def newCategory(): """Allow an Authorized User to add a new Category or Process the form for adding a new Category. Returns: For a GET operation returns a Web View containing a form for entering data for the new user. A successful POST request directs presents a View of the new Category. """ # Only an Authenticated User can add New Categories if isActiveSession() is False: return redirect(url_for("listCategory")) # Process the New Category Form and add it to the Database if request.method == "POST": newCategory = Category(user_id=getSessionUserInfo()["id"], name=request.form["name"]) session.add(newCategory) session.commit() flash("New Category created!") # Display the Information for the new Category return redirect(url_for("viewCategory", key=newCategory.id)) else: return render_template( "generic.html", modelType="category", viewType=os.path.join("partials", "new.html"), traits=Category.defaultTraits(), )
def newUser(): """Present an Authorized Web User with a View for adding a new user. Returns: For a GET operation returns a Web View containing a form for entering data for the new user. A successful POST request directs presents a View of the new Record. """ if isActiveSession() is False: return redirect(url_for("listUser")) # Process New User Form Submission if request.method == "POST": # Add the new user record to the database newUser = User(name=request.form["name"]) session.add(newUser) session.commit() flash("New User created!") # Redirect to the User View return redirect(url_for("viewUser", key=newUser.id)) # Present the New User Form else: return render_template( "generic.html", modelType="user", viewType=os.path.join("partials", "new.html"), traits=User.defaultTraits() )
def delItem(item_name): """Retrieve the view for Deleting an Item in a Category. Requires a user to be authenticated and to have created the item. Notes: The actual deletion operation, when a POST request is sent, is performed by the deleteItem function. Args: category_name (string): The Category name of the Item to delete. item_name (string): The name of the Item to delete. Returns: A GET request presents the user with choices for deleting the Item or canceling the operation. """ if isActiveSession() is False: flash("Please log in to delete an item.") return redirect(url_for("listItem")) # Find the item's category by name category = Category.query.filter_by(name=category_name).one() # Find the item by matching it's name and category id to the above category. try: deleteItem = Item.query.filter_by(name=item_name, cat_id=category.id).one() except NoResultFound: flash("""No item named {0} was found in the {1} category.""".format(item_name, category_name)) return redirect(url_for("listItem")) if canAlter(deleteItem.user_id) is False: flash("You are not authorized to delete that item.") return redirect(url_for("viewItem", key=deleteItem.id)) # Forward the request to the Delete view. return render_template( "generic.html", viewType=os.path.join("partials", "delete.html"), modelType="item", key=deleteItem.id, name=item_name, )
def editCatItem(category_name, item_name): """Edit an Item in a Category. Requires a user to be authenticated and to have created the item. Args: category_name (string): The Category of the Item to edit. item_name (string): The name of the Item to Edit. Returns: A GET request presents the user with a form for editing an Item. A POST request processes the user's input from the form and updates the item. """ # User has been authenticated and the login_session is valid. if isActiveSession() is False: flash("Please log in to edit an item.") return redirect(url_for("listItem")) # Find the Item's category by the category's name in the database category = Category.query.filter_by(name=category_name).one() # Find the item using its name and its category's id item = Item.query.filter_by(name=item_name, cat_id=category.id).one() # The active user for the session must be the creator of the item being # editted. if canAlter(item.user_id) is False: flash("You are not authorized to alter that item.") return redirect(url_for("viewItem", key=item.id)) # This is the right user, so show them the edit form. return render_template( "generic.html", modelType="item", viewType=os.path.join("partials", "edit.html"), category=category_name, key=item.id, name=item.name, traits=item.traits(True), allowAlter=canAlter(item.user_id), )
def deleteUser(key): """Present the Web User with a Delete View for the their User account. Args: key (int): An ID corresponding to a User record in the database. Returns: For a GET operation returns a Web View containing buttons for canceling or submitting the delete user request. A successful POST request would delete the User's record, sign them out and revoke the app's authorization to use their Google profile """ if isActiveSession() is False: return redirect(url_for("listUser")) else: return redirect(url_for("viewUser", key=key))
def editCategory(key): """Allow an Authorized User to edit a new Category or Process the form for editing a Category. Args: key (int): The primary key of the category. Returns: For a GET operation returns a Web View containing a form for altering data for the category. A successful POST request directs presents a View of the new Category. """ # Only an Authenticated User can add edit a category. if isActiveSession() is False: return redirect(url_for("listItem")) editCategory = Category.query.filter_by(id=key).one() # Don't allow a user to change a category they don't 'own' if canAlter(editCategory.user_id) is False: return redirect(url_for("viewCategory", key=editCategory.id)) # Process the Edit Form when it is Submitted. if request.method == "POST": editCategory.name = request.form["name"] session.add(editCategory) session.commit() flash("Category edited!") return redirect(url_for("viewCategory", key=key)) else: return render_template( "generic.html", modelType="category", viewType=os.path.join("partials", "edit.html"), key=key, traits=editCategory.traits(), allowAlter=canAlter(editCategory.user_id), )
def deleteCategory(key): """Allow an Authorized User to delete a new Category or Process the deletion of a Category. Args: key (int): The primary key of the category. Returns: For a GET operation returns a View querying whether the user wants to delete the Category or cancel and go back to viewing it. A successful POST request deletes the Category and redirects to the list of Categories. """ # Only an Authenticated User can add delete a category. if isActiveSession() is False: return redirect(url_for("listCategory")) deleteCategory = Category.query.filter_by(id=key).one() # If the logged in user did not create this Category then redirect. if canAlter(deleteCategory.user_id) is False: return redirect(url_for("viewCategory", key=deleteCategory.id)) # Remove the Category from the Database if request.method == "POST": session.delete(deleteCategory) session.commit() flash("Category deleted!") # Back to the List of Categories return redirect(url_for("listCategory")) else: # Present options to Delete the Category or Cancel. return render_template( "generic.html", modelType="category", viewType=os.path.join("partials", "delete.html"), key=key, name=deleteCategory.name, )
def editUser(key): """Present the Web User with an Edit View for the their User account. Args: key (int): An ID corresponding to a User record in the database. Returns: For a GET operation returns a Web View containing a form for editing data for the user. A successful POST request directs presents the updated Record view. """ # Require Authentication to Edit Users if isActiveSession() is False: return redirect(url_for("listCategory")) edUser = User.query.filter_by(id=key).one() # Don't allow a user to change other user records if canAlter(edUser.id) is False: return redirect(url_for("listItem")) # Process the Edit User form when submitted. if request.method == "POST": edUser.name = request.form["name"] session.add(edUser) session.commit() return redirect(url_for("viewUser", key=edUser.id)) else: # Present the Edit User Form return render_template( "generic.html", modelType="user", viewType=os.path.join("partials", "edit.html"), key=key, traits=edUser.traits(), )
def deleteItem(key): """Delete an Item selected by its primary key/id. Requires a user to be authenticated and to have created the item. Args: key (int): The primary key of the Item to delete. Returns: A GET request presents the user with choices for deleting the Item or canceling the operation. """ if isActiveSession() is False: flash("Please log in to delete an item.") return redirect(url_for("listItem")) deleteItem = Item.query.filter_by(id=key).one() if canAlter(deleteItem.user_id) is False: # The active user did not create the item. flash("You are not authorized to delete this item.") return redirect(url_for("viewItem", key=key)) if request.method == "POST": # The user submitted this item for deletion. session.delete(deleteItem) session.commit() flash("Item deleted!") return redirect(url_for("listItem")) else: # Present the Deletion View to the User for the given Item/Category category = Category.query.filter_by(id=deleteItem.cat_id).one() return redirect(url_for("delItem", category_name=category.name, item_name=deleteItem.name))
def editItem(key): """Edit an Item in a Category. Requires a user to be authenticated and to have created the item. Args: key (int): The primary key of the Item to Edit. Returns: A GET request presents the user with a form for editing an Item. A POST request processes the user's input from the form and updates the item. """ # User has been authenticated and the login_session is valid. if isActiveSession() is False: flash("You need to log in to edit items.") return redirect(url_for("listItem")) else: # Find the item to edit using its id. item = Item.query.filter_by(id=key).one() if request.method == "POST": # Make sure that an item associated with this category doesn't already have # the name of the one submitted in the form. category = Category.query.filter_by(name=request.form["category"]).one() itemName = str(request.form["name"]) try: # We should find either zero or one item in a category with a given # name. items = Item.query.filter_by(cat_id=category.id, name=itemName).one_or_none() print "editItem: items = {0}".format(items) except MultipleResultsFound as e: # We found more than one item with the form's item name for # this category. print "Multiple " + e flash("{0} items named {1} in category {2} already.".format(len(items), itemName, category.name)) return redirect(url_for("editItem", key=key)) if items is None or items.id == key: # User can edit the item already in the category but can't move it # to another category that already has an item with the same name. # Different Image uploaded, Save and add url to Item record if request.files["upload"]: item.picture = processImageUpload(request.files["upload"]) item.name = itemName item.dateCreated = datetime.strptime(request.form["created"], "%Y-%m-%d") item.cat_id = category.id item.description = request.form["description"] session.add(item) session.commit() flash("Item edited!") return redirect(url_for("viewCatItem", category_name=category.name, item_name=item.name)) else: flash( """A different item named {0} already exists in the category called {1}.""".format( itemName, category.name ) ) return redirect(url_for("editItem", key=key)) else: category = Category.query.filter_by(id=item.cat_id).one() return redirect(url_for("editCatItem", category_name=category.name, item_name=item.name))
def newItem(): """This route is used behind the scenes to view an item. It forwards the request on to viewCatItem. Requires a user to be authenticated. Notes: This route could be changed to reflect which category it will be in. Returns: A GET request presents the user with a form for creating a new Item. A POST request processes the user's input from the form and adds the new item. """ # A user session must exist to add an item. if isActiveSession() is False: return redirect(url_for("listItem")) if request.method == "POST": # Process the new Item from the submitted form. # Make sure that an item associated with this category doesn't already have # the name of the one submitted in the form. category = Category.query.filter_by(name=request.form["category"]).one() newItemName = request.form["name"] try: # We should find either zero or one item in a category with a given # name. items = Item.query.filter_by(cat_id=category.id, name=newItemName).one_or_none() print "newItem: items = {0}".format(items) except MultipleResultsFound as e: # We more than one item with the newItemName in it's category. print "Multiple " + e flash("{0} items named {1} in {2} already.".format(len(items), newItemName, category.name)) return redirect(url_for("viewCategory", key=category.id)) if items is None: # This is a new Item for this category and it's name is unique # in the category. # Handle uploaded image picture = request.files["picture"] pictureUrl = processImageUpload(picture) # Create the New Item and add it to the Database newItem = Item( name=request.form["name"], dateCreated=datetime.strptime(request.form["created"], "%Y-%m-%d"), cat_id=category.id, description=request.form["description"], user_id=getSessionUserInfo()["id"], picture=pictureUrl, ) session.add(newItem) session.flush() session.commit() flash("New item created!") # Present the user with a view of the new item return redirect(url_for("viewItem", key=newItem.id)) else: # Alert the user to an already exisiting item with the specified name. flash("An item with the name {0} already exists in {1}.".format(newItemName, category.name)) # Send the user back to the newItem Form. return redirect(url_for("newItem")) else: # Present the User with the New Item Form return render_template( "generic.html", modelType="item", viewType=os.path.join("partials", "new.html"), traits=Item.defaultTraits() )