def itemDelete(): """ Deletes an item owned by the current user """ state = request.values.get('state') if not check_nonce(state): return bad_request_error() cat_name = bleach.clean(request.values.get("item_delete_parent")) cat = dal.get_category_by_name(cat_name) if not cat: return not_found_error() active_user = get_active_user() if not active_user: return not_authenticated_error() item_name = bleach.clean(request.values.get("item_delete_name")) item = dal.get_item_by_name(cat.cat_id, item_name) if not item: return not_found_error() if active_user.user_id != item.creator_id: return not_authorized_error() # All checks passed generate_nonce() dal.delete_item(item.item_id) return redirect("/")
def categoryDelete(): """ Deletes a category owned by the logged-in user """ state = request.values.get('state') if not check_nonce(state): return bad_request_error() cat_name = bleach.clean(request.values.get("cat_delete_name")) cat = dal.get_category_by_name(cat_name) if not cat: return not_found_error() active_user = get_active_user() if not active_user: return not_authenticated_error() if active_user.user_id != cat.creator_id: return not_authorized_error() # All checks passed generate_nonce() dal.delete_category(cat.cat_id) return redirect("/")