def getJsonItemDetail(category_id, item_id):
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
result = {
"status": "success",
"type": "attributes",
"attributes_type": "item",
"category": category.serialize,
"item": item.serialize,
}
return jsonify(result)
def getJsonItemDetail(category_id, item_id):
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
result = {
"status": "success",
"type": "attributes",
"attributes_type": "item",
"category": category.serialize,
"item": item.serialize
}
return jsonify(result)
def showItemDetail(category_id, item_id):
"""Render the detail page of a selected item
GET /category/category id/item/item id
Example:
GET /category/1/item/2 shows the detail of the item 2
in the category 1
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
user_data = None
if token:
user_data = validate_token(token, expire_time)
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
# Show user a different view which contains 'edit' and 'delete' link
# if user_data is not None, which means an authenticated user.
return render_template("show_item_detail.html", category=category, item=item, user=user_data)
def showItemDetail(category_id, item_id):
"""Render the detail page of a selected item
GET /category/category id/item/item id
Example:
GET /category/1/item/2 shows the detail of the item 2
in the category 1
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
user_data = None
if token:
user_data = validate_token(token, expire_time)
category = Category.get_by_id(session, category_id)
item = Item.get_by_id(session, item_id)
# Show user a different view which contains 'edit' and 'delete' link
# if user_data is not None, which means an authenticated user.
return render_template('show_item_detail.html',
category=category, item=item, user=user_data)
def deleteItem(item_id):
"""
GET /item/item id/delete:
Render an delete item form page
POST /item/item id/delete:
Delete the selected item from database
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
if request.method == "GET":
# Only authorized user can see a delete item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
item = Item.get_by_id(session, item_id)
return render_template('delete_item.html', item=item, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get('Authorization')
# Get item to delete
item = Item.get_by_id(session, item_id)
# Only authorized user can delete this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Only authorized user can delete an item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
session.delete(item)
session.commit()
response = make_response(
json.dumps({
"message": "The item was successfully deleted.",
"redirect": url_for('basic.showMain')
}), 200
)
response.headers['Content-Type'] = 'application/json'
return response
def editItem(category_id, item_id):
"""
GET /category/category id/item/item id/edit:
Render an edit item form page
POST /category/category id/item/item id/edit:
Update the selected item's attributes
Fields:
title (required)
description
category (required)
"""
token = request.cookies.get('token')
expire_time = request.cookies.get('expire_time')
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
if request.method == "GET":
# Only authorized user can see an edit item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
# Only authorized user can see an edit item page
# Authorized user id must be the same as
# the user's id who created the item before.
if not User.is_authorized(session, user_data.get("id"), item_id):
flash("You are not authorized.")
return redirect(url_for('basic.showMain'))
categories = Category.get_all(session)
item = Item.get_by_id(session, item_id)
return render_template('edit_item.html',
categories=categories, item=item)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get('Authorization')
# Only authorized user can edit this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
item = Item.get_by_id(session, item_id)
title = request.form.get('title')
description = request.form.get('description')
new_category_id = request.form.get('category')
# In the form in HTML title field is required.
# No title means the user use another way to send POST request
if not title:
response = make_response(
json.dumps({
"message": "Please use the proper way",
"redirect": url_for('basic.showItemDetail',
category_id=category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
# Only authorized user can edit item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps({
"message": "You are not authorized",
"redirect": url_for('basic.showItemDetail',
category_id=item.category_id,
item_id=item_id)
}), 401
)
response.headers['Content-Type'] = 'application/json'
return response
item.title = title
item.description = description
item.category_id = new_category_id
session.add(item)
session.commit()
response = make_response(
json.dumps({
"message": "The item was successfully edited.",
"redirect": url_for('basic.showItemDetail',
category_id=category_id,
item_id=item.id)
}), 200
)
response.headers['Content-Type'] = 'application/json'
return response
def deleteItem(item_id):
"""
GET /item/item id/delete:
Render an delete item form page
POST /item/item id/delete:
Delete the selected item from database
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
if request.method == "GET":
# Only authorized user can see a delete item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
item = Item.get_by_id(session, item_id)
return render_template("delete_item.html", item=item, user=user_data)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get("Authorization")
# Get item to delete
item = Item.get_by_id(session, item_id)
# Only authorized user can delete this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
# Only authorized user can delete an item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
session.delete(item)
session.commit()
response = make_response(
json.dumps({"message": "The item was successfully deleted.", "redirect": url_for("basic.showMain")}), 200
)
response.headers["Content-Type"] = "application/json"
return response
def editItem(category_id, item_id):
"""
GET /category/category id/item/item id/edit:
Render an edit item form page
POST /category/category id/item/item id/edit:
Update the selected item's attributes
Fields:
title (required)
description
category (required)
"""
token = request.cookies.get("token")
expire_time = request.cookies.get("expire_time")
# Only authorized user can see an edit item page
if not token:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
if request.method == "GET":
# Only authorized user can see an edit item page
user_data = validate_token(token, expire_time)
if not user_data:
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
# Only authorized user can see an edit item page
# Authorized user id must be the same as
# the user's id who created the item before.
if not User.is_authorized(session, user_data.get("id"), item_id):
flash("You are not authorized.")
return redirect(url_for("basic.showMain"))
categories = Category.get_all(session)
item = Item.get_by_id(session, item_id)
return render_template("edit_item.html", categories=categories, item=item)
if request.method == "POST":
# When user send POST request,
# we get a token again from HTTP header, not from cookie
token = request.headers.get("Authorization")
# Only authorized user can edit this item
user_data = validate_token(token, expire_time)
if not user_data:
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
item = Item.get_by_id(session, item_id)
title = request.form.get("title")
description = request.form.get("description")
new_category_id = request.form.get("category")
# In the form in HTML title field is required.
# No title means the user use another way to send POST request
if not title:
response = make_response(
json.dumps(
{
"message": "Please use the proper way",
"redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
# Only authorized user can edit item
# Authorized user id must be the same as
# the user's id who created the item before.
user = User.get_by_id(session, user_data.get("id"))
if not User.is_authorized(session, user.id, item_id):
response = make_response(
json.dumps(
{
"message": "You are not authorized",
"redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
}
),
401,
)
response.headers["Content-Type"] = "application/json"
return response
item.title = title
item.description = description
item.category_id = new_category_id
session.add(item)
session.commit()
response = make_response(
json.dumps(
{
"message": "The item was successfully edited.",
"redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item.id),
}
),
200,
)
response.headers["Content-Type"] = "application/json"
return response
