def deleteProduct(name): """Delete defined product if you are the user who owns it""" product = access.getProductByName(name) product.category = access.getCategory(product.category_id) if login_session["email"] == product.user_id: if request.method == "POST": access.session.delete(product) access.session.commit() flash("Product Deleted %s" % product.product_name) return redirect(url_for("categories")) else: return render_template("deleteProduct.html", product=product) else: flash("No permission to delete %s" % login_session["username"]) return redirect(url_for("products"))
def editProduct(name): categories = access.getCategories() product = access.getProductByName(name) if product.product_image: product.product_url = "/uploads/", product.product_image product.category = access.getCategory(product.category_id) if request.method == "POST": product_image = request.files["product_image"] if product_image and allowed_file(product_image.filename): filename = secure_filename(product_image.filename) product_image.save(os.path.join(app.config["UPLOAD_FOLDER"], filename)) product.product_image = filename product.product_name = request.form["product_name"] product.price = request.form["price"] product.product_description = request.form["product_description"] product.category_id = request.form["category_id"] product.updated = datetime.now() flash("Product Edited %s" % product.product_name) access.session.commit() return redirect(request.referrer) else: return render_template("editProduct.html", product=product, categories=categories)
def product_json(name): """Display JSON record for product""" product = access.getProductByName(name) product.category_name = access.getCategory(product.category_id) return jsonify(Items=[product.serialize])
def getProduct(name): product = access.getProductByName(name) if product.product_image: product.product_url = "uploads/" + product.product_image product.category = access.getCategory(product.category_id) return render_template("product.html", product=product)