def deleteProduct(cid, pid):
#Check if the user is the owner of this product. Allow user to delete if they are the creator of it.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id = getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this product. Allow user to delete if they are the creator of it.
if database_service.hasProductPermission(pid, user_id):
if request.method == 'POST':
#When user clicks the Yes button, delete the product along with it's image from our database
database_service.DeleteProduct(pid)
flash('Product deleted!', 'alert-success')
return redirect(url_for('showProducts', cid=cid))
else:
sel_catagory = database_service.GetCatagoryByID(cid)
sel_product = database_service.GetProductByID(pid)
return render_template('deleteproduct.html',
catagories=catagories,
sel_catagory=sel_catagory,
sel_product=sel_product,
logged_in=logged_in,
username=username,
picture=picture)
else:
flash('No permission to delete this product!', 'alert-danger')
return redirect(url_for('showProducts', cid=cid))
def editProduct(cid,pid):
#Direct user to login page if not logged in. User must be logged in before modifying products.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id=getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this catagory. Allow user to modify if they are the creator of it.
if database_service.hasProductPermission(pid,user_id):
if request.method == 'POST':
#When user clicks the submit button
pic_path = ''
file = request.files['file']
if file and allowed_file(file.filename):
#if there are new image uploaded, save into /static/uploads
filename = secure_filename(file.filename)
pic_path = os.path.join(app.config['UPLOAD_FOLDER'],filename)
file.save(pic_path)
#update the modified product detail into our database
database_service.EditProduct(pid,request.form['name'],request.form['desc'],request.form['price'],request.form['flavour'],pic_path,request.form['catagory'])
flash('Product updated!','alert-success')
return redirect(url_for('showProducts',cid=cid))
else:
sel_catagory = database_service.GetCatagoryByID(cid)
sel_product = database_service.GetProductByID(pid)
return render_template('editproduct.html',catagories=catagories,sel_catagory=sel_catagory, sel_product=sel_product,logged_in=logged_in,username=username,picture=picture)
else:
#User is NOT the owner of this product. Show red alert message and redirect back to product page
flash('No permission to modify this product!','alert-danger')
return redirect(url_for('showProducts',cid=cid))
def editProduct(cid, pid):
#Direct user to login page if not logged in. User must be logged in before modifying products.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id = getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this catagory. Allow user to modify if they are the creator of it.
if database_service.hasProductPermission(pid, user_id):
if request.method == 'POST':
#When user clicks the submit button
pic_path = ''
file = request.files['file']
if file and allowed_file(file.filename):
#if there are new image uploaded, save into /static/uploads
filename = secure_filename(file.filename)
pic_path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
file.save(pic_path)
#update the modified product detail into our database
database_service.EditProduct(pid, request.form['name'],
request.form['desc'],
request.form['price'],
request.form['flavour'], pic_path,
request.form['catagory'])
flash('Product updated!', 'alert-success')
return redirect(url_for('showProducts', cid=cid))
else:
sel_catagory = database_service.GetCatagoryByID(cid)
sel_product = database_service.GetProductByID(pid)
return render_template('editproduct.html',
catagories=catagories,
sel_catagory=sel_catagory,
sel_product=sel_product,
logged_in=logged_in,
username=username,
picture=picture)
else:
#User is NOT the owner of this product. Show red alert message and redirect back to product page
flash('No permission to modify this product!', 'alert-danger')
return redirect(url_for('showProducts', cid=cid))
def deleteProduct(cid,pid):
#Check if the user is the owner of this product. Allow user to delete if they are the creator of it.
logged_in = CheckUserLoggedIn()
if not logged_in:
return redirect('/login')
username = getSessionUsername()
user_id=getSessionUserID()
catagories = database_service.GetAllCatagory()
picture = getSessionUserPic()
#Check if the user is the owner of this product. Allow user to delete if they are the creator of it.
if database_service.hasProductPermission(pid,user_id):
if request.method == 'POST':
#When user clicks the Yes button, delete the product along with it's image from our database
database_service.DeleteProduct(pid)
flash('Product deleted!','alert-success')
return redirect(url_for('showProducts',cid=cid))
else:
sel_catagory = database_service.GetCatagoryByID(cid)
sel_product = database_service.GetProductByID(pid)
return render_template('deleteproduct.html',catagories=catagories,sel_catagory=sel_catagory,sel_product=sel_product,logged_in=logged_in,username=username,picture=picture)
else:
flash('No permission to delete this product!','alert-danger')
return redirect(url_for('showProducts',cid=cid))
