def showItemList(category_id):
    """Render the page contain all categories
           and all items in a selected category
        GET /category/category id/
        Example:
            GET /category/1/ shows a list of items in category 1
    """
    # Check if user is authenticated
    token = request.cookies.get('token')
    expire_time = request.cookies.get('expire_time')
    user_data = None
    if token:
        user_data = validate_token(token, expire_time)

    # SQL model method which retrieve all categories.
    categories = Category.get_all(session, order_by=Category.created,
                                  ascending=True)

    # SQL model method which retrieve a category row by its' id.
    category = Category.get_by_id(session, category_id)
    if category:
        # SQL model method which retrieve all items in their category's id.
        items = Category.item_set(session, category.id)
    else:
        items = []
    # Show user a different view which contains 'add item' link
    #     if user_data is not None, which means an authenticated user.
    return render_template('show_item_list.html', categories=categories,
                           category=category, items=items, user=user_data)
def showItemList(category_id):
    """Render the page contain all categories
           and all items in a selected category
        GET /category/category id/
        Example:
            GET /category/1/ shows a list of items in category 1
    """
    # Check if user is authenticated
    token = request.cookies.get("token")
    expire_time = request.cookies.get("expire_time")
    user_data = None
    if token:
        user_data = validate_token(token, expire_time)

    # SQL model method which retrieve all categories.
    categories = Category.get_all(session, order_by=Category.created, ascending=True)

    # SQL model method which retrieve a category row by its' id.
    category = Category.get_by_id(session, category_id)
    if category:
        # SQL model method which retrieve all items in their category's id.
        items = Category.item_set(session, category.id)
    else:
        items = []
    # Show user a different view which contains 'add item' link
    #     if user_data is not None, which means an authenticated user.
    return render_template("show_item_list.html", categories=categories, category=category, items=items, user=user_data)
def getAllContent():
    categories = Category.get_all(session, order_by=Category.name, ascending=True)
    categories_list = [c.serialize for c in categories]
    for c in categories_list:
        c["items"] = [i.serialize for i in Category.item_set(session, c["id"])]
    result = {"status": "success", "type": "collection", "collection_type": "categories", "categories": categories_list}
    return jsonify(result)
def getAllContent():
    categories = Category.get_all(session, order_by=Category.name,
                                  ascending=True)
    categories_list = [c.serialize for c in categories]
    for c in categories_list:
        c["items"] = [i.serialize for i in Category.item_set(session, c["id"])]
    result = {
        "status": "success",
        "type": "collection",
        "collection_type": "categories",
        "categories": categories_list
        }
    return jsonify(result)
def showMain():
    """Render the main page contain all categories and most recent items
        GET /
    """
    # Check if user is authenticated
    token = request.cookies.get("token")
    expire_time = request.cookies.get("expire_time")
    user_data = None
    if token:
        user_data = validate_token(token, expire_time)

    # SQL model method which retrieve all categories.
    categories = Category.get_all(session, order_by=Category.name, ascending=True)
    # SQL model method which retrieve most recent 10 items.
    items = Item.get_recent(session, limit=10)
    # Show user a different view which contains 'add item' link
    #     if user_data is not None, which means an authenticated user.
    return render_template("main.html", categories=categories, items=items, user=user_data)
def showMain():
    """Render the main page contain all categories and most recent items
        GET /
    """
    # Check if user is authenticated
    token = request.cookies.get('token')
    expire_time = request.cookies.get('expire_time')
    user_data = None
    if token:
        user_data = validate_token(token, expire_time)

    # SQL model method which retrieve all categories.
    categories = Category.get_all(session, order_by=Category.name,
                                  ascending=True)
    # SQL model method which retrieve most recent 10 items.
    items = Item.get_recent(session, limit=10)
    # Show user a different view which contains 'add item' link
    #     if user_data is not None, which means an authenticated user.
    return render_template('main.html', categories=categories,
                           items=items, user=user_data)
def editItem(category_id, item_id):
    """
        GET /category/category id/item/item id/edit:
            Render an edit item form page
        POST /category/category id/item/item id/edit:
            Update the selected item's attributes
            Fields:
                title (required)
                description
                category (required)
    """
    token = request.cookies.get('token')
    expire_time = request.cookies.get('expire_time')
    # Only authorized user can see an edit item page
    if not token:
        flash("You are not authorized.")
        return redirect(url_for('basic.showMain'))

    if request.method == "GET":

        # Only authorized user can see an edit item page
        user_data = validate_token(token, expire_time)
        if not user_data:
            flash("You are not authorized.")
            return redirect(url_for('basic.showMain'))

        # Only authorized user can see an edit item page
        # Authorized user id must be the same as
        #     the user's id who created the item before.
        if not User.is_authorized(session, user_data.get("id"), item_id):
            flash("You are not authorized.")
            return redirect(url_for('basic.showMain'))

        categories = Category.get_all(session)
        item = Item.get_by_id(session, item_id)
        return render_template('edit_item.html',
                               categories=categories, item=item)

    if request.method == "POST":
        # When user send POST request,
        #     we get a token again from HTTP header, not from cookie
        token = request.headers.get('Authorization')
        # Only authorized user can edit this item
        user_data = validate_token(token, expire_time)
        if not user_data:
            response = make_response(
                json.dumps({
                    "message": "You are not authorized",
                    "redirect": url_for('basic.showItemDetail',
                                        category_id=category_id,
                                        item_id=item_id)
                }), 401
            )
            response.headers['Content-Type'] = 'application/json'
            return response

        item = Item.get_by_id(session, item_id)
        title = request.form.get('title')
        description = request.form.get('description')
        new_category_id = request.form.get('category')

        # In the form in HTML title field is required.
        # No title means the user use another way to send POST request
        if not title:
            response = make_response(
                json.dumps({
                    "message": "Please use the proper way",
                    "redirect": url_for('basic.showItemDetail',
                                        category_id=category_id,
                                        item_id=item_id)
                }), 401
            )
            response.headers['Content-Type'] = 'application/json'
            return response

        # Only authorized user can edit item
        # Authorized user id must be the same as
        #     the user's id who created the item before.
        user = User.get_by_id(session, user_data.get("id"))
        if not User.is_authorized(session, user.id, item_id):
            response = make_response(
                json.dumps({
                    "message": "You are not authorized",
                    "redirect": url_for('basic.showItemDetail',
                                        category_id=item.category_id,
                                        item_id=item_id)
                }), 401
            )
            response.headers['Content-Type'] = 'application/json'
            return response

        item.title = title
        item.description = description
        item.category_id = new_category_id
        session.add(item)
        session.commit()

        response = make_response(
            json.dumps({
                "message": "The item was successfully edited.",
                "redirect": url_for('basic.showItemDetail',
                                    category_id=category_id,
                                    item_id=item.id)
            }), 200
        )
        response.headers['Content-Type'] = 'application/json'
        return response
def addItem():
    """
        GET /items:
            Render a create item form page
        POST /items:
            Create a new item and store it in database.
            Fields:
                title (required)
                description
                category (required)
            Created date are default saved as timestamp
    """
    token = request.cookies.get('token')
    expire_time = request.cookies.get('expire_time')
    # Only authenticated user can add a new item
    if not token:
        flash("Please login.")
        return redirect(url_for('auth.login'))

    if request.method == "GET":
        user_data = validate_token(token, expire_time)
        categories = Category.get_all(session)
        return render_template('add_item.html',
                               categories=categories, user=user_data)

    if request.method == "POST":
        # When user send POST request,
        #     we get a token again from HTTP header, not from cookie
        token = request.headers.get('Authorization')
        # Only authenticated user can add a new item
        user_data = validate_token(token, expire_time)
        if not user_data:
            response = make_response(
                json.dumps({
                    "message": "Please login",
                    "redirect": url_for('auth.login')
                }), 401
            )
            response.headers['Content-Type'] = 'application/json'
            return response

        # Get title, description, and category_id from the form.
        title = request.form.get('title')
        description = request.form.get('description')
        category_id = request.form.get('category')

        # In the form in HTML title field is required.
        # No title means the user use another way to send POST request
        if not title:
            response = make_response(
                json.dumps({
                    "message": "Please use the proper way",
                    "redirect": url_for('basic.addItem')
                }), 401
            )
            response.headers['Content-Type'] = 'application/json'
            return response

        # Create a new item row with the fields user has inputted
        item = Item(title=title, description=description,
                    category_id=category_id, user_id=user_data.get("id"))
        session.add(item)
        session.commit()
        # Redirect to the detail page, so user can check their input.
        response = make_response(
            json.dumps({
                "message": "The item was successfully created.",
                "redirect": url_for('basic.showItemDetail',
                                    category_id=category_id, item_id=item.id)
                }), 200
            )
        response.headers['Content-Type'] = 'application/json'
        return response
def editItem(category_id, item_id):
    """
        GET /category/category id/item/item id/edit:
            Render an edit item form page
        POST /category/category id/item/item id/edit:
            Update the selected item's attributes
            Fields:
                title (required)
                description
                category (required)
    """
    token = request.cookies.get("token")
    expire_time = request.cookies.get("expire_time")
    # Only authorized user can see an edit item page
    if not token:
        flash("You are not authorized.")
        return redirect(url_for("basic.showMain"))

    if request.method == "GET":

        # Only authorized user can see an edit item page
        user_data = validate_token(token, expire_time)
        if not user_data:
            flash("You are not authorized.")
            return redirect(url_for("basic.showMain"))

        # Only authorized user can see an edit item page
        # Authorized user id must be the same as
        #     the user's id who created the item before.
        if not User.is_authorized(session, user_data.get("id"), item_id):
            flash("You are not authorized.")
            return redirect(url_for("basic.showMain"))

        categories = Category.get_all(session)
        item = Item.get_by_id(session, item_id)
        return render_template("edit_item.html", categories=categories, item=item)

    if request.method == "POST":
        # When user send POST request,
        #     we get a token again from HTTP header, not from cookie
        token = request.headers.get("Authorization")
        # Only authorized user can edit this item
        user_data = validate_token(token, expire_time)
        if not user_data:
            response = make_response(
                json.dumps(
                    {
                        "message": "You are not authorized",
                        "redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item_id),
                    }
                ),
                401,
            )
            response.headers["Content-Type"] = "application/json"
            return response

        item = Item.get_by_id(session, item_id)
        title = request.form.get("title")
        description = request.form.get("description")
        new_category_id = request.form.get("category")

        # In the form in HTML title field is required.
        # No title means the user use another way to send POST request
        if not title:
            response = make_response(
                json.dumps(
                    {
                        "message": "Please use the proper way",
                        "redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item_id),
                    }
                ),
                401,
            )
            response.headers["Content-Type"] = "application/json"
            return response

        # Only authorized user can edit item
        # Authorized user id must be the same as
        #     the user's id who created the item before.
        user = User.get_by_id(session, user_data.get("id"))
        if not User.is_authorized(session, user.id, item_id):
            response = make_response(
                json.dumps(
                    {
                        "message": "You are not authorized",
                        "redirect": url_for("basic.showItemDetail", category_id=item.category_id, item_id=item_id),
                    }
                ),
                401,
            )
            response.headers["Content-Type"] = "application/json"
            return response

        item.title = title
        item.description = description
        item.category_id = new_category_id
        session.add(item)
        session.commit()

        response = make_response(
            json.dumps(
                {
                    "message": "The item was successfully edited.",
                    "redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item.id),
                }
            ),
            200,
        )
        response.headers["Content-Type"] = "application/json"
        return response
def addItem():
    """
        GET /items:
            Render a create item form page
        POST /items:
            Create a new item and store it in database.
            Fields:
                title (required)
                description
                category (required)
            Created date are default saved as timestamp
    """
    token = request.cookies.get("token")
    expire_time = request.cookies.get("expire_time")
    # Only authenticated user can add a new item
    if not token:
        flash("Please login.")
        return redirect(url_for("auth.login"))

    if request.method == "GET":
        user_data = validate_token(token, expire_time)
        categories = Category.get_all(session)
        return render_template("add_item.html", categories=categories, user=user_data)

    if request.method == "POST":
        # When user send POST request,
        #     we get a token again from HTTP header, not from cookie
        token = request.headers.get("Authorization")
        # Only authenticated user can add a new item
        user_data = validate_token(token, expire_time)
        if not user_data:
            response = make_response(json.dumps({"message": "Please login", "redirect": url_for("auth.login")}), 401)
            response.headers["Content-Type"] = "application/json"
            return response

        # Get title, description, and category_id from the form.
        title = request.form.get("title")
        description = request.form.get("description")
        category_id = request.form.get("category")

        # In the form in HTML title field is required.
        # No title means the user use another way to send POST request
        if not title:
            response = make_response(
                json.dumps({"message": "Please use the proper way", "redirect": url_for("basic.addItem")}), 401
            )
            response.headers["Content-Type"] = "application/json"
            return response

        # Create a new item row with the fields user has inputted
        item = Item(title=title, description=description, category_id=category_id, user_id=user_data.get("id"))
        session.add(item)
        session.commit()
        # Redirect to the detail page, so user can check their input.
        response = make_response(
            json.dumps(
                {
                    "message": "The item was successfully created.",
                    "redirect": url_for("basic.showItemDetail", category_id=category_id, item_id=item.id),
                }
            ),
            200,
        )
        response.headers["Content-Type"] = "application/json"
        return response