def get(self, category, item_id):
my_item = Items.get_by_id(dbs, item_id)
if not my_item or my_item.user_id != self.user_info['uid']:
return self.flash_out(
"The item you are looking for does not exist or you are not allowed to delete it", 401, "/")
return self.render_template(
"item_delete.html", my_item=my_item, my_category=category)
def get(self, category, item_id):
my_item = Items.get_by_id(dbs, item_id)
# Check if the item requested is in the db or if it belongs to the
# session user
if not my_item or my_item.user_id != self.user_info['uid']:
return self.flash_out(
"The item you are looking for does not exist or you are not allowed to delete it", 401, "/")
return self.render_template("item_update.html", my_item=my_item,
my_category=category, categories=other_info.item_categories)
def get(self, category, item_id):
category = category.title()
my_item = Items.get_by_id(dbs, item_id)
if not my_item:
return self.flash_out(
"The item you are looking for does not exist", 404, "/")
owner = User.get_by_id(dbs, my_item.user_id)
# This really shouldn't happen but it's good to account for this
# possibility
if not owner:
return self.flash_out(
"Something went wrong, try again, if the problem persists contact us!", 500, "/")
return self.render_template("item.html", my_category=category,
owner=owner, my_item=my_item,
categories=other_info.item_categories)
def post(self, category, item_id):
state = self.request.form.get("csrf")
if state != session['state']:
return self.flash_out(
"The CSRF state is not valid, try again", 401, "/")
item = Items.get_by_id(dbs, item_id)
if not item or item.user_id != self.user_info['uid']:
return self.flash_out(
"The item you are trying to delete does not belong to you or this item was already deleted.", 401, "/")
result = Items.delete_by_item(dbs, item)
if not result:
return self.flash_out(
"The item you are trying to delete does not exist", 401, "/")
return self.flash_out("Your item was deleted successfully", 200, "/")
def post(self, category, item_id):
# Check CSRF state
state = self.request.form.get("csrf")
if state != session['state']:
return self.flash_out(
"The CSRF state is not valid, try again", 401, "/")
# Check if item is in the db
item = Items.get_by_id(dbs, item_id)
if not item or item.user_id != self.user_info['uid']:
return self.flash_out(
"The item you are trying to update does not belong to you.", 401, "/")
# List of fileds allowed to be updated
update_fields = ["name", "description", "category", "link"]
new_vals = {}
for field in update_fields:
new_val = self.request.form.get(field)
# if the user is choosing to update this field and it's not the
# same value as before
if new_val and not getattr(item, field) == new_val:
new_vals[field] = new_val
setattr(item, field, new_val)
# if there are updates and they are valid properties
if new_vals:
new_vals_valid, new_vals_test_error = utils.test_item_prop(
new_vals)
if not new_vals_valid:
return self.flash_out(new_vals_test_error, 401, "/")
prev_img_id = None
upload_file = self.request.files["picture"]
if upload_file:
if item.picture:
# Changing the image name in order to prevent atomicity
# problems (deleting and immediately writing to the same id)
image_name = item.picture.split(".")[0]
image_number = (
(int(image_name[-1]) + 1) if image_name[-1].isdigit() else 1)
image_name = image_name + str(image_number)
else:
image_name = utils.remove_special_characters(
item.name + item.category) + "_img"
img = self.upload_image_file(upload_file, image_name)
if img:
prev_img_id = item.picture
item.picture = img.id
# if there are no new values and no new image
elif not new_vals:
return self.flash_out(" No new updates submitted", 200, url_for(
"item_view", category=item.category, item_id=item.id))
# persist the changes
Items.update_item(dbs, item)
# Erase the previous picture from the db
if prev_img_id:
Images.delete_by_id(dbs, prev_img_id)
return self.flash_out("Item has been updated", 200, url_for(
"item_view", category=item.category, item_id=item.id))
