コード例 #1
0
 def get(self, category, item_id):
     my_item = Items.get_by_id(dbs, item_id)
     if not my_item or my_item.user_id != self.user_info['uid']:
         return self.flash_out(
             "The item you are looking for does not exist or you are not allowed to delete it", 401, "/")
     return self.render_template(
         "item_delete.html", my_item=my_item, my_category=category)
コード例 #2
0
    def get(self, category, item_id):
        my_item = Items.get_by_id(dbs, item_id)
        # Check if the item requested is in the db or if it belongs to the
        # session user
        if not my_item or my_item.user_id != self.user_info['uid']:
            return self.flash_out(
                "The item you are looking for does not exist or you are not allowed to delete it", 401, "/")

        return self.render_template("item_update.html", my_item=my_item,
                                    my_category=category, categories=other_info.item_categories)
コード例 #3
0
    def get(self, category, item_id):
        category = category.title()
        my_item = Items.get_by_id(dbs, item_id)
        if not my_item:
            return self.flash_out(
                "The item you are looking for does not exist", 404, "/")

        owner = User.get_by_id(dbs, my_item.user_id)

        # This really shouldn't happen but it's good to account for this
        # possibility
        if not owner:
            return self.flash_out(
                "Something went wrong, try again, if the problem persists contact us!", 500, "/")

        return self.render_template("item.html", my_category=category,
                                    owner=owner, my_item=my_item,
                                    categories=other_info.item_categories)
コード例 #4
0
    def post(self, category, item_id):
        state = self.request.form.get("csrf")

        if state != session['state']:
            return self.flash_out(
                "The CSRF state is not valid, try again", 401, "/")

        item = Items.get_by_id(dbs, item_id)
        if not item or item.user_id != self.user_info['uid']:
            return self.flash_out(
                "The item you are trying to delete does not belong to you or this item was already deleted.", 401, "/")

        result = Items.delete_by_item(dbs, item)
        if not result:
            return self.flash_out(
                "The item you are trying to delete does not exist", 401, "/")

        return self.flash_out("Your item was deleted successfully", 200, "/")
コード例 #5
0
    def post(self, category, item_id):
        # Check CSRF state
        state = self.request.form.get("csrf")
        if state != session['state']:
            return self.flash_out(
                "The CSRF state is not valid, try again", 401, "/")

        # Check if item is in the db
        item = Items.get_by_id(dbs, item_id)
        if not item or item.user_id != self.user_info['uid']:
            return self.flash_out(
                "The item you are trying to update does not belong to you.", 401, "/")

        # List of fileds allowed to be updated
        update_fields = ["name", "description", "category", "link"]
        new_vals = {}
        for field in update_fields:
            new_val = self.request.form.get(field)
            # if the user is choosing to update this field and it's not the
            # same value as before
            if new_val and not getattr(item, field) == new_val:
                new_vals[field] = new_val
                setattr(item, field, new_val)

        # if there are updates and they are valid properties
        if new_vals:
            new_vals_valid, new_vals_test_error = utils.test_item_prop(
                new_vals)
            if not new_vals_valid:
                return self.flash_out(new_vals_test_error, 401, "/")

        prev_img_id = None
        upload_file = self.request.files["picture"]
        if upload_file:
            if item.picture:
                # Changing the image name in order to prevent atomicity
                # problems (deleting and immediately writing to the same id)
                image_name = item.picture.split(".")[0]
                image_number = (
                    (int(image_name[-1]) + 1) if image_name[-1].isdigit() else 1)
                image_name = image_name + str(image_number)
            else:
                image_name = utils.remove_special_characters(
                    item.name + item.category) + "_img"
            img = self.upload_image_file(upload_file, image_name)
            if img:
                prev_img_id = item.picture
                item.picture = img.id

        # if there are no new values and no new image
        elif not new_vals:
            return self.flash_out(" No new updates submitted", 200, url_for(
                "item_view", category=item.category, item_id=item.id))

        # persist the changes
        Items.update_item(dbs, item)

        # Erase the previous picture from the db
        if prev_img_id:
            Images.delete_by_id(dbs, prev_img_id)

        return self.flash_out("Item has been updated", 200, url_for(
            "item_view", category=item.category, item_id=item.id))