def newMenuItem(restaurant_id): restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() creator = getUserInfo(restaurant.user_id) if ('username' not in login_session) or (creator.id != login_session['user_id']): return redirect(url_for('showLogin')) if request.method == 'POST': # File upload filename = "" file = request.files['image'] if file and allowed_file(file.filename): filename = secure_filename(file.filename) file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) newItem = MenuItem( course=request.form['course'], description=request.form['description'], name=request.form['name'], price=request.form['price'], restaurant_id=restaurant_id, user_id=login_session['user_id'], image=filename ) session.add(newItem) session.commit() flash('New Menu Item created!') return redirect(url_for('restaurantMenu', restaurant_id=restaurant_id)) else: restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() return render_template( 'new-menu-item.html', restaurant=restaurant, courses=constants.COURSES)
def editMenuItem(restaurant_id, menuitem_id): restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() creator = getUserInfo(restaurant.user_id) if creator.id != login_session['user_id']: return redirect(url_for('showLogin')) menuitem = session.query(MenuItem).filter_by(id=menuitem_id).one() if request.method == 'POST': if request.form['name']: menuitem.name = request.form['name'] if request.form['description']: menuitem.description = request.form['description'] if request.form['price']: menuitem.price = request.form['price'] if request.form['course']: menuitem.course = request.form['course'] session.add(menuitem) session.commit() flash('Menu Item {0} Updated'.format(menuitem.name)) return redirect(url_for('restaurantMenu', restaurant_id=restaurant_id)) else: return render_template( 'edit-menu-item.html', restaurant_id=restaurant_id, menuitem_id=menuitem_id, item=menuitem, courses=constants.COURSES)
def restaurantMenu(restaurant_id): restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() creator = getUserInfo(restaurant.user_id) appetizers = session.query(MenuItem).filter_by(restaurant_id=restaurant.id, course="Appetizers") main_dishes = session.query(MenuItem).filter_by(restaurant_id=restaurant.id, course="Main Dish") beverages = session.query(MenuItem).filter_by(restaurant_id=restaurant.id, course="Beverages").all() desserts = session.query(MenuItem).filter_by(restaurant_id=restaurant.id, course="Desserts") if 'username' not in login_session: return render_template( 'restaurant-menu-public.html', restaurant=restaurant, appetizers=appetizers, main_dishes=main_dishes, beverages=beverages, desserts=desserts, creatorPicture=creator.picture ) else: isCreator = login_session['user_id'] == creator.id return render_template( 'restaurant-menu.html', restaurant=restaurant, appetizers=appetizers, main_dishes=main_dishes, beverages=beverages, desserts=desserts, isCreator=isCreator, creatorPicture=creator.picture )
def deleteMenuItem(restaurant_id, menuitem_id): restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() creator = getUserInfo(restaurant.user_id) if ('username' not in login_session) or (creator.id != login_session['user_id']): return redirect(url_for('showLogin')) menuitem = session.query(MenuItem).filter_by(id=menuitem_id).one() if request.method == 'POST': flashMessage = 'Menu item: %s deleted!' % menuitem.name session.delete(menuitem) session.commit() flash(flashMessage) return redirect(url_for('restaurantMenu', restaurant_id=restaurant_id)) else: return render_template( 'delete-menu-item.html', item=menuitem)
def restaurantUpdate(restaurant_id): restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() creator = getUserInfo(restaurant.user_id) if (creator.id != login_session['user_id']): return '''<script> function myFunction(){ alert('You are not authorized'); location.href='/login';} </script> <body onload='myFunction();'> ''' if request.method == 'POST': restaurant.name = request.form['name'] session.add(restaurant) session.commit() flash('Restaurant {0} Updated'.format(restaurant.name)) return redirect(url_for('restaurantList')) else: return render_template('edit-restaurant.html', restaurant=restaurant)
def restaurantList(): restaurants = session.query(Restaurant).order_by(Restaurant.name).all() print restaurants if 'username' not in login_session: return render_template( 'restaurants-public.html', restaurants=restaurants ) else: current_user = getUserInfo(login_session['user_id']) if not current_user: return redirect(url_for('showLogin')) return render_template( 'restaurants.html', restaurants=restaurants, user_id=login_session['user_id'], picture=current_user.picture )
def restaurantDelete(restaurant_id): restaurantToDelete = session.query(Restaurant).filter_by(id=restaurant_id).one() creator = getUserInfo(restaurantToDelete.user_id) if (creator.id != login_session['user_id']): return '''<script> function myFunction(){ alert('You are not authorized'); location.href='/login';} </script> <body onload='myFunction();'> ''' restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one() if request.method == 'POST': flashMessage = 'Restaurant: %s deleted!' % restaurant.name session.delete(restaurant) session.commit() flash(flashMessage) return redirect(url_for('restaurantList')) else: return render_template('delete-restaurant.html', restaurant=restaurant)