def create_category():
"""Handler for new category view."""
if "username" not in login_session:
flash("You are not logged in.")
return redirect(url_for("bp_main.welcome"), code=302)
if request.method == "POST":
fm_state = request.form["csrf-token"]
if fm_state != login_session["state"]:
abort(401)
fm_name = request.form["fm-name"]
user_id = login_session["user_id"]
dup = session.query(Category).filter_by(user_id=user_id,
name=fm_name).count()
if fm_name == "":
flash("Name field empty.")
return redirect(url_for("bp_main.create_category"), code=302)
if dup != 0:
flash("That category already exists!")
return redirect(url_for("bp_main.welcome"), code=302)
new_category = Category(user_id=user_id, name=fm_name)
session.add(new_category)
session.commit()
flash("Category added!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
state = login_session["state"] = login_utils.gen_csrf_token()
return render_template("category_new.html", STATE=state)
def edit_category(category_name, user_id):
"""Handler for edit category view.
Args:
category_name (unicode): Category value passed from the URL.
user_id (int): User ID value passed from the URL.
"""
if "username" not in login_session:
flash("You are not logged in.")
return redirect(url_for("bp_main.welcome"), code=302)
try:
db_category = (session.query(Category).filter_by(
user_id=user_id, name=category_name).one())
except NoResultFound:
msg = ("<strong>Data not found. That user may have deleted"
"their account.</strong>")
response = make_response(msg, 404)
return response
if db_category.user_id != login_session["user_id"]:
flash("You are not authorized to make changes.")
return redirect(url_for("bp_main.welcome"), code=302)
if request.method == "POST":
fm_state = request.form["csrf-token"]
if fm_state != login_session["state"]:
abort(401)
fm_category_name = request.form["fm-name"]
if fm_category_name == "":
flash("Empty category name field.")
return render_template("category_edit.html",
CATEGORY_NAME=category_name,
USER_ID=user_id,
STATE=fm_state)
elif fm_category_name == db_category.name:
flash("Category name unchanged!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
db_category.name = fm_category_name
session.add(db_category)
session.commit()
flash("Category name changed!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
state = login_utils.gen_csrf_token()
login_session["state"] = state
if category_name == "Unsorted":
flash("Cannot change that category name!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
return render_template("category_edit.html",
CATEGORY_NAME=category_name,
USER_ID=user_id,
STATE=state)
def delete_category(category_name, user_id):
"""Handler for delete category view.
Args:
category_name (unicode): Category value passed from the URL.
user_id (int): User ID value passed from the URL.
"""
if "username" not in login_session:
flash("You are not logged in.")
return redirect(url_for("bp_main.welcome"), code=302)
try:
db_category = (session.query(Category).filter_by(
user_id=user_id, name=category_name).one())
except NoResultFound:
msg = ("<strong>Data not found. That user may have deleted"
"their account.</strong>")
response = make_response(msg, 404)
return response
if db_category.user_id != login_session["user_id"]:
flash("You are not authorized to make deletions.")
redirect(url_for("bp_main.welcome"), code=302)
if request.method == "POST":
fm_state = request.form["csrf-token"]
if fm_state != login_session["state"]:
abort(401)
fm_yn = request.form["fm-yn"]
if fm_yn == "N":
flash("Cancelled deletion.")
return redirect(url_for("bp_main.welcome"), code=302)
(session.query(Item).filter_by(user_id=user_id,
category_name=category_name).update(
{Item.category_name: "Unsorted"},
synchronize_session="evaluate"))
session.delete(db_category)
session.commit()
flash("Category deleted!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
state = login_utils.gen_csrf_token()
login_session["state"] = state
if category_name == "Unsorted":
flash("Cannot delete that category!")
return render_template("catalog.html")
else:
return render_template("category_delete.html",
CATEGORY_NAME=category_name,
USER_ID=user_id,
STATE=state)
def delete_item(item_name, user_id):
"""Handler for delete item view.
Args:
item_name (unicode): Item value passed from the URL.
user_id (int): User ID value passed from the URL.
"""
if "username" not in login_session:
flash("You are not logged in.")
return redirect(url_for("bp_main.welcome"), code=302)
try:
db_item = (session.query(Item).filter_by(user_id=user_id,
name=item_name).one())
except NoResultFound:
msg = ("<strong>Data not found. That user may have deleted"
"their account.</strong>")
response = make_response(msg, 404)
return response
if request.method == "POST":
fm_yn = request.form["fm-yn"]
if fm_yn == "N":
return redirect(url_for("bp_main.welcome"), code=302)
if db_item.user_id != login_session["user_id"]:
flash("You are not authorized to delete this.")
return redirect(url_for("bp_main.welcome"), code=302)
# Delete the image file in Uploads/< user_id >
if db_item.image_file is not None and db_item.image_url is not None:
imginst = Image(BASE_URL, user_id, db_item.image_file)
img_path_loc = imginst.path_local
os.remove(img_path_loc)
# Delete item record and redirect
session.delete(db_item)
session.commit()
flash("Item deleted!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
state = login_session["state"] = login_utils.gen_csrf_token()
return render_template("item_delete.html",
ITEM_NAME=item_name,
USER_ID=user_id,
STATE=state)
def welcome():
"""Handle for application main page."""
if "username" in login_session:
user_id = login_session["user_id"]
db_categories = (session.query(Category).filter_by(
user_id=user_id).order_by(asc(Category.name)).all())
db_items = (session.query(Item).filter_by(user_id=user_id).order_by(
desc(Item.create_date)).limit(7).all())
return render_template("catalog.html",
CATEGORIES=db_categories,
RECENT_ITEMS=db_items)
else:
state = login_session["state"] = login_utils.gen_csrf_token()
return render_template("login.html",
STATE=state,
GPL_ID=GPL_CLT_ID,
FB_ID=FB_APP_ID)
def welcome():
"""Handle for application main page."""
if "username" in login_session:
user_id = login_session["user_id"]
db_categories = (session.query(Category).filter_by(user_id=user_id)
.order_by(asc(Category.name)).all())
db_items = (session.query(Item).filter_by(user_id=user_id)
.order_by(desc(Item.create_date)).limit(7).all())
return render_template("catalog.html", CATEGORIES=db_categories,
RECENT_ITEMS=db_items)
else:
state = login_session["state"] = login_utils.gen_csrf_token()
gpl_id = json.loads(open("catalog/login/client_secrets_gpl.json", "r")
.read())["web"]["client_id"]
fb_id = json.loads(open("catalog/login/client_secrets_fb.json", "r")
.read())["web"]["app_id"]
return render_template("login.html", STATE=state,
GPL_ID=gpl_id, FB_ID=fb_id)
def edit_item(item_name, user_id):
"""Handler for edit item view.
Args:
item_name (unicode): Item value passed from the URL.
user_id (id): User ID value passed from the URL.
"""
if "username" not in login_session:
flash("You are not logged in.")
return redirect(url_for("bp_main.welcome"), code=302)
try:
db_item = (session.query(Item).filter_by(user_id=user_id,
name=item_name).one())
db_categories = (session.query(Category).filter_by(
user_id=user_id).all())
except NoResultFound:
msg = ("<strong>Item data not found. That user may have deleted"
"their account.</strong>")
response = make_response(msg, 404)
return response
if db_item.user_id != login_session["user_id"]:
flash("You are not authorized to make changes.")
return redirect(url_for("bp_main.welcome"), code=302)
if request.method == "POST":
fm_state = request.form["csrf-token"]
if fm_state != login_session["state"]:
abort(401)
fm_name = request.form["fm-name"]
fm_description = request.form["fm-description"]
fm_category = request.form["fm-category"]
try:
img_obj = request.files["fm-image"]
except RequestEntityTooLarge:
msg = "<strong>File size exceeded 1 MB limit.</strong>"
return make_response(msg, 200)
if fm_name == "":
fm_name = "No title ({}|{})".format(user_id, int(time.time()))
# Remove old image file before updating
if db_item.image_file is not None:
old_imginst = Image(BASE_URL, user_id, db_item.image_file)
old_imgfile = old_imginst.path_local
os.remove(old_imgfile)
new_imgfile = None
img_path_loc = None
img_path_url = None
if (Image.valid_img_request(img_obj)
and Image.valid_img_file(img_obj.filename)):
new_imgfile = secure_filename(img_obj.filename)
imginst = Image(BASE_URL, user_id, new_imgfile)
img_path_loc = imginst.path_local
img_path_url = imginst.path_url
img_obj.save(img_path_loc)
# Update, commit and redirect
db_item.name = fm_name
db_item.description = fm_description
db_item.image_file = new_imgfile
db_item.image_url = img_path_url
db_item.category_name = fm_category
session.add(db_item)
session.commit()
flash("Item data updated!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
state = login_session["state"] = login_utils.gen_csrf_token()
return render_template("item_edit.html",
ITEM=db_item,
CATEGORIES=db_categories,
STATE=state)
def create_item():
"""Handler for new item view."""
if "username" not in login_session:
flash("You are not logged in.")
return redirect(url_for("bp_main.welcome"), code=302)
# Needed for both db lookup and img directory paths
user_id = login_session["user_id"]
# Get all the user's categories for the client-side forms select-tag
db_categories = (session.query(Category).filter_by(
user_id=user_id).order_by(asc(Category.name)).all())
if request.method == "POST":
fm_state = request.form["csrf-token"]
if fm_state != login_session["state"]:
abort(401)
# Let's deal with the image file first (if any)
try:
img_obj = request.files["fm-image"]
except RequestEntityTooLarge:
msg = "<strong>File size exceeded 1 MB limit.</strong>"
return make_response(msg, 200)
# For the new image file to add to the database, image save path
# on the server and url format for the API response data
new_imgfile = None
img_path_loc = None
img_path_url = None
if (Image.valid_img_request(img_obj)
and Image.valid_img_file(img_obj.filename)):
new_imgfile = secure_filename(img_obj.filename)
# Check if and image file with that name already exists
dup = (session.query(Item).filter_by(
user_id=user_id, image_file=new_imgfile).count())
if dup != 0:
msg = "<strong>That file already exists.</strong>"
return make_response(msg, 200)
imginst = Image(BASE_URL, user_id, new_imgfile)
img_path_loc = imginst.path_local
img_path_url = imginst.path_url
img_obj.save(img_path_loc)
# Next we handle the rest of the form fields
fm_name = request.form["fm-name"]
fm_description = request.form["fm-description"]
fm_category = request.form["category_name"]
db_items = (session.query(Item).filter_by(user_id=user_id,
name=fm_name).count())
if fm_name == "":
fm_name = "No title ({}|{})".format(user_id, int(time.time()))
if db_items != 0:
flash("That item already exists!")
return redirect(url_for("bp_main.welcome"), code=302)
new_item = Item(name=fm_name,
description=fm_description,
image_file=new_imgfile,
image_url=img_path_url,
category_name=fm_category,
user_id=user_id)
# Add to db and redirect
session.add(new_item)
session.commit()
flash("New item added!")
return redirect(url_for("bp_main.welcome"), code=302)
else:
state = login_session["state"] = login_utils.gen_csrf_token()
return render_template("item_new.html",
CATEGORIES=db_categories,
STATE=state)