def context_check_login():
"""
Context processor to check if a user is logged in.
:return: dict containing boolean signifying if there is a logged in user and instance of the user
"""
logged_in = check_login(session)
user = None
if logged_in:
user = get_user(session.get('user_id'))
return dict(logged_in=logged_in, user=user)
def item_new(category_id=None):
"""
View for creating new item
:param category_id: optional, id of category of new item
:context form: Instance of :form:`item_catalog.ItemForm`
:template: `item_edit.html`
"""
# Check if user is logged in
if not check_login(session):
abort(403)
if category_id:
category = Category.query.get_or_404(category_id)
else:
category = None
form = ItemForm()
# If form is valid on post, populate model instance and save
if form.validate_on_submit():
item = Item()
form.populate_obj(item)
item.picture = None
item.owner = User.query.get(session.get('user_id'))
db.session.add(item)
db.session.commit()
# If there is picture data, let's save it now that we have an item id
if form.picture.data:
data = form.picture.data
filename = secure_filename(data.filename)
item_path = None
try:
item_path = save_uploaded_image(filename, data, item)
except:
abort(500)
item.picture = item_path
db.session.add(item)
db.session.commit()
flash("Successfully Created %s" % item.name, 'notice')
return redirect(url_for('item_view', item_id=item.id))
return render_template('item_edit.html', form=form, category=category)
def item_delete(item_id):
"""
View for deleting an existing item. Check if current user is owner. Aborts otherwise.
:param item_id: id of requested item
:context item: Instance of :model:`item_catalog.Item`
:template: `item_delete.html`
"""
item = Item.query.get_or_404(item_id)
# Check if user is logged in and the item owner. Abort if either check fails
if not check_login(session) or not is_item_owner(item, session.get('user_id')):
abort(403)
if request.method == 'POST':
db.session.delete(item)
db.session.commit()
flash("Successfully Deleted %s" % item.name, 'notice')
return redirect(url_for('category_view', category_id=item.category_id))
return render_template('item_delete.html', item=item)
def item_view(item_id, category_id=None):
"""
View to view all details of specified item.
:param item_id: id of requested item
:param category_id: optional, id of category of requested item
:context category: Instance of :model:`item_catalog.Category`
:context item: Instance of :model:`item_catalog.Item`
:template: `item_view.html`
"""
if category_id:
category = Category.query.get_or_404(category_id)
item = Item.query.filter_by(id=item_id, category=category).first_or_404()
else:
category = None
item = Item.query.get_or_404(item_id)
# Check if user is owner
owner = check_login(session) and is_item_owner(item, session.get('user_id'))
return render_template('item_view.html', category=category, item=item, owner=owner)
def item_edit(item_id):
"""
View for editing an existing item. Check if current user is owner. Aborts otherwise.
:param item_id: id of requested item
:context form: Instance of :form:`item_catalog.ItemForm`
:context item: Instance of :model:`item_catalog.Item`
:template: `item_edit.html`
"""
item = Item.query.get_or_404(item_id)
# Check if user is logged in and the item owner. Abort if either check fails
if not check_login(session) or not is_item_owner(item, session.get('user_id')):
abort(403)
form = ItemForm(obj=item)
if form.validate_on_submit():
item_path = item.picture
if form.picture.data:
data = form.picture.data
filename = secure_filename(data.filename)
try:
item_path = save_uploaded_image(filename, data, item)
except:
abort(500)
form.populate_obj(item)
item.picture = item_path
item.edit_timestamp = datetime.utcnow()
db.session.add(item)
db.session.commit()
flash("Successfully Saved %s" % item.name, 'notice')
return redirect(url_for('item_view', item_id=item.id))
return render_template('item_edit.html', form=form, item=item)