def update(id):
"""Update a bookDataif the current manager is the author."""
bookData = get_bookData(id)
if request.method == 'POST':
jyanru = request.form['jyanru']
bookTitle = request.form['bookTitle']
author = request.form['author']
publisher = request.form['publisher']
price = request.form['price']
purchaseDate = request.form['purchaseDate']
memo = request.form['memo']
error = None
if not bookTitle:
error = 'bookTitle is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE bookData SET jyanru = ?, bookTitle = ?, author = ?, publisher = ?, price = ?, purchaseDate = ?, memo = ? WHERE id = ?',
(jyanru, bookTitle, author, publisher, price, purchaseDate,
memo, id))
db.commit()
return redirect(url_for('bookKanri.index'))
return render_template('bookKanri/update.html', bookData=bookData)
def register():
"""Register a new manager.
Validates that the managername is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
managername = request.form['managername']
password = request.form['password']
db = get_db()
error = None
if not managername:
error = 'managername is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM manager WHERE managername = ?',
(managername, )).fetchone() is not None:
error = 'manager {0} is already registered.'.format(managername)
if error is None:
# the name is available, store it in the database and go to
# the login page
db.execute(
'INSERT INTO manager (managername, password) VALUES (?, ?)',
(managername, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def create():
"""Create a new bookDatafor the current manager."""
if request.method == 'POST':
jyanru = request.form['jyanru']
bookTitle = request.form['bookTitle']
author = request.form['author']
publisher = request.form['publisher']
price = request.form['price']
purchaseDate = request.form['purchaseDate']
memo = request.form['memo']
error = None
if not bookTitle:
error = 'bookTitle is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO bookData(jyanru, bookTitle, author, publisher, price, purchaseDate, memo, manager_id)'
' VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
(jyanru, bookTitle, author, publisher, price, purchaseDate,
memo, g.manager['id']))
db.commit()
return redirect(url_for('bookKanri.index'))
return render_template('bookKanri/create.html')
def index():
"""Show all the bookDatas, most recent first."""
db = get_db()
bookDatas = db.execute(
'SELECT p.id, jyanru, bookTitle, author, publisher, price, purchaseDate, memo, manager_id, managername, created'
' FROM bookData p JOIN manager u ON p.manager_id = u.id'
' ORDER BY jyanru, bookTitle').fetchall()
return render_template('bookKanri/index.html', bookDatas=bookDatas)
def delete(id):
"""Delete a bookData.
Ensures that the bookDataexists and that the logged in manager is the
author of the bookData.
"""
get_bookData(id)
db = get_db()
db.execute('DELETE FROM bookData WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('bookKanri.index'))
def load_logged_in_manager():
"""If a manager id is stored in the session, load the manager object from
the database into ``g.manager``."""
manager_id = session.get('manager_id')
if manager_id is None:
g.manager = None
else:
g.manager = get_db().execute('SELECT * FROM manager WHERE id = ?',
(manager_id, )).fetchone()
def get_bookData(id, check_author=True):
"""Get a bookDataand its author by id.
Checks that the id exists and optionally that the current manager is
the author.
:param id: id of bookDatato get
:param check_author: require the current manager to be the author
:return: the bookDatawith author information
:raise 404: if a bookDatawith the given id doesn't exist
:raise 403: if the current manager isn't the author
"""
bookData = get_db().execute(
'SELECT p.id, jyanru, bookTitle, author, publisher, price, purchaseDate, memo, manager_id, managername'
' FROM bookData p JOIN manager u ON p.manager_id = u.id'
' WHERE p.id = ?', (id, )).fetchone()
if bookData is None:
abort(404, "bookData id {0} doesn't exist.".format(id))
if check_author and bookData['manager_id'] != g.manager['id']:
abort(403)
return bookData
def login():
"""Log in a registered manager by adding the manager id to the session."""
if request.method == 'POST':
managername = request.form['managername']
password = request.form['password']
db = get_db()
error = None
manager = db.execute('SELECT * FROM manager WHERE managername = ?',
(managername, )).fetchone()
if manager is None:
error = 'Incorrect managername.'
elif not check_password_hash(manager['password'], password):
error = 'Incorrect password.'
if error is None:
# store the manager id in a new session and return to the index
session.clear()
session['manager_id'] = manager['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')