def showGenres():
user = is_user()
# Create json data for the jQuery search bar
books = db_updates.get_all('books')
j_books = json.dumps([{
'label': b.title,
'value': b.id,
} for b in books])
genres = db_updates.get_all('genres')
authors = db_updates.get_all('authors')
feat_books = session.query(Books).order_by(desc(
Books.created)).limit(4).all()
# Get a random author and their books from
# the DB to display on the main page.
a_len = len(authors) - 1
feat_author = authors[random.randint(0, a_len)]
auth_books = session.query(Books).filter_by(author_id=feat_author.id).all()
if request.method == 'POST':
book_search = request.form['b-search']
else:
return render_template('catalog.html',
genres=genres,
j_books=j_books,
feat_books=feat_books,
author=feat_author,
auth_books=auth_books,
user=user)
def showAuthors():
user = is_user()
genres = db_updates.get_all('genres')
authors = db_updates.get_all('authors')
return render_template('authorlist.html',
authors=authors,
genres=genres,
user=user)
def showBook(book_id):
user = is_user()
users = db_updates.get_all('users')
genres = db_updates.get_all('genres')
book = db_updates.get_one('book', book_id)
return render_template('bookDescription.html',
book=book,
genres=genres,
user=user)
def deleteBook(book_id):
# If the deleteBook page is accessed by an unauthorized user
# redirect them to the login page
if 'email' not in login_session:
flash('Sorry, you must be logged in to add a book')
return redirect(url_for('login'))
user = is_user()
user_id = db_updates.get_user_id(login_session['email'])
genres = db_updates.get_all('genres')
delete_book = db_updates.get_one('book', book_id)
if delete_book.user_id != user_id:
error = "Sorry, you're not authorized to delete this book"
return render_template('delete.html',
book=delete_book,
genres=genres,
user=user,
error=error)
if request.method == 'POST':
db_updates.delete_book(delete_book)
return redirect(url_for('showGenres'))
else:
return render_template('delete.html',
book=delete_book,
genres=genres,
user=user)
def showGenreList(genre_id):
user = is_user()
c_user_id = 1
# If a user is logged in, use their id authorize editing
# and deleting for books they've added.
## if user:
## c_user_id = db_updates.get_user_id(login_session['email'])
genres = db_updates.get_all('genres')
genre = db_updates.get_one('genre', genre_id)
genre_books = genre.books
# Create a json object of the books for DOM manipulation
j_books = json.dumps([{
'title': b.title,
'summary': b.summary,
'author': b.author.name,
'book_id': b.id,
'book_photo': b.photo,
'user_id': b.user_id,
'c_user_id': c_user_id
} for b in genre_books])
return render_template('genreList.html',
genre=genre,
genres=genres,
books=genre_books,
j_books=j_books,
user=user)
def createBook():
# If the addbook page is accessed by an unauthorized user
# redirect them to the login page.
if 'email' not in login_session:
flash('Sorry, you must be logged in to add a book')
return redirect(url_for('login'))
user = is_user()
user_id = db_updates.get_user_id(login_session['email'])
new_book = None
genres = db_updates.get_all('genres')
if request.method == 'POST':
title = request.form['title']
summary = request.form['summary']
author_input = request.form['author']
genre = request.form['genres']
photo = request.form['photo']
current_genre = filter(lambda g: g.genre == genre, genres)
current_genre_id = current_genre[0].id
if title and summary and author_input and genre:
# Check if the book already exists in the DB.
try:
added_book = session.query(Books).filter_by(title=title).one()
error = "Sorry, " + added_book.title + " has already been added!"
return render_template('addBook.html',
genres=genres,
user=user,
error=error)
# If the book doesn't exist add it to the DB.
except:
try:
new_book = db_updates.add_book(title, summary,
current_genre_id,
author_input, user_id,
photo)
except:
flash('Sorry, something went wrong...')
redirect(url_for('createBook'))
# If successfull, redirect to the book description page.
flash(new_book.title + ' Successfully Added!')
return redirect(url_for('showBook', book_id=new_book.id))
else:
error = "Please enter all required fields"
return render_template('addBook.html',
genres=genres,
user=user,
error=error)
else:
return render_template('addBook.html', genres=genres, user=user)
def login():
genres = db_updates.get_all('genres')
# Create a state variable to prevent forgery
state = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for x in range(32))
login_session['state'] = state
return render_template('login.html', STATE=state, genres=genres)
def editBook(book_id):
# If the editBook page is accessed by an unauthorized user
# redirect them to the login page.
if 'email' not in login_session:
flash('Sorry, you must be logged in to add a book')
return redirect(url_for('login'))
user = is_user()
user_id = db_updates.get_user_id(login_session['email'])
genres = db_updates.get_all('genres')
edit_book = db_updates.get_one('book', book_id)
if edit_book.user_id != user_id:
error = "Sorry, you're not authorized to edit this book"
return render_template('edit.html',
book=edit_book,
genres=genres,
user=user,
error=error)
if request.method == 'POST':
if request.form['newTitle']:
edit_book.title = request.form['newTitle']
if request.form['newSummary']:
edit_book.summary = request.form['newSummary']
if request.form['newAuthor']:
try:
edit_book.author.name = request.form['newAuthor']
except:
author_id = db_updates.add_author(request.form['newAuthor'])
edit_book.author_id = author_id
session.commit()
return redirect(url_for('showBook', book_id=edit_book.id))
else:
return render_template('edit.html',
book=edit_book,
genres=genres,
user=user)