def deleteItem(item_id):
item = session.query(CatalogItem).filter_by(id=item_id).one()
# Redirects back to the main landing page if the record is not found
if not item:
flash("Invalid item. \
Please check that you have selected a valid item.")
return redirect(url_for('public_page.itemList'))
if request.method == 'GET':
return render_template('deleteitem.html', item=item)
if request.method == 'POST':
user_id = login_session['user_id']
# Checks that the user is the rightful owner of the item
if user_id == item.user.id:
session.delete(item)
session.commit()
flash("Item deleted!")
else:
flash("You are not authorized to delete this item!")
return redirect(
url_for('public_page.viewCatalogItem',
category=item.category,
item_id=item.id))
return redirect(url_for('public_page.itemList'))
def editItem(item_id):
item = session.query(CatalogItem).filter_by(id=item_id).one()
# Redirects back to the main landing page if the record is not found
if not item:
flash("Invalid item. \
Please check that you have selected a valid item.")
return redirect(url_for('public_page.itemList'))
if request.method == 'GET':
return render_template('edititem.html', item=item)
if request.method == 'POST':
user_id = login_session['user_id']
# Checks that the item belongs to the rightful user
if user_id == item.user_id:
item.name = request.form['name']
item.price = request.form['price']
item.category = request.form['category']
item.description = request.form['description']
session.add(item)
session.commit()
flash("Item saved successfully!")
else:
flash("You are not authorized to edit this item!")
return redirect(
url_for('public_page.viewCatalogItem',
category=item.category,
item_id=item.id))
return redirect(
url_for('public_page.viewCatalogItem',
category=item.category,
item_id=item.id))
def viewCategory(category):
items = session.query(CatalogItem).filter_by(category=category).all()
categories = dbfunctions.getUnique(CatalogItem.category)
cat_name = list(k[0] for k in categories)
return render_template('categorylist.html',
items=items,
category=category,
categories=cat_name)
def newItem():
if request.method == 'GET':
return render_template('newitem.html')
if request.method == 'POST':
# The name of the item is required, at the minimum
if len(request.form['name']) == 0:
flash("The name of the item is mandatory!")
return render_template('newitem.html',
name=request.form['name'],
price=request.form['price'],
category=request.form['category'],
description=request.form['description'])
# Retrieves the user
user_id = login_session['user_id']
user = session.query(User).filter_by(id=int(user_id)).one()
# Creates the record and saves it to the database
new_item = CatalogItem(name=request.form['name'],
price=request.form['price'],
category=request.form['category'],
description=request.form['description'],
user=user)
session.add(new_item)
session.commit()
# Retrieves the id of the added record for page redirect
item = dbfunctions.getDescending(CatalogItem, CatalogItem.dt_added, 1)
item = item[0]
flash("New item added!")
return redirect(
url_for('public_page.viewCatalogItem',
category=item.category,
item_id=item.id))
def loginSite():
if request.method == 'GET':
# Redirects the user back to the main landing page if he/she is already
# logged in
if 'userid' in login_session:
flash("You are already logged in!")
return redirect(url_for('public_page.itemList'))
return render_template('login.html')
if request.method == 'POST':
# Retrieves the form details
user_name = request.form['name']
password = request.form['password']
# Checks that the required fields are not empty
nan_empty = helpers.nempty(username=user_name, password=password)
# Throws the warning message if one of the fields is empty
if nan_empty is not True:
flash("Please ensure all fields are filled before submitting.")
return render_template('login.html', nan_message=nan_empty)
# Checks that the entered characters are valid
is_valid = helpers.valid(username=user_name, password=password)
if is_valid is True:
username = session.query(User).filter_by(name=user_name).all()
if username:
# Identical user names permitted by the site. Test the
# validity of the entered password by looping through the salt,
# generating the hash for each combination and check against
# the hashedpw stored in the db
for each in username:
salt = each.salt
hashedpw = helpers.make_pw_hash(user_name, password,
salt).split('|')[0]
try:
# Probably unecessary to check the username again over
# here given that the hash is generated from the
# username as well. Only danger left is when two
# users have the same name and password combination
user = session.query(User).filter_by(
hashedpw=hashedpw).one()
if user:
break
except NoResultFound:
user = None
if not user:
flash("The entered password was incorrect. \
Please try again.")
return render_template('login.html', username=user_name)
else:
flash("User does not exist. Please check your username.")
return render_template('login.html', username=user_name)
# Sets the login session if login is successful
csrf_token = helpers.roast_chip(str(user.id) + user.name)
login_session['user_id'] = user.id
login_session['username'] = user.name
login_session['picture'] = user.picture
login_session['email'] = user.email
login_session['auth_type'] = "local"
flash("Welcome %s!" % user_name)
return redirect(url_for('public_page.itemList'))
else:
flash("Username/password not valid. Please re-enter.")
return render_template('login.html',
username=user_name,
err_username=is_valid['err_username'],
err_password=is_valid['err_password'])
def viewCatalogItem(category, item_id):
item = session.query(CatalogItem).filter_by(id=item_id).one()
return render_template('viewitem.html', item=item)
def singleitemJSON(category, item_id):
catalogitem = session.query(CatalogItem).filter_by(id=item_id).one()
return jsonify(CatalogItem=[catalogitem.serialize])
def catalogitemJSON():
catalogitem = session.query(CatalogItem).all()
return jsonify(CatalogItem=[i.serialize for i in catalogitem])
def itemList():
items = session.query(CatalogItem).order_by(CatalogItem.dt_modded).limit(5)
categories = dbfunctions.getUnique(CatalogItem.category)
cat_name = list(k[0] for k in categories)
return render_template('index.html', items=items, categories=cat_name)