.form)
categories = db.query(Category).order_by(Category.name).all()
form.category_id.choices = [(c.id, c.name) for c in categories]
if request.method != 'POST' or not form.validate():
return render_template('api/new_item.html', form=form)
form_file = request.files[form.image.name]
img_filename = None
if form_file:
filename = secure_filename(form_file.filename)
filename = generate_unique_filename(filename)
form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
img_filename = filename
new_item = Item(name=form.name.data,
description=form.description.data,
category_id=form.category_id.data,
image=img_filename,
user_id=session['user_id'])
db.add(new_item)
db.commit()
flash(message="Item successfully created", category="success")
return redirect(url_for('api.view_item', item_id=new_item.id))
def new_item():
"""Create new item."""
# populate form
form = ItemForm(request.form)
categories = db.query(Category).order_by(Category.name).all() # sort alphabetically
form.category_id.choices = [(c.id, c.name) for c in categories]
# display and validate form
if request.method != 'POST' or not form.validate():
return render_template('api/new_item.html', form = form)
# get image file
form_file = request.files[form.image.name]
img_filename = None
if form_file:
filename = secure_filename(form_file.filename)
filename = generate_unique_filename(filename)
form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
img_filename = filename
# create item
new_item = Item(
name = form.name.data,
description = form.description.data,
category_id = form.category_id.data,
image = img_filename,
user_id = session['user_id'])
db.add(new_item)
db.commit()
flash(message = "Item successfully created", category = "success")
return redirect(url_for('api.view_item', item_id = new_item.id))
def view_item(item_id):
"""Shows a specific item."""
try:
item = db.query(Item).filter_by(id=item_id).one()
except NoResultFound:
abort(404)
return render_template("api/item.html", item=item)
def view_item(item_id):
"""View a specific item."""
try:
item = db.query(Item).filter_by(id = item_id).one()
except NoResultFound:
abort(404)
return render_template("api/item.html", item = item)
def delete_item(item_id):
"""Delete an item."""
try:
item = db.query(Item).filter_by(id = item_id).one()
except NoResultFound:
abort(404)
# only author can delete item
if item.user_id != session['user_id']:
flash(message = "You are not allowed to remove this item", category = "error")
return render_template("api/item.html", item = item)
# populate form - just a base form here for csrf validation
form = CSRFForm(request.form)
# display and validate form
if request.method != 'POST' or not form.validate():
return render_template('api/delete_item.html', form = form, item = item)
# delete the item
db.delete(item)
db.commit()
flash(message = "Item successfully removed", category = "success")
return redirect(url_for('api.view_catalog'))
def create_user(login_session):
newUser = User(name=login_session['username'],
email=login_session['email'],
picture=login_session['picture'])
db.add(newUser)
db.commit()
user = db.query(User).filter_by(email=login_session['email']).one()
return user.id
def users_json():
"""List of users in json format.
This is for debugging and should probably be removed or protected.
TODO (pt314): Remove or protect this endpoint.
"""
users = db.query(User).all()
return jsonify(users = [u.serialize for u in users])
def create_user(login_session):
newUser = User(
name = login_session['username'],
email = login_session['email'],
picture = login_session['picture'])
db.add(newUser)
db.commit()
user = db.query(User).filter_by(email = login_session['email']).one()
return user.id
def edit_item(item_id):
"""Edit an item."""
try:
item = db.query(Item).filter_by(id = item_id).one()
except NoResultFound:
abort(404)
# only author can edit item
if item.user_id != session['user_id']:
flash(message = "You are not allowed to update this item", category = "error")
return render_template("api/item.html", item = item)
# populate form
form = ItemForm(request.form, item)
categories = db.query(Category).order_by(Category.name).all() # sort alphabetically
form.category_id.choices = [(c.id, c.name) for c in categories]
# display and validate form
if request.method != 'POST' or not form.validate():
return render_template('api/edit_item.html', form = form, item = item)
# get image file
form_file = request.files[form.image.name]
img_filename = None
if form_file:
filename = secure_filename(form_file.filename)
filename = generate_unique_filename(filename)
form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
img_filename = filename
# edit item
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category_id.data
# only replace image if new image is uploaded
if img_filename:
item.image = img_filename
db.add(item)
db.commit()
flash(message = "Item successfully updated", category = "success")
return redirect(url_for('api.view_item', item_id = item.id))
def edit_item(item_id):
"""Edit an item."""
try:
item = db.query(Item).filter_by(id = item_id).one()
except NoResultFound:
abort(404)
# only author can edit item
if item.user_id != session['user_id']:
flash(message = "You are not allowed to update this item", category = "error")
return render_template("api/item.html", item = item)
# populate form
form = ItemForm(request.form, item)
categories = db.query(Category).order_by(Category.name).all() # sort alphabetically
form.category_id.choices = [(c.id, c.name) for c in categories]
# display and validate form
if request.method != 'POST' or not form.validate():
return render_template('api/edit_item.html', form = form, item = item)
# get image file
form_file = request.files[form.image.name]
img_filename = None
if form_file:
filename = secure_filename(form_file.filename)
filename = generate_unique_filename(filename)
form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
img_filename = filename
# edit item
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category_id.data
# only replace image if new image is uploaded
if img_filename:
item.image = img_filename
db.add(item)
db.commit()
flash(message = "Item successfully updated", category = "success")
return redirect(url_for('api.view_item', item_id = item.id))
def edit_item(item_id):
"""Edit an item."""
try:
item = db.query(Item).filter_by(id=item_id).one()
except NoResultFound:
abort(404)
if item.user_id != session['user_id']:
flash(message="You access to update this item id denied",
category="error")
return render_template("api/item.html", item=item)
form = ItemForm(request.form, item)
categories = db.query(Category).order_by(Category.name).all()
form.category_id.choices = [(c.id, c.name) for c in categories]
if request.method != 'POST' or not form.validate():
return render_template('api/edit_item.html', form=form, item=item)
form_file = request.files[form.image.name]
img_filename = None
if form_file:
filename = secure_filename(form_file.filename)
filename = generate_unique_filename(filename)
form_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
img_filename = filename
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category_id.data
if img_filename:
item.image = img_filename
db.add(item)
db.commit()
flash(message="Item updation is successfull", category="success")
return redirect(url_for('api.view_item', item_id=item.id))
def recent_atom_feed():
"""Atom feed with recently created and updated items."""
feed = AtomFeed('Latest Items',
feed_url = request.url, url = request.url_root)
items = db.query(Item).order_by(Item.updated.desc()).limit(ATOM_FEED_SIZE).all()
for item in items:
item_url = url_for('api.view_item', item_id = item.id)
feed.add(title = item.name,
content = unicode(item.name + " (" + item.category.name + "): " + item.description),
content_type = 'text',
author = item.user.name,
url = make_external(item_url),
updated = item.updated,
published = item.created)
return feed.get_response()
def delete_item(item_id):
"""Deletes an item."""
try:
item = db.query(Item).filter_by(id=item_id).one()
except NoResultFound:
abort(404)
if item.user_id != session['user_id']:
flash(message="You access to remove this item is denied",
category="error")
return render_template("api/item.html", item=item)
form = CSRFForm(request.form)
if request.method != 'POST' or not form.validate():
return render_template('api/delete_item.html', form=form, item=item)
db.delete(item)
db.commit()
flash(message="Item successfully removed", category="success")
return redirect(url_for('api.view_catalog'))
def view_catalog_json():
"""Catalog in json format."""
categories = db.query(Category).all()
items = db.query(Item).all()
return jsonify(categories = [c.serialize for c in categories],
items = [i.serialize for i in items])
def get_user_id(email):
try:
user = db.query(User).filter_by(email=email).one()
return user.id
except:
return None
def get_user_info(user_id):
user = db.query(User).filter_by(id=user_id).one()
return user
def users_json():
"""List of users."""
users = db.query(User).all()
return jsonify(users=[u.serialize for u in users])
def get_user_info(user_id):
user = db.query(User).filter_by(id=user_id).one()
return user
def get_user_id(email):
try:
user = db.query(User).filter_by(email = email).one()
return user.id
except:
return None
