Exemplo n.º 1
0
def delete_category(cat_id):
    form = ConfirmForm()
    categories = session.query(Category).all()
    category = session.query(Category).filter_by(id=cat_id).first()
    items = session.query(Item).filter_by(category_id=cat_id).all()
    # Flask-WTF and WTForms is used to manage form creation and to provide
    # CSRF protection
    if form.validate_on_submit():
        session.delete(category)
        # If there are items in this category, they will be also deleted
        # from the database.
        # Implemented cascade property in models.py therefore this is no
        # longer necessary.
        # if items:
        #     for item in items:
        #         session.delete(item)
        session.commit()
        flash("Category deleted successfully.", "flash-success")
        return redirect(url_for('index'))
    if (category.user_id != login_session['user_id']):
        flash("You must be the owner to delete this category.",
              "flash-warning")
        return redirect(url_for('category_list', cat_id=category.id))
    else:
        return render_template('delete_category.html',
                               categories=categories,
                               category=category,
                               items=items,
                               form=form)
def edit_item(category_name, item_name):
    category = session.query(Category).filter_by(name=category_name).one()
    edited_item = session.query(Item).filter_by(name=item_name,
                                                category_id=category.id).one()

    # Authorisation - check if current user can edit the item
    # Only a user who created an item can edit/delete it
    user_id = get_user_id(login_session['email'])
    if edited_item.user_id != user_id:
        message = json.dumps('You are not allowed to edit the item')
        response = make_response(message, 403)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Post method
    if request.method == 'POST':
        if request.form['name']:
            edited_item.name = request.form['name']
        if request.form['description']:
            edited_item.description = request.form['description']
        if request.form['category']:
            category = session.query(Category).filter_by(name=request.form
                                                         ['category']).one()
            edited_item.category = category

        session.add(edited_item)
        session.commit()
        return redirect(url_for('show_category',
                                category_name=edited_item.category.name))
    else:
        categories = session.query(Category).all()
        return render_template('edit_page.html', item=edited_item,
                               categories=categories)
Exemplo n.º 3
0
def createUser(login_session):
    newUser = User(username=login_session['username'],
                   email=login_session['email'],
                   picture=login_session['picture'])
    session.add(newUser)
    session.commit()
    user = session.query(User).filter_by(email=login_session['email']).one()
    return user.id
def create_user(login_session):
    """ User helper functions
        Creates a new user in our db
    """
    new_user = User(name=login_session['username'],
                    email=login_session['email'])
    session.add(new_user)
    session.commit()
    user = session.query(User).filter_by(email=login_session['email']).one()
    return user.id
Exemplo n.º 5
0
def add_category():
    form = CategoryForm()
    categories = session.query(Category).all()
    if form.validate_on_submit():
        name = form.name.data
        new_category = Category(name=name, user_id=login_session['user_id'])
        session.add(new_category)
        session.commit()
        flash('New Category Added', "flash-success")
        return redirect(url_for('category_list', cat_id=new_category.id))
    return render_template('add_category.html',
                           categories=categories,
                           form=form)
def add_item():
    categories = session.query(Category).all()
    if request.method == 'POST':
        new_item = Item(
            name=request.form['name'],
            description=request.form['description'],
            category=session.query(Category).
            filter_by(name=request.form['category']).one(),
            user_id=login_session['user_id'])

        session.add(new_item)
        session.commit()

        return redirect(url_for('show_catalog'))
    else:
        return render_template('add_page.html', categories=categories)
Exemplo n.º 7
0
def delete_item(item_id):
    form = ConfirmForm()
    categories = session.query(Category).all()
    item = session.query(Item).filter_by(id=item_id).first()
    if item.user_id != login_session['user_id']:
        flash("You must be the owner to delete this item.", "flash-warning")
        return redirect(url_for('item', item_id=item.id))
    if form.validate_on_submit():
        session.delete(item)
        session.commit()
        flash('Item successfully deleted.', "flash-success")
        return redirect(url_for('index'))
    return render_template('delete_item.html',
                           categories=categories,
                           item=item,
                           form=form)
Exemplo n.º 8
0
def add_item(cat_id):
    form = ItemForm()
    categories = session.query(Category).all()
    category = session.query(Category).filter_by(id=cat_id).first()
    if form.validate_on_submit():
        new_item = Item(name=form.name.data,
                        description=form.description.data or "No description",
                        category_id=category.id,
                        user_id=login_session['user_id'])
        print new_item
        session.add(new_item)
        session.commit()
        flash('Item added successfully.', "flash-success")
        return redirect(url_for('category_list', cat_id=category.id))
    return render_template('add_item.html',
                           categories=categories,
                           category=category,
                           form=form)
Exemplo n.º 9
0
def edit_item(item_id):
    form = ItemEditForm()
    item = session.query(Item).filter_by(id=item_id).one()

    if item.user_id != login_session['user_id']:
        flash("You must be the owner to make changes to this item.",
              "flash-warning")
        return redirect(url_for('item', item_id=item.id))

    # The choices for the dropdown selectfield is dynamically populated by
    # querying the Category table.
    categories = session.query(Category).all()

    # The default value of the selectfield is also dynamically set.
    category = session.query(Category).all()
    select_field = [(c.id, c.name) for c in category]
    if request.method == 'POST':
        item.name = form.name.data
        item.description = form.description.data
        item.category_id = form.category_id.data
        session.commit()
        flash('Item edited successfully.', "flash-success")
        return redirect(url_for('item', item_id=item.id))
    if request.method == 'GET':

        # Dynamically assigned selectfield and default value is assigned
        form.category_id.choices = select_field
        form.category_id.default = item.category_id

        # form.process() is run to process the choices and default value
        form.process()

        # The form is provided with the default values after the selectfied
        # has been processed.
        form.name.data = item.name
        form.description.data = item.description
    return render_template('edit_item.html',
                           categories=categories,
                           category=category,
                           item=item,
                           form=form)
def delete_item(category_name, item_name):
    category = session.query(Category).filter_by(name=category_name).one()
    item_to_delete = session.query(Item).filter_by(name=item_name,
                                                   category=category).one()

    # Authorisation - check if current user can edit the item
    # Only a user who created an item can edit/delete it
    user_id = get_user_id(login_session['email'])
    if item_to_delete.user_id != user_id:
        message = json.dumps('You are not allowed to delete the item')
        response = make_response(message, 403)
        response.headers['Content-Type'] = 'application/json'
        return response

    if request.method == 'POST':
        session.delete(item_to_delete)
        session.commit()
        return redirect(url_for('show_category',
                                category_name=category.name))

    else:
        return render_template('delete_page.html', item=item_to_delete)