def addItem(): if 'username' not in login_session: return redirect(url_for('displayItems')) cats = session.query(Category).all() new_item = CategoryItem(name="", description="", category_id=-1) if request.method == 'POST': print request.form['_csrf_token'] print if request.form['_csrf_token'] != login_session['_csrf_token']: response = make_response(json.dumps("Invalid web token."), 400) response.headers['Content-Type'] = 'application/json' return response new_item.name = request.form['name'] new_item.description = request.form['description'] new_item.category_id = request.form['category'] session.add(new_item) session.commit() return redirect(url_for('displayItemDetails', item_id=new_item.id)) else: login_session['_csrf_token'] = randomToken() return render_template('item_edit.html.j2', cats=cats, item=None, login_session=login_session)
def newCategoryItem(category_id): """ Allow the category creator to create a new item. """ category = session.query(Category).filter_by(id=category_id).one() # Prevent non-creator users adding new items. if login_session['user_id'] != category.user_id: flash( 'You are not authorized to add category items to this category. Please create your own category in order to add items.' ) return redirect(url_for('categoryItems', category_id=category_id)) if request.method == 'POST': newItem = CategoryItem(name=request.form['name'], description=request.form['description'], price=request.form['price'], category_id=category_id, user_id=category.user_id) # Check new item formatting, and reformat as default dollars if none given. if not newItem.price.startswith( str('$')) or not newItem.price.startswith(str('£')): newItem.price = '$' + newItem.price session.add(newItem) # Flush and obtain default created item id. session.flush() createdItemID = newItem.id flash('New Category %s Item Successfully Created' % (newItem.name)) # If upload selected, proceed to upload photo page for item. if request.form['button'] == 'upload-image': return redirect( url_for('editCategoryItemImage', category_id=category.id, item_id=createdItemID)) # Otherwise create item without image and return to category items page. else: return redirect(url_for('categoryItems', category_id=category_id)) else: return render_template('newCategoryItem.html', category=category)
def addNewItem(): DBSession = sessionmaker(bind=engine) session = DBSession() if 'username' not in login_session: return redirect('/login') if request.method == 'GET': return render_template("addNewItem.html") else: categoryName = request.form['Item Category'] # categoryInStoreList = session.query(Category).filter_by(name=categoryName).all() categoryInStoreList = session.query(Category).filter_by( name=categoryName).all() if len(categoryInStoreList) == 0: newCate = Category(name=categoryName) session.add(newCate) session.commit() newItem = CategoryItem(name=request.form['Item Name'], info=request.form['Item Info'], creator_id=login_session['user_id'], category_id=newCate.id) else: newItem = CategoryItem(name=request.form['Item Name'], info=request.form['Item Info'], category_id=categoryInStoreList[0].id) session.add(newItem) session.commit() return redirect(url_for('catalogList'))
def newCategoryItem(category_id): """ Allow the category creator to create a new item. """ category = session.query(Category).filter_by(id=category_id).one() # Prevent non-creator users adding new items. if login_session['user_id'] != category.user_id: flash('You are not authorized to add category items to this category. Please create your own category in order to add items.') return redirect(url_for('categoryItems', category_id=category_id)) if request.method == 'POST': newItem = CategoryItem(name=request.form['name'], description=request.form['description'], price=request.form[ 'price'], category_id=category_id, user_id=category.user_id) # Check new item formatting, and reformat as default dollars if none given. if not newItem.price.startswith(str('$')) or not newItem.price.startswith(str('£')): newItem.price = '$' + newItem.price session.add(newItem) # Flush and obtain default created item id. session.flush() createdItemID = newItem.id flash('New Category %s Item Successfully Created' % (newItem.name)) # If upload selected, proceed to upload photo page for item. if request.form['button'] == 'upload-image': return redirect(url_for('editCategoryItemImage', category_id=category.id, item_id=createdItemID)) # Otherwise create item without image and return to category items page. else: return redirect(url_for('categoryItems', category_id=category_id)) else: return render_template('newCategoryItem.html', category=category)
def addItem(): cats = session.query(Category).all() new_item = CategoryItem(name="", description="", category_id=-1) if request.method == 'POST': new_item.name = request.form['name'] new_item.description = request.form['description'] new_item.category_id = request.form['category'] session.add(new_item) session.commit() return redirect(url_for('displayItemDetails', item_id= new_item.id)) else: return render_template('item_edit.html.j2', cats=cats, item=None)
def addItem(): #if not logged in then redirect to login screen if 'username' not in login_session: return redirect('/login') #post event when users creates item if request.method == 'POST': #query category item from database categories = session.query(Category).order_by(asc(Category.name)) #get id of selected category cat_id = getCategories(categories, request.form['category']) #create new item in database newItem = CategoryItem(name=request.form['name'], description=request.form['description'], category_id=cat_id, user_id=login_session['user_id'], date_added=func.now()) session.add(newItem) session.commit() #show message confirming item is created and redirect to home page flash('New Item %s Successfully Created' % (newItem.name)) return redirect(url_for('showCategories')) else: #query category item from database categories = session.query(Category.id, Category.name).order_by(asc(Category.name)) #if user is not logged in goto home page otherwise show CRUD page if 'username' not in login_session: return redirect(url_for('showCategories')) else: return render_template('additem.html', categories=categories)
def editCategory(category_id): if 'username' not in login_session: return render_template('login.html') editedCategory = session.query(Category).filter_by(id=category_id).one() if login_session['user_id'] != editedCategory.user_id: flash('Cannot edit this category as you are not its owener') return redirect(url_for('showCategories')) if request.method == 'POST' and \ request.form['name'] != editedCategory.name: if request.form['name']: editedCategory.name = request.form['name'] flash('Category successfully edited to %s' % editedCategory.name) return redirect(url_for('showCategories')) elif request.method == 'POST': flash('Nothing changed, operation cancelled or inputs where NULL') return redirect(url_for('showCategories')) else: return render_template('editCategory.html', category=editedCategory) if request.method == 'POST' and \ request.form['name'] != '' and request.form['description'] != '': insertNewItem = CategoryItem(name=request.form['name'], description=request.form['description'], user_id=login_session['user_id'], category_id=category_id) session.add(insertNewItem) flash('New item %s created' % insertNewItem.name) session.commit() return redirect(url_for('showCategories')) elif request.method == 'POST': flash('Nothing changed, operation cancelled or inputs where NULL') return redirect(url_for('showCategories')) else: return render_template('new_category_item.html')
def newItem(): if 'username' not in login_session: return redirect(url_for('showAllCategories')) # POST - Create new item and redirect back to the Catalog if request.method == 'POST': item = db_session.query(CategoryItem).filter_by( title=request.form['item_title']).scalar() if (item): return """<script>function myFunction() { alert('Name already taken. Please select a new name.'); window.history.back();} </script><body onload='myFunction()'>""" else: category = db_session.query(Category).filter_by( title=request.form['category_title']).one() newItem = CategoryItem(last_updated=datetime.datetime.now(), title=request.form['item_title'], description=request.form['description'], category_id=category.id, user_id=login_session['user_id']) db_session.add(newItem) db_session.commit() return redirect(url_for('showAllCategories')) # GET - Return form for new item Creation else: categories = db_session.query(Category).order_by(asc(Category.title)) return render_template('newCategoryItem.html', categories=categories)
def add_item(): if 'user_id' not in login_session: redirect('/index') session = DBSession() categories = session.query(Category).order_by(asc(Category.category_name)) if request.method == 'POST': item_name = request.form['item_name'] item_description = request.form['item_description'] category_id = request.form['category_id'] user_id = login_session['user_id'] item = CategoryItem(name=item_name, description=item_description, category_id=category_id, user_id=user_id) session.add(item) session.commit() flash("Item Added!!") session.close() return redirect( url_for( 'index', categories=categories, is_logged=True)) session.close() return render_template( 'new_item.html', is_logged=True, categories=categories)
def addCategoryItem(): # Check if user is logged in if 'username' not in login_session: return redirect('/login') if request.method == 'POST': if not (request.form['name'] and request.form['description']): flash('fill in all fields') return redirect(url_for('addCategoryItem')) # Add category item newCategoryItem = CategoryItem(name=request.form['name'], description=request.form['description'], category_id=request.form['category'], user_id=login_session['user_id']) session.add(newCategoryItem) session.commit() return redirect(url_for('showCategories')) else: # Get all categories categories = session.query(Category).all() return render_template('addCategoryItem.html', categories=categories)
def newItem(): """This function renders the page for creating a new item in a category.""" # Check to see if the user is logged in. if 'username' not in login_session: return redirect('login') # POST request allows us to modify our database. if request.method == 'POST': # Gather the information from the form. newItem = CategoryItem(item_name=request.form['name'], description=request.form['description'], category_id=request.form['categories'], user_id=login_session['user_id']) session.add(newItem) # Add the new item to the database. session.commit() flash('New Item Successfully Created') return redirect(url_for('main_page')) else: # Query for all the categories users can select categories = session.query(Category).all() # Return the html that contains the form for creating a new item. # Pass in the variable categories that the form needs to complete # its job. return render_template('newItem.html', categories=categories)
def newItem(category_name): if 'username' not in login_session: return redirect('/login') category = session.query(Category).filter_by(name=category_name).one() if login_session['user_id'] != category.user_id: return "<script>function myFunction() {alert(\ 'You are not authorized to add items to this category. '\ +'Please create your own category in order to add items.'\ );}</script><body onload='myFunction()'>" if request.method == 'POST': if request.form['name'] == '': return "<script>function myFunction() {alert(\ 'Name can not be empty.'\ );}</script><body onload='myFunction()'>" newItem = CategoryItem(name=request.form['name'], description=request.form['description'], price='$' + request.form['price'], category=category, user_id=category.user_id) session.add(newItem) session.commit() flash('New Item %s Successfully Created' % (newItem.name)) return redirect(url_for('showCategory', category_name=category_name)) else: return render_template('newItem.html', category=category)
def category_item_add(category_id): cat = session.query(Category).get(category_id) ''' If GET, render a template containing a form to add items. ''' if request.method == "GET": if "username" in login_session: return render_template("itemform.html", cat=cat, new=True) else: return jsonify(message="You are not authorized to add items."), 401 ''' If POST, add new item. ''' if request.method == "POST": if "username" in login_session: item = CategoryItem(name=request.form["name"], description=request.form["desc"], category_id=cat.id, user_id=login_session["user_id"]) session.add(item) session.commit() return redirect(url_for(".category_index", category_id=category_id))
def addCategoryItem(category_name): """ Adds an item to a category provided by input values in the addcategoryitem.html form. [C]RUD """ if not loggedIn(): return redirect(url_for('showLogin')) category = session.query(Category).filter_by(name=category_name).one() if request.method == 'POST': newItem = CategoryItem(name=request.form['name'], description=request.form['description'], image_url=request.form['image_url'], category_id=category.id, item_type=request.form['image_url'], user_id=login_session['user_id']) session.add(newItem) session.commit() flash("New category item (%s) created." % request.form['name']) ## After submitting new item, redirects back to main page. return redirect( url_for('showCategory', category_name=category_name, login_session=login_session)) else: return render_template('addcategoryitem.html', category=category, login_session=login_session)
def newCategoryItem(category_id): """Create new items for category""" # Get the item information newItemCategory = (session.query(Category).filter_by( id=category_id).one_or_none()) # Looks for a post request if request.method == 'POST': # checks the creator information user_id = getUserId(login_session['email']) # extracts the name field from my form using request.form newItem = CategoryItem(name=request.form['name'], description=request.form['description'], category_id=category_id, user_id=user_id) session.add(newItem) session.commit() flash("New category item created!") return redirect(url_for('showCategory', category_id=category_id)) # If it's a get request else: return render_template('newcategoryitem.html', category_id=category_id, category=newItemCategory)
def addBook(category_id): if 'username' not in login_session: return redirect('/login') selectedCategory = session.query(Category).filter_by(id=category_id).one() if selectedCategory.user_id != login_session['user_id']: return ("<script>function myFunction() " + "{ alert('You are not authorized to add a book to" " this category." "You can only add the book with category " "that you have created');" "setTimeout(function() {history.go(-1);}, 100);}" "</script><body onload='myFunction()''>") if request.method == 'POST': newBook = CategoryItem(name=request.form['name'], author=request.form['author'], description=request.form['description'], category_id=category_id, user_id=login_session['user_id']) session.add(newBook) session.commit() flash('New Book %s Successfully Created' % newBook.name) return redirect(url_for('showItems', category_id=category_id)) else: return render_template('addBook.html', category_id=category_id, category_name=selectedCategory.name)
def newCategoryItem(category_name): if "username" not in login_session: return redirect("/login") category = session.query(Category).filter_by(name=category_name).one() if login_session["user_id"] != category.user_id: return '''<script>function myFunction() {alert('You are not authorized to add item items to this category. Please create your own category in order to add items. ');}</script><body onload='myFunction()'>''' if request.method == "POST": request_name = request.form["name"] count = session.query(CategoryItem).filter_by( name=request_name).count() if count > 0: flash("Item %s already exists" % request_name) else: category = session.query(Category).filter_by( name=category_name).one() newItem = CategoryItem( name=request.form["name"], description=request.form["description"], category=category, user_id=category.user_id, ) session.add(newItem) session.commit() flash("New Item %s Item Successfully Created" % (newItem.name)) return redirect(url_for("showItem", category_name=category_name)) else: return render_template("newcategoryitem.html", category_name=category_name)
def addItem(category_id): category = session.query(Category).filter_by(id=category_id).one() if request.method == 'POST': # Set deafult image name filename = 'placeholder-image.jpg' # Required fileds are name and description if (request.form['name'] and request.form['description']): file = request.files.get('file') # Equal to None if there's no file if file and allowed_file(file.filename): # Get a secure filename and save the file into img folder filename = secure_filename(file.filename) file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) # Save item to DB and redirect newItem = CategoryItem(name=request.form['name'], description=request.form['description'], image='img/'+filename, category_id=category_id) category.total_item += 1 session.add(newItem) session.commit() flash('New item created') return redirect(url_for('showItemList', category_id=category.id)) else: return render_template('newItem.html', category=category, login_session=login_session)
def addItem(): """HTML endpoint add new item for logined user""" if 'username' not in login_session: return redirect('/login') existCategoryNames = [i.name for i in session.query(Category).all()] if request.method == 'POST': if not (request.form['title'] and request.form['description']): flash("Category name, Item title and description are necessary!") return render_template('newitem.html') newItem = CategoryItem( title=request.form['title'], description=request.form['description'], user_id=login_session['user_id'], category_id=getCategoryID(request.form.get('name')) ) session.add(newItem) session.commit() flash('New item %s successfully created' % newItem.title) return redirect(url_for('showCategories')) else: # return render_template('newitem.html') return render_template('newitem.html', categories=existCategoryNames)
def newCategoryItem(): if 'username' not in login_session: return redirect('/login') if request.method == 'POST': if (request.form['Title'] and request.form['Author'] and request.form['Description']): categoryId = session.query(Category).filter_by( name=request.form.get('category')).first().id picture = save_file(request.files['file'], request.form['Title'], request.form['Author']) newItem = CategoryItem(title=request.form['Title'], description=request.form['Description'], categoryId=categoryId, user_id=login_session['user_id'], author=request.form['Author'], picture=picture) session.add(newItem) session.commit() return redirect( url_for('showCategoryItems', category_name=request.form.get('category'))) return redirect(url_for('showAllCategory')) else: if 'email' in login_session: userId = getUserID(login_session['email']) if userId: userInfo = getUserInfo(userId) else: userInfo = None userId = None return render_template('newItemPage.html', user_loged_in='username' in login_session, userInfo=userInfo)
def newItem(category_id): category = session.query(Category).filter_by(id=category_id).one_or_none() creator_id = category.user_id # Check if the user is the owner of the category if login_session['user_id'] != creator_id: # If a wrong user is logged in inform them flash("You don't have the permission to do that.") return redirect(url_for('showCategories')) # Check to see if there is a POST request from the interface if request.method == 'POST': # Create a new item and commit it to the database # title: the title entered in the form # user_id: use the id of the logged in user if request.form['title'] != '' and request.form['description'] != '': item = CategoryItem(title=request.form['title'], user_id=login_session['user_id'], category_id=category_id, description=request.form['description']) session.add(item) session.commit() # Notify the user flash('~*New Item Created') return redirect(url_for('showItems', category_id=category_id)) else: flash('your input was invalid, please try again') return render_template('newItem.html', category_id=category_id) return render_template('newItem.html', category_id=category_id)
def newcategoryItem(categories_id): if 'username' not in login_session: return redirect('/login') categories = session.query(Categories).filter_by(id=categories_id).one() # See if the logged in user is not the owner of book creator = getUserInfo(categories.user_id) user = getUserInfo(login_session['user_id']) # If logged in user != item owner redirect them if creator.id != login_session['user_id']: flash("You can't add new category items" " This belongs to %s" % creator.name) return redirect( url_for('showcategoryitems', categories_id=categories.id)) if request.method == 'POST': newcategoryItem = CategoryItem(name=request.form['name'], likes=request.form['likes'], dislikes=request.form['dislikes'], views=request.form['views'], img_url=request.form['img_url'], categories_id=categories_id, user_id=categories.user_id) session.add(newcategoryItem) session.commit() flash('New category item %s Successfully Created' % (newcategoryItem.name)) return redirect( url_for('showcategoryitems', categories_id=categories_id)) else: return render_template('newcategoryitems.html', categories_id=categories_id, Categories=movielist)
def newItem(): isLoggedIn = 'username' in login_session # The user must be Authenticated to use this function if not isLoggedIn: msg = "Sorry, you do not have access to this page.<br>" msg = msg + "You must first login." return render_template('error.html', message=msg) # If it's a POST, add the item in the database if request.method == 'POST': newItem = CategoryItem(title=request.form['title'], description=request.form['description'], category_id=request.form['category_id'], user_id=login_session['user_id']) session.add(newItem) session.commit() return redirect(url_for('showCatalog')) # If it's not a POST, just show the form else: categories = session.query(Category).order_by(Category.name).all() return render_template('itemAdd.html', categories=categories)
def addCategoryItem(category_name): message = "Please Fill Out All Required Fields" if (request.method == 'POST'): category = session.query(Category).filter_by( name=request.form['category']).first() newItem = CategoryItem(name=request.form['name'], description=request.form['description'], category=category) if newItem.name == "": print("Empty Item Name") message = "Error: Empty Item Name, please fill out all fields" return render_template('addcategoryitem.html', category_name=category_name, message=message) else: session.add(newItem) session.commit() items = session.query(CategoryItem).filter_by(category=category) return render_template('catalogitems.html', category=category, items=items) else: return render_template('addcategoryitem.html', category_name=category_name, message=message)
def add_category_item(item_name, item_description, category_id, user_id): category_item = CategoryItem(name=item_name, description=item_description, category_id=category_id, created_by_id=user_id) session.add(category_item) session.commit()
def addCategoryItem(): ''' This route will go to the add item page where user can create or add item if he is authorized to do it, authorization can be done by third party api eg: google ''' DBSession = sessionmaker(bind=engine) session = DBSession() if 'username' not in login_session: return redirect('/login') if request.method == 'POST': newCategoryItem = CategoryItem(name=request.form['name'], description=request.form['description'], category_id=request.form['category'], user_id=login_session['email']) user_id = login_session['email'] session.add(newCategoryItem) session.commit() # flash message return redirect(url_for('showCategories')) else: categories = session.query(Category).all() return render_template('addcategory.html', categories=categories)
def newItem(): if 'username' not in login_session: return redirect('/login') categories = session.query(Category).all() if session.query(User).filter_by(id=login_session['user_id']): if request.method == 'POST': user = session.query(User).filter_by( name=login_session['username']).one() category = session.query(Category).filter_by( name=request.form['category']).one() if request.form['name'] == '': return render_template('newItem.html\ ', categories=categories, login_session=login_session) newItem = CategoryItem(name=request.form['name\ '], description=request.form['description\ '], category_id=category.id, category=category, user=user, user_id=login_session['user_id']) session.add(newItem) session.commit() flash('New %s Item Successfully Created' % (newItem.name)) return redirect(url_for('showCategory')) else: return render_template('newItem.html', categories=categories, login_session=login_session)
def addCategoryItem(): # Check if user is logged in if 'username' not in login_session: return redirect('/login') if request.method == 'POST': # TODO: Retain data when there is an error if not request.form['name']: flash('Please add a course name') return redirect(url_for('addCategoryItem')) if not request.form['description']: flash('Please add a description') return redirect(url_for('addCategoryItem')) # Add category item newCategoryItem = CategoryItem(name=request.form['name'], description=request.form['description'], category_id=request.form['category'], user_id=login_session['user_id']) session.add(newCategoryItem) session.commit() return redirect(url_for('showCategories')) else: # Get all categories categories = session.query(Category).all() return render_template('addCategoryItem.html', categories=categories)
def categoryItemCreate(category_id): """ Create a new item for the category using provided category ID. User is required to be logged. If not, the method will redirect to a login page. Params: category_id: category ID Returns: on GET, return a web-page presentation to create a new item. on POST with Create button pressed, add new item to the database and redirect to a list items for the category web-page. on other POST requests, redirect to a list items for the category web-page without user creation. """ if 'user_id' not in login_session: return redirect('/login') if request.method == 'POST': if 'Create' in request.form: newItem = CategoryItem(title=request.form['title'], description=request.form['description'], category_id=category_id, user_id=login_session['user_id']) session.add(newItem) session.commit() print "new category item "+newItem.title+" created!" return redirect(url_for('listCategoryItems', category_id=category_id)) else: return render_template("categoryItemCreate.html", category_id=category_id)
def addNewItem(category): if 'username' not in login_session: return redirect('/login') categoryForItems = session.query(Category).filter_by(name=category).one() if login_session['user_id'] != categoryForItems.user_id: return "<script>function myFunction() {" + "alert('You are not authorized to add items to this category. " + "Please create your own category in order to add items.');}" + "</script>" + "<body onload='myFunction()'>" if request.method == 'POST': filename = photos.save(request.files['photo']) newItem = CategoryItem(name=request.form['name'], description=request.form['description'], price=request.form['price'], picture=filename, category=categoryForItems) session.add(newItem) flash('New Item %s Successfully Created' % newItem.name) session.commit() return redirect(url_for('index')) else: return render_template('newItem.html', category=category)
def addCategoryItem(): if 'username' not in login_session: return redirect('/login') if request.method == 'POST': if not request.form['name']: flash('Please add item name') return redirect(url_for('addCategoryItem')) if not request.form['description']: flash('Please add a description') return redirect(url_for('addCategoryItem')) newCategoryItem = CategoryItem(name = request.form['name'], description = request.form['description'], category_id = request.form['category'], user_id = login_session['user_id']) session.add(newCategoryItem) session.commit() return redirect(url_for('showCategories')) else: categories = session.query(Category).all() return render_template('addCategoryItem.html', categories = categories)
def newCategoryItem(): if 'username' not in login_session: return redirect('/login') if request.method == 'POST': category = session.query( Category).filter_by(name=request.form['categoryname']).one() newItem = CategoryItem( name=request.form['name'], category_id=category.id) if request.form['description']: newItem.description = request.form['description'] else: newItem.description = 'no description added yet' session.add(newItem) session.commit() flash("new item created!") return redirect(url_for('categories')) else: categories = session.query(Category).all() return render_template('newitem.html', categories=categories)
def newCategoryItem(category_id): ''' function to create a new item category Args: category_id: int the id of the category where we want to create a new item. We pick from the form POST the title and the description as well as the picture ''' # make sure the user is login if 'username' not in login_session: return redirect('/login') # we get the category category = session.query(Category).filter_by(id=category_id).one() # make sure the user is the creator of the category if login_session['user_id'] != category.user_id: flash("You are not authorized to execute this action") return redirect(url_for('showCategories')) # if it is POST we will create if request.method == 'POST': # get the title and clean it a bit title = request.form['title'] title = bleach.clean(title) title = bleach.linkify(title) # get the description and clean it a bit description = request.form['description'] description = bleach.clean(description) description = bleach.linkify(description) # validating the request form if not title: flash("Please enter a Item title.") return render_template('newitem.html', category_id=category_id) newItem = CategoryItem( title=title, description=description, category_id=category_id, user_id=category.user_id ) # first we are gonna declare the picture(file name) # and the picture data binary as none # validate the data and load them if necesary picture_data = None picture = None # verify that we are getting an image file # and that it is not too big>5Mb picture = request.files['image'] if picture: # only these options are allowed as a image extensions = {".jpg", ".png", ".jpeg"} # if not we let the client know if not any( str(picture.filename).endswith(ext) for ext in extensions ): flash ( "Please load a Item image; " + "only jpg, jpeg or png are allowed." ) return render_template('newitem.html', category_id=category_id) else: # verify the size of the image picture_data = request.files['image'].read() if len(picture_data) > 5242880: flash("Please load a Item image with size less than 5Mb.") return render_template( 'newitem.html', category_id=category_id ) else: newItem.image = picture.filename newItem.image_data = picture_data # verify that within the category there isn't another # item with the same title existingItem = session.query(CategoryItem).filter_by( title=request.form['title'], category_id=category_id).first() if existingItem: flash ( "A Item with the same name already exists in this Category. " + "Please choose a different name" ) return render_template('newitem.html', category_id=category_id) else: # create item session.add(newItem) session.commit() flash('New Item %s Successfully Created' % (newItem.title)) return redirect(url_for('showItem', category_id=category_id)) else: # if not login render the public page return render_template('newitem.html', category_id=category_id)