def delete_item_by_id(category_id, item_id): """ HTML endpoint providing a form to delete an item """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to delete an item') return redirect('/login') item = session.query(Item).filter_by(id=item_id).one() # Users may delete only items they created if not Permissions.get_user_permissions_for_item(item).delete: flash('you may delete only items you created') return redirect(url_for('get_category_by_id', category_id=category_id)) if request.method == 'POST': session.delete(item) session.commit() flash('item deleted') return redirect(url_for('get_category_by_id', category_id=category_id)) else: category = session.query(Category).filter_by(id=category_id).one() return UserUtils.render_user_template('item_delete.html', category=category, category_id=category_id, item=item, page_title="%s %s Item" % ("Delete", item.title))
def update_item_by_id(category_id, item_id): """ HTML endpoint providing a form to edit an item """ if not UserUtils.is_authenticated(): UserUtils.set_preauthentication_url() flash('sign in to edit an item') return redirect('/login') item = session.query(Item).filter_by(id=item_id).one() # Users may update only items they created if not Permissions.get_user_permissions_for_item(item).update: flash('you may edit only items you created') return redirect(url_for('get_category_by_id', category_id=category_id)) category = session.query(Category).filter_by(id=category_id).one() if request.method == 'POST': # Extract and validate the form inputs (title, title_error) = \ extract_and_validate_item_title(request.form) (description, description_error) = \ extract_and_validate_item_description(request.form) if title_error or description_error: return UserUtils.render_user_template( 'item_update.html', category=category, category_id=category_id, item=item, page_title="%s %s Item" % ("Edit", item.title), title=title, title_error=title_error, description=description, description_error=description_error) # Create the item in the data store item.title = title item.description = description session.add(item) session.commit() flash('item updated') return redirect(url_for('get_category_by_id', category_id=category_id)) else: return UserUtils.render_user_template('item_update.html', category=category, category_id=category_id, item=item, page_title="%s %s Item" % ("Edit", item.title), title=item.title, description=item.description)
def get_item_by_id(category_id, item_id): """ HTML endpoint providing details for a given item within a category """ category = session.query(Category).filter_by(id=category_id).one() item = session.query(Item).filter_by(id=item_id).one() return UserUtils.render_user_template( 'item_read.html', category=category, category_id=category_id, item=item, page_title="%s Item" % item.title, can=Permissions.get_user_permissions_for_item(item))