def get(self, category, item_id): my_item = Items.get_by_id(dbs, item_id) if not my_item or my_item.user_id != self.user_info['uid']: return self.flash_out( "The item you are looking for does not exist or you are not allowed to delete it", 401, "/") return self.render_template( "item_delete.html", my_item=my_item, my_category=category)
def get(self, category, item_id): my_item = Items.get_by_id(dbs, item_id) # Check if the item requested is in the db or if it belongs to the # session user if not my_item or my_item.user_id != self.user_info['uid']: return self.flash_out( "The item you are looking for does not exist or you are not allowed to delete it", 401, "/") return self.render_template("item_update.html", my_item=my_item, my_category=category, categories=other_info.item_categories)
def get(self, category, item_id): category = category.title() my_item = Items.get_by_id(dbs, item_id) if not my_item: return self.flash_out( "The item you are looking for does not exist", 404, "/") owner = User.get_by_id(dbs, my_item.user_id) # This really shouldn't happen but it's good to account for this # possibility if not owner: return self.flash_out( "Something went wrong, try again, if the problem persists contact us!", 500, "/") return self.render_template("item.html", my_category=category, owner=owner, my_item=my_item, categories=other_info.item_categories)
def post(self, category, item_id): state = self.request.form.get("csrf") if state != session['state']: return self.flash_out( "The CSRF state is not valid, try again", 401, "/") item = Items.get_by_id(dbs, item_id) if not item or item.user_id != self.user_info['uid']: return self.flash_out( "The item you are trying to delete does not belong to you or this item was already deleted.", 401, "/") result = Items.delete_by_item(dbs, item) if not result: return self.flash_out( "The item you are trying to delete does not exist", 401, "/") return self.flash_out("Your item was deleted successfully", 200, "/")
def post(self, category, item_id): # Check CSRF state state = self.request.form.get("csrf") if state != session['state']: return self.flash_out( "The CSRF state is not valid, try again", 401, "/") # Check if item is in the db item = Items.get_by_id(dbs, item_id) if not item or item.user_id != self.user_info['uid']: return self.flash_out( "The item you are trying to update does not belong to you.", 401, "/") # List of fileds allowed to be updated update_fields = ["name", "description", "category", "link"] new_vals = {} for field in update_fields: new_val = self.request.form.get(field) # if the user is choosing to update this field and it's not the # same value as before if new_val and not getattr(item, field) == new_val: new_vals[field] = new_val setattr(item, field, new_val) # if there are updates and they are valid properties if new_vals: new_vals_valid, new_vals_test_error = utils.test_item_prop( new_vals) if not new_vals_valid: return self.flash_out(new_vals_test_error, 401, "/") prev_img_id = None upload_file = self.request.files["picture"] if upload_file: if item.picture: # Changing the image name in order to prevent atomicity # problems (deleting and immediately writing to the same id) image_name = item.picture.split(".")[0] image_number = ( (int(image_name[-1]) + 1) if image_name[-1].isdigit() else 1) image_name = image_name + str(image_number) else: image_name = utils.remove_special_characters( item.name + item.category) + "_img" img = self.upload_image_file(upload_file, image_name) if img: prev_img_id = item.picture item.picture = img.id # if there are no new values and no new image elif not new_vals: return self.flash_out(" No new updates submitted", 200, url_for( "item_view", category=item.category, item_id=item.id)) # persist the changes Items.update_item(dbs, item) # Erase the previous picture from the db if prev_img_id: Images.delete_by_id(dbs, prev_img_id) return self.flash_out("Item has been updated", 200, url_for( "item_view", category=item.category, item_id=item.id))