def createUser(session):
newUser = User(name=session['username'],
email=session['email'],
picture=session['picture'])
db_session.add(newUser)
db_session.commit()
user = db_session.query(User).filter_by(email=session['email']).one()
return user.id
def addImage(category_id, item_id):
""" View function for adding new images to item """
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
pic_num = db_session.query(Picture.id).order_by(
Picture.id.desc()).first()
if pic_num is None:
pic_num = 0
else:
pic_num = pic_num[0]
pic_num += 1
# If file is present, store the meta data in the db and store the image in the file directory
if file and allowed_file(file.filename):
item = check_item(item_id, category_id)
filename = rename_file(item.name, file.filename,
item.category.name, item_id, pic_num)
new_picture = Picture(name=filename,
item_id=item_id,
user_id=session['user_id'])
db_session.add(new_picture)
db_session.commit()
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('Picture upload successful')
return redirect(
url_for('viewItem',
item_id=item_id,
category_id=item.category.id))
else:
flash('Invalid file format')
return redirect(request.url)
else:
category = check_category(category_id)
if category is None:
flash('We could not find that category')
return redirect(url_for('errorNotFound'))
item = check_item(item_id, category_id)
if item is None:
flash('We could not find that item')
return redirect(url_for('errorNotFound'))
return render_template('addimage.html',
item_id=item_id,
category_id=category_id)
def ajaxLike(): """ Ajax request handler for validating and updating database for likes on items""" if request.method == 'POST': new_like = Like(category_id= request.json['category_id'], item_id= request.json['item_id'], user_id=request.json['user_id'] ) if request.json['status'] != "None": exsisting_like = db_session.query(Like).filter_by(category_id= request.json['category_id'], item_id= request.json['item_id'], user_id=request.json['user_id']).first() db_session.delete(exsisting_like) db_session.commit() return 'Deleted' db_session.add(new_like) db_session.commit() return 'Liked'
def deleteCategory(category_id):
""" View function for deleting category. Performs CSFR validation"""
if request.method == 'POST':
csfr_delete_token = request.form.get('_csrf_delete_token')
validate_delete_csfr(csfr_delete_token)
category = db_session.query(Category).filter_by(id=category_id).first()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], category.picture))
items = db_session.query(Item).filter_by(category_id=category_id).all()
for i in items:
item_id = i.id
db_session.delete(i)
db_session.commit()
pictures = db_session.query(Picture).filter_by(
item_id=item_id).all()
for p in pictures:
db_session.delete(p)
db_session.commit()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], p.name))
likes = db_session.query(Like).filter_by(
item_id=item_id, category_id=category_id).all()
for l in likes:
db_session.delete(l)
db_session.commit()
db_session.delete(category)
db_session.commit()
return redirect(url_for('showCategory'))
def editCategory(category_id):
""" View function for editing category. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
if file.filename == '':
flash('No selected file')
return redirect(request.url)
categories = db_session.query(Category).all()
if file and allowed_file(file.filename):
filename = rename_file(catName, file.filename)
print filename
#user = db_session.query(User).filter_by(id=session['user_id']).one()
category = db_session.query(Category).filter_by(
id=category_id).one()
category.name = catName
old_filename = category.picture
category.picture = filename
db_session.add(category)
db_session.commit()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], old_filename))
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('Category %s edited!' % catName)
return render_template('category.html', categories=categories)
category = db_session.query(Category).filter_by(id=category_id).one()
category.name = catName
db_session.add(category)
db_session.commit()
return render_template('category.html', categories=categories)
app.jinja_env.globals['csrf_token'] = generate_csrf_token
app.jinja_env.globals['csrf_delete_token'] = generate_csrf_delete_token
category = db_session.query(Category).filter_by(id=category_id).one()
print category.name
return render_template('editcategory.html', category=category)
def deleteItemImage(image):
""" View function for deleting item images"""
picture = db_session.query(Picture).filter_by(name=image).first()
if not picture:
flash('Could not find the image')
return redirect(url_for('errorNotFound'))
if session.get('user_id') == picture.item.user_id:
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], picture.name))
db_session.delete(picture)
db_session.commit()
return redirect(
url_for('viewItem',
category_id=picture.item.category_id,
item_id=picture.item.id))
else:
return redirect(
url_for('viewItem',
category_id=picture.item.category_id,
item_id=picture.item.id))
return redirect(url_for('showCategory'))
def editItem(category_id, item_id):
""" View function for editing Item. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
itemName = request.form.get('itemName')
itemDescription = request.form.get('itemDescription')
item = db_session.query(Item).filter_by(
id=item_id, category_id=category_id).first()
item.name = itemName
item.description = itemDescription
db_session.add(item)
db_session.commit()
return redirect(
url_for('viewItem', item_id=item_id, category_id=category_id))
app.jinja_env.globals['csrf_token'] = generate_csrf_token
app.jinja_env.globals['csrf_delete_token'] = generate_csrf_delete_token
item = db_session.query(Item).filter_by(id=item_id,
category_id=category_id).first()
return render_template('edititem.html', item=item)
def newCategory():
""" View Function to create a new category. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
# Check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
# If user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
if not catName:
return redirect(request.url)
if file and allowed_file(file.filename):
filename = rename_file(catName, file.filename)
new_category = Category(name=catName,
user_id=session['user_id'],
picture=filename)
db_session.add(new_category)
db_session.commit()
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('New category %s added!' % catName)
return redirect(url_for('showCategory'))
else:
return redirect(request.url)
else:
app.jinja_env.globals['csrf_token'] = generate_csrf_token
return render_template('newcategory.html')
def newItem():
""" View function to create new Item. Performs CSFR validation """
if request.method == 'POST':
csfr_token = request.form.get('_csrf_token')
validate_csfr(csfr_token)
catName = request.form.get('catName')
itemName = request.form.get('itemName')
itemDescription = request.form.get('itemDescription')
# Field validations are already performed at client side with JS
# Catches empty field value in case of forged post request
if not catName or not itemName or not itemDescription:
return redirect(request.url)
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part in the request')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if not itemName:
return redirect(request.url)
# Find the id of next item and its image in db and use it in rename the file
# accordingly for storage
item_id = db_session.query(Item.id).order_by(Item.id.desc()).first()
pic_num = db_session.query(Picture.id).order_by(
Picture.id.desc()).first()
if item_id is None:
item_id = 0
else:
item_id = item_id[0]
if pic_num is None:
pic_num = 0
else:
pic_num = pic_num[0]
item_id += 1
pic_num += 1
print item_id, pic_num
if file:
if allowed_file(file.filename):
filename = rename_file(itemName, file.filename, catName,
item_id, pic_num)
category = db_session.query(
Category.id).filter_by(name=catName).one()
new_item = Item(name=itemName,
description=itemDescription,
category_id=category.id,
user_id=session['user_id'])
db_session.add(new_item)
db_session.commit()
new_picture = Picture(name=filename,
item_id=new_item.id,
user_id=session['user_id'])
db_session.add(new_picture)
db_session.commit()
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
flash('New Item %s added!' % itemName)
return redirect(url_for('showCategory'))
else:
flash("Invalid format")
return redirect(request.url)
else:
category = db_session.query(
Category.id).filter_by(name=catName).one()
new_item = Item(name=itemName,
description=itemDescription,
category_id=category.id,
user_id=session['user_id'])
db_session.add(new_item)
db_session.commit()
flash('New Item %s added!' % itemName)
return redirect(url_for('showCategory'))
else:
app.jinja_env.globals['csrf_token'] = generate_csrf_token
categories = db_session.query(Category.name).all()
# To make this list JSON serializable for autocomplete functionality in template
categories = [category[0] for category in categories]
return render_template('newitem.html', categories=categories)