def delete_item(iid):
user_id = websession.get('user_id')
if not authed_user(user_id):
# websession['auth_redir'] = 'delete_item'
return redirect(url_for('signin'))
item = session.query(Item).filter_by(iid=iid).one()
# Authorization Check
if item.user_id != user_id:
print('item.user_id ({}) != user_id ({})'.format(item.user_id, user_id))
abort(403)
if request.method == 'GET':
categories = session.query(Category).order_by(Category.name).all()
return render_template('item-cud.html', cud_type='Delete', categories=categories,
item=item, read_only=True)
elif request.method == 'POST':
session.delete(item)
session.commit()
# Add flashing...
flash('Item Deleted')
return redirect(url_for('show_catalog'))
def add_item():
user_id = websession.get('user_id')
if not authed_user(user_id):
# websession['auth_redir'] = 'add_item'
return redirect(url_for('signin'))
if request.method == 'GET':
categories = session.query(Category).order_by(Category.name).all()
return render_template('item-cud.html', cud_type='Add', categories=categories,
item={'picture': DEFAULT_PHOTO, 'category': {}})
elif request.method == 'POST':
# Retrieve form data - use .get to avoid 400 status
item_name = request.form.get('name')
item_description = request.form.get('description')
picture_file = request.files.get('file')
category_name = request.form.get('category')
# Input validation
status, error = validate_input(item_name, item_description, category_name)
# Deal with picture
if picture_file:
try:
# filename is the path to the image
filename = DEFAULT_PHOTO_STORE + uploaded_photos.save(picture_file)
flash('Photo Successfully Uploaded')
except UploadNotAllowed:
error['file_error'] = "The picture file upload wasn't allowed."
filename = None
status = False
if not status:
categories = session.query(Category).order_by(Category.name).all()
return render_template('item-cud.html', cud_type='Add', categories=categories,
item={'name': item_name, 'description': item_description,
'category': {'name': category_name}},
title_error=error.get('title_error'),
file_error=error.get('file_error'),
category_error=error.get('category_error'))
# If no picture supplied, use default
if not picture_file or not filename:
filename = DEFAULT_PHOTO
user = session.query(User).filter_by(uid=user_id).one()
category = session.query(Category).filter_by(name=category_name).one()
item = Item(name=item_name, picture=filename, description=item_description,
category_id=category.cid, user_id=user.uid)
session.add(item)
session.commit()
# Add flashing...
flash('New Item Created')
return redirect(url_for('show_item', iid=item.iid))
def edit_item(iid):
user_id = websession.get('user_id')
if not authed_user(user_id):
# websession['auth_redir'] = 'edit_item'
return redirect(url_for('signin'))
# This could return none - use one_or_none instead!
item = session.query(Item).filter_by(iid=iid).one()
# Authorization Check
if item.user_id != user_id:
print('item.user_id ({}) != user_id ({})'.format(item.user_id, user_id))
abort(403)
if request.method == 'GET':
categories = session.query(Category).order_by(Category.name).all()
return render_template('item-cud.html', cud_type='Edit', categories=categories,
item=item)
elif request.method == 'POST':
# Retrieve form data - use .get to avoid 400 status
item_name = request.form.get('name')
item_description = request.form.get('description')
picture_file = request.files.get('file')
category_name = request.form.get('category')
# Input validation
status, error = validate_input(item_name, item_description, category_name)
# Deal with picture
if picture_file:
try:
# filename is the path to the image
filename = DEFAULT_PHOTO_STORE + uploaded_photos.save(picture_file)
flash('Photo Successfully Uploaded')
except UploadNotAllowed:
error['file_error'] = "The picture file upload wasn't allowed."
filename = None
status = False
if not status:
# Check if only problem is non-unique name/title (OK since updating):
valid_set = {'title_error', 'title_problem'}
# Where overwriting existing item, make sure item.name (looked up from passed
# iid) matches item_name or we'll get a database error!
if not (error.get('title_problem') == 'nonunique' and item.name == item_name
and valid_set == set(error)):
categories = session.query(Category).order_by(Category.name).all()
return render_template('item-cud.html', cud_type='Edit', categories=categories,
item={'name': item_name, 'description': item_description,
'category': {'name': category_name}},
title_error=error.get('title_error'),
file_error=error.get('file_error'),
category_error=error.get('category_error'))
category = session.query(Category).filter_by(name=category_name).one()
# Only change picture if new one supplied
if not picture_file or not filename:
filename = item.picture
# Update
item.name = item_name
item.picture = filename
item.description = item_description
item.category_id = category.cid
item.user_id = user_id
session.add(item)
session.commit()
# Add flashing...
flash('Item Updated')
return redirect(url_for('show_item', iid=item.iid))