def newItem(category_name=None):
"""
Create a new item for category.
:param category_name: (string)
:return:
HTML page
"""
session = DBSession()
categories = getCategories(session)
category = None
if category_name:
category = getCategory(category_name, session)
if request.method == 'GET':
return render_template('newitem.html',
category=category,
categories=categories)
if request.method == 'POST':
new_item = Item(label=bleach.clean(request.form['name']),
description=bleach.clean(request.form['description']),
category_id=bleach.clean(request.form['category']),
user_id=login_session['user_id'])
new_item = addItem(new_item, session)
flash(new_item.label + " created.")
if category:
return redirect(
url_for('CategoryItems', category_name=category.name))
return redirect(url_for('Catalog'))
def editItem(category_name, item_name):
"""
Edit an existing item.
:param category_name: (string)
:param item_name: (string)
:return:
HTML page or redirect
"""
if 'user_id' not in login_session:
return redirect(url_for('showLogin'))
session = DBSession()
category = getCategory(category_name, session)
item = getItem(category.id, item_name, session)
if login_session['user_id'] != item.user_id:
return "You don't have access to this item."
categories = session.query(Category).order_by(Category.name).all()
if request.method == 'GET':
return render_template('edititem.html',
category=category,
categories=categories,
item=item)
if request.method == 'POST':
item.label = bleach.clean(request.form['name'])
item.description = bleach.clean(request.form['description'])
item.category_id = bleach.clean(request.form['category'])
item = addItem(item, session)
flash(item.label + " updated.")
return redirect(url_for('CategoryItems', category_name=category.name))
def viewItemJSON(category_name, item_name):
"""
View a particular item from a category in JSON
:param category_name: (string)
:param item_name: (string)
:return:
JSON-formatted http response
"""
session = DBSession()
category = getCategory(category_name, session)
item = getItem(category.id, item_name, session)
return jsonify(item=item.serialize)
def CategoryItems(category_name):
"""
View the items for a particular category.
:param category_name: string
:return:
HTML page of a particular category's items.
"""
session = DBSession()
category = getCategory(category_name, session)
categories = getCategories(session)
items = getCategoryItems(category.id, session)
username = (login_session['username']
if 'username' in login_session.keys() else None)
return render_template('catalog.html',
items=items,
categories=categories,
username=username,
category=category)
def deleteCategory(category_name):
"""
Delete an existing category.
:param category_name: (string)
:return:
Redirect
"""
if 'is_admin' not in login_session or not login_session['is_admin']:
flash("You don't have access to that.")
return redirect(url_for('Catalog'))
session = DBSession()
category = getCategory(category_name, session)
if request.method == 'GET':
return render_template('deletecategory.html', category=category)
if request.method == 'POST':
session.delete(category)
session.commit()
flash(category.label + " deleted.")
return redirect(url_for('Categories'))
def deleteItem(category_name, item_name):
"""
Delete an existing item
:param category_name: (string)
:param item_name: (string)
:return:
HTML page or redirect
"""
session = DBSession()
category = getCategory(category_name, session)
item = getItem(category.id, item_name, session)
if login_session['user_id'] != item.user_id:
return "You don't have access to this item."
if request.method == 'GET':
return render_template('deleteitem.html', category=category, item=item)
if request.method == 'POST':
session.delete(item)
session.commit()
flash(item.label + " deleted.")
return redirect(url_for('CategoryItems', ategory_name=category.name))
def viewItem(category_name, item_name):
"""
View a particular item from a category.
:param category_name: (string)
:param item_name: (string)
:return:
HTML page
"""
session = DBSession()
category = getCategory(category_name, session)
item = getItem(category.id, item_name, session)
username = None
user_id = None
if 'username' in login_session:
username = login_session['username']
user_id = login_session['user_id']
return render_template('viewitem.html',
item=item,
category=category,
username=username,
user_id=user_id)
def editCategory(category_name):
"""
Edit an existing category.
:param category_name: (string)
:return:
HTML page or redirect
"""
if 'is_admin' not in login_session or not login_session['is_admin']:
flash("You don't have access to that.")
return redirect(url_for('Catalog'))
session = DBSession()
category = getCategory(category_name, session)
if request.method == 'GET':
return render_template('editcategory.html', category=category)
if request.method == 'POST':
category.label = bleach.clean(request.form['name'])
category.name = category.label.lower()
session.add(category)
session.commit()
flash(category.label + " updated.")
return redirect(url_for('Categories'))