def editItem(name):
if "user_id" not in session:
return redirect("/login")
item = db_session.query(Item).filter_by(name=name).one()
if item is None:
abort(404)
if item.user_id != session["user_id"]:
abort(401)
form = ItemForm(obj=item)
categories = db_session.query(Category.id, Category.name).all()
form.category.choices = categories
if form.validate_on_submit():
# form.populate_obj(item)
item.name = form.name.data
item.description = form.description.data
item.category_id = form.category.data
filename = None
# check if user uploaded file and sanitize filename
if form.image.has_file():
# gets the filename?
filename = secure_filename(form.image.data.filename)
form.image.data.save(os.path.join(app.config["UPLOAD_FOLDER"], filename))
item.image = filename
db_session.add(item)
db_session.commit()
flash("Item %s edited." % item.name)
return redirect(url_for("item", name=item.name))
return render_template("editItem.html", item=item, form=form)
def store(user_id):
"""
Store item to database.
params:
user_id: foreign key that should exists in table users.id
"""
form = ItemForm()
if not form.validate():
return ItemController.message(False, form.errors)
item = Item()
item.name = form.name.data.strip()
item.description = form.description.data
item.category_id = CategoryHash.decode(form.category_id.data)
item.user_id = user_id
db.session.add(item)
if item.commit_changes():
return ItemController.message(True, item)
else:
return ItemController.message(
False, 'Could not save \
the given item.')
def newItem():
if "user_id" not in session:
return redirect("/login")
form = ItemForm()
categories = db_session.query(Category.id, Category.name).all()
form.category.choices = categories
if form.validate_on_submit():
filename = None
# check if user uploaded file and sanitize filename
if form.image.has_file():
# gets the filename?
filename = secure_filename(form.image.data.filename)
form.image.data.save(os.path.join(app.config["UPLOAD_FOLDER"], filename))
# create new item and commit to database
item = Item(
name=form.name.data,
description=form.description.data,
category_id=form.category.data,
image=filename,
user_id=session["user_id"],
pub_date=datetime.utcnow(),
)
db_session.add(item)
db_session.commit()
flash("New item created.")
return redirect(url_for("item", name=item.name))
return render_template("newItem.html", form=form)
def post(self, request, pk):
item = get_object_or_404(Book, pk=pk)
form = ItemForm(request.POST, request.FILES, instance=item)
if form.is_valid():
saved_item = form.save()
return redirect('item_detail', pk=saved_item.pk)
else:
return render(request, 'catalog/edit_item.html', {'form': form})
def post(self, request):
form = ItemForm(request.POST, request.FILES)
if form.is_valid():
saved_item = form.save(commit=False)
saved_item.user = request.user
saved_item.save()
# Redirects to the item details
return redirect('item_detail', pk=saved_item.pk)
else:
return render(request, 'catalog/edit_item.html', {'form': form})
def newItem():
""" Create a new item """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
form = ItemForm()
categories = db_session.query(Category.id, Category.name).all()
form.category_id.choices = categories
if form.validate_on_submit():
# check that name != 'new', which is used for routing
if form.name.data.lower() == 'new':
form.name.errors.append("'new' is a reserved word, and cannot"
" be used as an item name.")
return render_template('new_item.html', form=form)
filename = None
# check if user uploaded file and sanitize filename
if form.image.has_file():
# get the filename, ensuring that it is safe
filename = secure_filename(form.image.data.filename)
form.image.data.save(
os.path.join(app.config['UPLOAD_FOLDER'], filename))
# create new item and commit to database
item = Item(
name=form.name.data,
description=form.description.data,
category_id=form.category_id.data,
image=filename,
user_id=session['user_id'],
pub_date=datetime.utcnow()
)
db_session.add(item)
try:
db_session.commit()
except exc.IntegrityError:
# item name should be unique
db_session.rollback()
form.name.errors.append("Item already exists.")
return render_template('new_item.html', form=form)
flash("Created new item %s." % item.name)
return redirect(url_for('item', name=item.name))
return render_template('new_item.html', form=form)
def editItem(name):
""" Edit an item """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
item = db_session.query(Item).filter_by(name=name).first()
if item is None:
abort(404)
if item.user_id != session['user_id']:
abort(401)
form = ItemForm(obj=item)
categories = db_session.query(Category.id, Category.name).all()
form.category_id.choices = categories
if form.validate_on_submit():
filename = item.image
# check if user uploaded file and sanitize filename
if form.image.has_file():
# gets the filename, ensuring that it is safe
filename = secure_filename(form.image.data.filename)
form.image.data.save(
os.path.join(app.config['UPLOAD_FOLDER'], filename))
form.populate_obj(item)
item.image = filename
db_session.add(item)
try:
db_session.commit()
except exc.IntegrityError:
# item name should be unique
db_session.rollback()
form.name.errors.append("Item already exists.")
return render_template('edit_item.html', item=item, form=form)
flash("Item %s edited." % item.name)
return redirect(url_for('item', name=item.name))
return render_template('edit_item.html', item=item, form=form)
def update(item):
"""
Update item details.
"""
form = ItemForm(id=item.id)
if not form.validate():
return ItemController.message(False, form.errors)
item.name = form.name.data.strip()
item.description = form.description.data
item.category_id = CategoryHash.decode(form.category_id.data)
db.session.add(item)
if item.commit_changes():
return ItemController.message(True, item)
else:
return ItemController.message(
False, 'Could not save \
the given item.')
def deleteItem(name):
""" Delete an item """
# user must be authenticated
if 'user_id' not in session:
return redirect('/login')
item = db_session.query(Item).filter_by(name=name).first()
if item is None:
abort(404)
if item.user_id != session['user_id']:
abort(401)
if request.method == 'POST':
db_session.delete(item)
db_session.commit()
flash('%s Successfully Deleted' % item.name)
return redirect(url_for('catalog'))
else:
form = ItemForm()
return render_template('delete_item.html', item=item, form=form)
def get(self, request):
form = ItemForm()
return render(request, 'catalog/edit_item.html', {'form': form})
def get(self, request, pk):
item = get_object_or_404(Book, pk=pk)
form = ItemForm(instance=item)
return render(request, 'catalog/edit_item.html', {'form': form})
