def newItem(catalog_id): if 'username' not in login_session: return redirect('/login') catalog = session.query(Catalog).filter_by(id=catalog_id).one() if login_session['user_id'] != catalog.user_id: return '''<script>function myFunction() {alert('You are not authorized to add items to this catalog.');} </script><body onload='myFunction()''> ''' if request.method == 'POST': if request.form['name'] == []: flash("Name needed!") return render_template('newitem.html', catalog_id = catalog_id) newItem = CatalogItem(name = request.form['name']) newItem.description = request.form['description'] newItem.price = request.form['price'] newItem.catalog_id = catalog_id newItem.user_id = catalog.user_id session.add(newItem) session.commit() flash("New item created!") items = session.query(CatalogItem).filter_by(catalog_id=catalog_id).all() return render_template('Items.html', catalog = catalog, items = items) else: return render_template('newitem.html', catalog_id = catalog_id)
def newItem(): if 'username' not in login_session: flash('You are not logged in!') return redirect('/catalog') categories = session.query(Category).order_by(asc(Category.name)) if request.method == 'GET': return render_template('newItem.html', categories=categories) else: newItem = CatalogItem() if request.form['title']: newItem.title = request.form['title'] # FriendlyTitle is used for an items route URL. # Removes spaces and transforms to lowercase friendlyTitle = request.form['title'].lower() friendlyTitle = friendlyTitle.replace(' ', '') newItem.friendlyTitle = friendlyTitle if request.form['description']: newItem.description = request.form['description'] if request.form['category']: category = session.query(Category).filter_by( name=request.form['category']).one() newItem.category_id = category.id newItem.user_id = login_session['user_id'] session.add(newItem) session.commit() flash('Item successfully added!') return redirect(url_for('catalog'))
def addItem(item_name, item_desc, cat_id): catitem = CatalogItem() catitem.item_name = item_name catitem.description = item_desc catitem.cat_id = cat_id catitem.user_id = login_session['userid'] db_session.add(catitem) db_session.commit()