def item_delete(item_id): """ View for deleting an existing item. Check if current user is owner. Aborts otherwise. :param item_id: id of requested item :context item: Instance of :model:`item_catalog.Item` :template: `item_delete.html` """ item = Item.query.get_or_404(item_id) # Check if user is logged in and the item owner. Abort if either check fails if not check_login(session) or not is_item_owner(item, session.get('user_id')): abort(403) if request.method == 'POST': db.session.delete(item) db.session.commit() flash("Successfully Deleted %s" % item.name, 'notice') return redirect(url_for('category_view', category_id=item.category_id)) return render_template('item_delete.html', item=item)
def item_view(item_id, category_id=None): """ View to view all details of specified item. :param item_id: id of requested item :param category_id: optional, id of category of requested item :context category: Instance of :model:`item_catalog.Category` :context item: Instance of :model:`item_catalog.Item` :template: `item_view.html` """ if category_id: category = Category.query.get_or_404(category_id) item = Item.query.filter_by(id=item_id, category=category).first_or_404() else: category = None item = Item.query.get_or_404(item_id) # Check if user is owner owner = check_login(session) and is_item_owner(item, session.get('user_id')) return render_template('item_view.html', category=category, item=item, owner=owner)
def item_edit(item_id): """ View for editing an existing item. Check if current user is owner. Aborts otherwise. :param item_id: id of requested item :context form: Instance of :form:`item_catalog.ItemForm` :context item: Instance of :model:`item_catalog.Item` :template: `item_edit.html` """ item = Item.query.get_or_404(item_id) # Check if user is logged in and the item owner. Abort if either check fails if not check_login(session) or not is_item_owner(item, session.get('user_id')): abort(403) form = ItemForm(obj=item) if form.validate_on_submit(): item_path = item.picture if form.picture.data: data = form.picture.data filename = secure_filename(data.filename) try: item_path = save_uploaded_image(filename, data, item) except: abort(500) form.populate_obj(item) item.picture = item_path item.edit_timestamp = datetime.utcnow() db.session.add(item) db.session.commit() flash("Successfully Saved %s" % item.name, 'notice') return redirect(url_for('item_view', item_id=item.id)) return render_template('item_edit.html', form=form, item=item)