Esempio n. 1
0
def editItem(name):
    if "user_id" not in session:
        return redirect("/login")

    item = db_session.query(Item).filter_by(name=name).one()

    if item is None:
        abort(404)

    if item.user_id != session["user_id"]:
        abort(401)

    form = ItemForm(obj=item)
    categories = db_session.query(Category.id, Category.name).all()
    form.category.choices = categories
    if form.validate_on_submit():
        # form.populate_obj(item)
        item.name = form.name.data
        item.description = form.description.data
        item.category_id = form.category.data

        filename = None
        # check if user uploaded file and sanitize filename
        if form.image.has_file():
            # gets the filename?
            filename = secure_filename(form.image.data.filename)
            form.image.data.save(os.path.join(app.config["UPLOAD_FOLDER"], filename))
            item.image = filename
        db_session.add(item)
        db_session.commit()
        flash("Item %s edited." % item.name)
        return redirect(url_for("item", name=item.name))
    return render_template("editItem.html", item=item, form=form)
Esempio n. 2
0
def newItem():
    if "user_id" not in session:
        return redirect("/login")
    form = ItemForm()
    categories = db_session.query(Category.id, Category.name).all()
    form.category.choices = categories
    if form.validate_on_submit():
        filename = None
        # check if user uploaded file and sanitize filename
        if form.image.has_file():
            # gets the filename?
            filename = secure_filename(form.image.data.filename)
            form.image.data.save(os.path.join(app.config["UPLOAD_FOLDER"], filename))
        # create new item and commit to database
        item = Item(
            name=form.name.data,
            description=form.description.data,
            category_id=form.category.data,
            image=filename,
            user_id=session["user_id"],
            pub_date=datetime.utcnow(),
        )
        db_session.add(item)
        db_session.commit()
        flash("New item created.")
        return redirect(url_for("item", name=item.name))
    return render_template("newItem.html", form=form)
Esempio n. 3
0
def createUser(session):
    """ Create new user record """
    newUser = User(name=session['username'],
                   email=session['email'],
                   picture=session['picture'])
    db_session.add(newUser)
    db_session.commit()
    user = db_session.query(User).filter_by(email=session['email']).one()
    return user.id
Esempio n. 4
0
def newCategory():
    if "user_id" not in session:
        return redirect("/login")
    form = CategoryForm()
    if form.validate_on_submit():
        category = Category(name=form.name.data, user_id=session["user_id"])
        db_session.add(category)
        db_session.commit()
        flash("New category created.")
        return redirect(url_for("catalog"))
    return render_template("newCategory.html", form=form)
Esempio n. 5
0
def newItem():
    """ Create a new item """

    # user must be authenticated
    if 'user_id' not in session:
        return redirect('/login')

    form = ItemForm()
    categories = db_session.query(Category.id, Category.name).all()
    form.category_id.choices = categories

    if form.validate_on_submit():
        # check that name != 'new', which is used for routing
        if form.name.data.lower() == 'new':
            form.name.errors.append("'new' is a reserved word, and cannot"
                                    " be used as an item name.")
            return render_template('new_item.html', form=form)

        filename = None
        # check if user uploaded file and sanitize filename
        if form.image.has_file():
            # get the filename, ensuring that it is safe
            filename = secure_filename(form.image.data.filename)
            form.image.data.save(
                os.path.join(app.config['UPLOAD_FOLDER'], filename))
        # create new item and commit to database
        item = Item(
            name=form.name.data,
            description=form.description.data,
            category_id=form.category_id.data,
            image=filename,
            user_id=session['user_id'],
            pub_date=datetime.utcnow()
            )
        db_session.add(item)
        try:
            db_session.commit()
        except exc.IntegrityError:
            # item name should be unique
            db_session.rollback()
            form.name.errors.append("Item already exists.")
            return render_template('new_item.html', form=form)
        flash("Created new item %s." % item.name)
        return redirect(url_for('item', name=item.name))
    return render_template('new_item.html', form=form)
Esempio n. 6
0
def deleteItem(name):
    if "user_id" not in session:
        return redirect("/login")

    item = db_session.query(Item).filter_by(name=name).one()

    if item is None:
        abort(404)

    if item.user_id != session["user_id"]:
        abort(401)

    if request.method == "POST":
        db_session.delete(item)
        db_session.commit()
        flash("%s Successfully Deleted" % item.name)
        return redirect(url_for("catalog"))
    else:
        return render_template("deleteItem.html", item=item)
Esempio n. 7
0
def deleteCategory(name):
    if "user_id" not in session:
        return redirect("/login")

    category = db_session.query(Category).filter_by(name=name).one()

    if category is None:
        abort(404)

    if category.user_id != session["user_id"]:
        abort(401)

    if request.method == "POST":
        # delete the category, and related items should be deleted automatically
        db_session.delete(category)
        db_session.commit()
        flash("%s Successfully Deleted" % category.name)
        return redirect(url_for("catalog"))
    else:
        return render_template("deleteCategory.html", category=category)
Esempio n. 8
0
def editCategory(name):
    if "user_id" not in session:
        return redirect("/login")

    category = db_session.query(Category).filter_by(name=name).one()

    if category is None:
        abort(404)

    if category.user_id != session["user_id"]:
        abort(401)

    form = CategoryForm(obj=category)
    if form.validate_on_submit():
        form.populate_obj(category)
        db_session.add(category)
        db_session.commit()
        flash("Category %s edited." % category.name)
        return redirect(url_for("category", name=category.name))
    return render_template("editCategory.html", category=category, form=form)
Esempio n. 9
0
def editItem(name):
    """ Edit an item """

    # user must be authenticated
    if 'user_id' not in session:
        return redirect('/login')

    item = db_session.query(Item).filter_by(name=name).first()

    if item is None:
        abort(404)

    if item.user_id != session['user_id']:
        abort(401)

    form = ItemForm(obj=item)
    categories = db_session.query(Category.id, Category.name).all()
    form.category_id.choices = categories

    if form.validate_on_submit():
        filename = item.image
        # check if user uploaded file and sanitize filename
        if form.image.has_file():
            # gets the filename, ensuring that it is safe
            filename = secure_filename(form.image.data.filename)
            form.image.data.save(
                os.path.join(app.config['UPLOAD_FOLDER'], filename))

        form.populate_obj(item)
        item.image = filename
        db_session.add(item)
        try:
            db_session.commit()
        except exc.IntegrityError:
            # item name should be unique
            db_session.rollback()
            form.name.errors.append("Item already exists.")
            return render_template('edit_item.html', item=item, form=form)
        flash("Item %s edited." % item.name)
        return redirect(url_for('item', name=item.name))
    return render_template('edit_item.html', item=item, form=form)
Esempio n. 10
0
def deleteItem(name):
    """ Delete an item """

    # user must be authenticated
    if 'user_id' not in session:
        return redirect('/login')

    item = db_session.query(Item).filter_by(name=name).first()

    if item is None:
        abort(404)

    if item.user_id != session['user_id']:
        abort(401)

    if request.method == 'POST':
        db_session.delete(item)
        db_session.commit()
        flash('%s Successfully Deleted' % item.name)
        return redirect(url_for('catalog'))
    else:
        form = ItemForm()
        return render_template('delete_item.html', item=item, form=form)
Esempio n. 11
0
def createUser(session):
    newUser = User(name=session["username"], email=session["email"], picture=session["picture"])
    db_session.add(newUser)
    db_session.commit()
    user = db_session.query(User).filter_by(email=session["email"]).one()
    return user.id