def create(self):
# create a new object
# TODO: validate and sanitize submitted data throughly
dc_title = request.POST.getone('dc_title')
dc_description = request.POST.getone('dc_description')
thing = Thing(title=dc_title, description=dc_description)
Session.add(thing)
Session.commit()
redirect_to('show_thing', uuid=thing.uuid)
def delete(self):
# delete a thing
# TODO: authorization (who should be able to delete things ?)
# should things be deleted at all ?
uuids = request.POST.getall('uuid')
things = self.thing_q.filter(Thing.uuid.in_(uuids))
for thing in things:
Session.delete(thing)
Session.commit()
for uuid in uuids:
flash('Deleted %s.' % uuid)
redirect_to('index_things')
def __before__(self):
self.thing_q = Session.query(Thing)