def getJsonItemDetail(category_id, item_id):
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
result = {
"status": "success",
"type": "attributes",
"attributes_type": "item",
"category": category.serialize,
"item": item.serialize
}
return jsonify(result)
def getJsonItemDetail(category_id, item_id):
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
result = {
"status": "success",
"type": "attributes",
"attributes_type": "item",
"category": category.serialize,
"item": item.serialize,
}
return jsonify(result)
def showItemDetail(category_id, item_id):
"""Render the detail page of a selected item
GET /category/category id/item/item id
Example:
GET /category/1/item/2 shows the detail of the item 2
in the category 1
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
user_data = None
if token:
user_data = validate_token(token, expire_time)
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
# Show user a different view which contains 'edit' and 'delete' link
# if user_data is not None, which means an authenticated user.
return render_template("show_item_detail.html", category=category, item=item, user=user_data)
def showItemDetail(category_id, item_id):
"""Render the detail page of a selected item
GET /category/category id/item/item id
Example:
GET /category/1/item/2 shows the detail of the item 2
in the category 1
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
user_data = None
if token:
user_data = validate_token(token, expire_time)
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
# Show user a different view which contains 'edit' and 'delete' link
# if user_data is not None, which means an authenticated user.
return render_template('show_item_detail.html',
category=category, item=item, user=user_data)
def showMain():
"""Render the main page contain all categories and most recent items
GET /
"""
# Check if user is authenticated
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
user_data = None
if token:
user_data = validate_token(token, expire_time)
# SQL model method which retrieve all categories.
categories = Category.get_all(session, order_by=Category.name, ascending=True)
# SQL model method which retrieve most recent 10 items.
items = Item.get_recent(session, limit=10)
# Show user a different view which contains 'add item' link
# if user_data is not None, which means an authenticated user.
return render_template("main.html", categories=categories, items=items, user=user_data)
def showMain():
"""Render the main page contain all categories and most recent items
GET /
"""
# Check if user is authenticated
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
user_data = None
if token:
user_data = validate_token(token, expire_time)
# SQL model method which retrieve all categories.
categories = Category.get_all(session, order_by=Category.name,
ascending=True)
# SQL model method which retrieve most recent 10 items.
items = Item.get_recent(session, limit=10)
# Show user a different view which contains 'add item' link
# if user_data is not None, which means an authenticated user.
return render_template('main.html', categories=categories,
items=items, user=user_data)
def deleteItem(item_id):
"""
GET /item/item id/delete:
Render an delete item form page
POST /item/item id/delete:
Delete the selected item from database
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
if request.method == "GET":
# Only authorized user can see a delete item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
item = Item.get_by_id(session, item_id)
return render_template('delete_item.html', item=item, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get('Authorization')
# Get item to delete
item = Item.get_by_id(session, item_id)
# Only authorized user can delete this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Only authorized user can delete an item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
session.delete(item)
session.commit()
response = make_response(
json.dumps({
"message": "The item was successfully deleted.",
"redirect": url_for('basic.showMain')
}), 200
)
response.headers['Content-Type'] = 'application/json'
return response
def editItem(category_id, item_id):
"""
GET /category/category id/item/item id/edit:
Render an edit item form page
POST /category/category id/item/item id/edit:
Update the selected item's attributes
Fields:
title (required)
description
category (required)
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
if request.method == "GET":
# Only authorized user can see an edit item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
# Only authorized user can see an edit item page
# Authorized user id must be the same as
# the user's id who created the item before.
if not User.is_authorized(session, user_data.get("id"), item_id):
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
categories = Category.get_all(session)
item = Item.get_by_id(session, item_id)
return render_template('edit_item.html',
categories=categories, item=item)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get('Authorization')
# Only authorized user can edit this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
item = Item.get_by_id(session, item_id)
title = request.form.get('title')
description = request.form.get('description')
new_category_id = request.form.get('category')
# In the form in HTML title field is required.
# No title means the user use another way to send POST request
if not title:
response = make_response(
json.dumps({
"message": "Please use the proper way",
"redirect": url_for('basic.showItemDetail',
category_id=category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Only authorized user can edit item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
item.title = title
item.description = description
item.category_id = new_category_id
session.add(item)
session.commit()
response = make_response(
json.dumps({
"message": "The item was successfully edited.",
"redirect": url_for('basic.showItemDetail',
category_id=category_id,
item_id=item.id)
}), 200
)
response.headers['Content-Type'] = 'application/json'
return response
def addItem():
"""
GET /items:
Render a create item form page
POST /items:
Create a new item and store it in database.
Fields:
title (required)
description
category (required)
Created date are default saved as timestamp
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
# Only authenticated user can add a new item
if not token:
flash("Please login.")
return redirect(url_for('auth.login'))
if request.method == "GET":
user_data = validate_token(token, expire_time)
categories = Category.get_all(session)
return render_template('add_item.html',
categories=categories, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get('Authorization')
# Only authenticated user can add a new item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps({
"message": "Please login",
"redirect": url_for('auth.login')
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Get title, description, and category_id from the form.
title = request.form.get('title')
description = request.form.get('description')
category_id = request.form.get('category')
# In the form in HTML title field is required.
# No title means the user use another way to send POST request
if not title:
response = make_response(
json.dumps({
"message": "Please use the proper way",
"redirect": url_for('basic.addItem')
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Create a new item row with the fields user has inputted
item = Item(title=title, description=description,
category_id=category_id, user_id=user_data.get("id"))
session.add(item)
session.commit()
# Redirect to the detail page, so user can check their input.
response = make_response(
json.dumps({
"message": "The item was successfully created.",
"redirect": url_for('basic.showItemDetail',
category_id=category_id, item_id=item.id)
}), 200
)
response.headers['Content-Type'] = 'application/json'
return response
# Password: user1password ~ user10@password
for i in range(10):
password = "******".format(i + 1)
enc, salt = encrypt_password(password)
user = User(name="user{}".format(i + 1),
email="user{}@email.com".format(i + 1),
password=enc, salt=salt)
session.add(user)
session.commit()
# Create dummy categories and items(10 categories, 100 items)
# Example:
# Category: category1 ~ category10
# Item: item1_c1 ~ item10_c10
for c in range(10):
category = Category(name="category{}".format(c + 1))
session.add(category)
session.commit()
# 10 items in each category
for i in range(10):
item = Item(title="item{}_c{}".format(i + 1, c + 1),
category_id=category.id, user_id=(i % 10 + 1))
item.description = "This is a description of category: \
{} and item: {}. This item is created by {}"\
.format(i + 1, c + 1, "user{}".format(i % 10 + 1))
session.add(item)
session.commit()
print "inserting rows done!"
password = "******".format(i + 1)
enc, salt = encrypt_password(password)
user = User(name="user{}".format(i + 1),
email="user{}@email.com".format(i + 1),
password=enc,
salt=salt)
session.add(user)
session.commit()
# Create dummy categories and items(10 categories, 100 items)
# Example:
# Category: category1 ~ category10
# Item: item1_c1 ~ item10_c10
for c in range(10):
category = Category(name="category{}".format(c + 1))
session.add(category)
session.commit()
# 10 items in each category
for i in range(10):
item = Item(title="item{}_c{}".format(i + 1, c + 1),
category_id=category.id,
user_id=(i % 10 + 1))
item.description = "This is a description of category: \
{} and item: {}. This item is created by {}"\
.format(i + 1, c + 1, "user{}".format(i % 10 + 1))
session.add(item)
session.commit()
print "inserting rows done!"
def deleteItem(item_id):
"""
GET /item/item id/delete:
Render an delete item form page
POST /item/item id/delete:
Delete the selected item from database
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
if request.method == "GET":
# Only authorized user can see a delete item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
item = Item.get_by_id(session, item_id)
return render_template("delete_item.html", item=item, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get("Authorization")
# Get item to delete
item = Item.get_by_id(session, item_id)
# Only authorized user can delete this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
# Only authorized user can delete an item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
session.delete(item)
session.commit()
response = make_response(
json.dumps({"message": "The item was successfully deleted.", "redirect": url_for("basic.showMain")}), 200
)
response.headers["Content-Type"] = "application/json"
return response
def editItem(category_id, item_id):
"""
GET /category/category id/item/item id/edit:
Render an edit item form page
POST /category/category id/item/item id/edit:
Update the selected item's attributes
Fields:
title (required)
description
category (required)
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
if request.method == "GET":
# Only authorized user can see an edit item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
# Only authorized user can see an edit item page
# Authorized user id must be the same as
# the user's id who created the item before.
if not User.is_authorized(session, user_data.get("id"), item_id):
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
categories = Category.get_all(session)
item = Item.get_by_id(session, item_id)
return render_template("edit_item.html", categories=categories, item=item)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get("Authorization")
# Only authorized user can edit this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
item = Item.get_by_id(session, item_id)
title = request.form.get("title")
description = request.form.get("description")
new_category_id = request.form.get("category")
# In the form in HTML title field is required.
# No title means the user use another way to send POST request
if not title:
response = make_response(
json.dumps(
{
"message": "Please use the proper way",
"redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
# Only authorized user can edit item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
item.title = title
item.description = description
item.category_id = new_category_id
session.add(item)
session.commit()
response = make_response(
json.dumps(
{
"message": "The item was successfully edited.",
"redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item.id),
}
),
200,
)
response.headers["Content-Type"] = "application/json"
return response
