def club_pictures(rowkey): if not check_auth(request): abort(403) if request.method == 'POST': # check if the post request has the file part if 'file' not in request.files: return make_response('No file part', 400) file = request.files['file'] # if user does not select file, browser also # submit a empty part without filename if file.filename == '': return make_response('No file part', 400) if not allowed_file(file.filename): return make_response('The filetype is not allowed') if file and allowed_file(file.filename): filename = secure_filename(file.filename) filename = rowkey + "." + filename.rsplit('.', 1)[1] file.save(os.path.join(app.config['CLUB_PICTURE_UPLOAD_FOLDER'], filename)) db_picture = db_session.query(UserFile).filter_by(owner=rowkey, file_type='ProfilePicture') if len(list(db_picture)) == 0: db_picture = UserFile() db_picture.file_type = 'ProfilePicture' db_picture.owner = rowkey db_session.add(db_picture) db_session.commit() return make_response("",200) db_picture.update({"file_name":filename}) db_session.commit() return make_response("", 200) if request.method == 'GET': filename = db_session.query(UserFile).filter_by(file_type='ProfilePicture', owner=rowkey)[0].file_name return jsonify({"filename": str.replace(app.config['CLUB_PICTURE_UPLOAD_FOLDER'], "static\\Sloach\\", "") + "/" + filename})