def delete_menu_item(restaurant_id, menu_id): if 'username' not in login_session: return redirect(url_for('show_login')) if database_operations.get_user(database_operations.get_restaurant(restaurant_id).user_id).id != login_session['user_id']: return "<script>function myFunction() {alert('You are not authorized to delete this item');} </script>" \ "<body onload='myFunction()'>" if request.method == 'POST': database_operations.delete_menu_item(menu_id) flash("Menu item has been deleted!") return redirect(url_for('list_menu_items', restaurant_id=restaurant_id)) else: return render_template('delete_menu_item.html', restaurant_id=restaurant_id, item=database_operations.get_menu_item(menu_id))
def edit_menu_item(restaurant_id, menu_id): if 'username' not in login_session: return redirect(url_for('show_login')) if database_operations.get_user(database_operations.get_restaurant(restaurant_id).user_id).id != login_session['user_id']: flash("You don't have the permission to edit this menu item") return redirect(url_for('list_menu_items', restaurant_id=restaurant_id)) if request.method == 'POST': database_operations.update_menu_item(menu_id=menu_id, name=request.form['name'], description=request.form['description'], price=request.form['price'], user_id=login_session['user_id']) flash("Menu item has been updated!") return redirect(url_for('list_menu_items', restaurant_id=restaurant_id)) else: return render_template('edit_menu_item.html', restaurant_id=restaurant_id, item=database_operations.get_menu_item(menu_id))
def get_menu_item_json(restaurant_id, menu_id): menu_item = database_operations.get_menu_item(menu_id) return jsonify(menu_item.serialize)