def delete_image(album_id, image_id):
"""Page for deleting image from album."""
item = session.query(Image).filter_by(id=image_id).one()
# protect page from unauthorized people using url to directly access:
if login_session['user_id'] != item.user_id:
return alert_script("delete this image")
album = session.query(Album).filter_by(id=album_id).one()
if request.method == 'POST':
# delete image, if exits:
if item.file_name:
os.remove(os.path.join(
app.config['UPLOAD_FOLDER'], str(album_id), item.file_name))
# try committing changes:
if not commit_changes(item, 'delete'):
return redirect(url_for('show_albums'))
# flash message:
flash("Image successfully deleted")
return redirect(url_for('show_images', album_id=album_id))
else:
return render_template('deleteImage.html', album=album, item=item, title='Delete Image')
def delete_album(album_id):
"""Page for deleting an album."""
album = session.query(Album).filter_by(id=album_id).one()
# protect page from unauthorized people using url to directly access:
if login_session['user_id'] != album.user_id:
return alert_script("delete this album")
if request.method == 'POST':
# we want to delete all items recursively when we delete an album:
album_images = session.query(Image).filter_by(album_id=album_id).all()
for x in album_images:
session.delete(x)
# try committing changes:
if not commit_changes(album, 'delete'):
return redirect(url_for('show_albums'))
# delete media folder:
shutil.rmtree(album.file_path)
# flash message:
flash("Album successfully deleted")
return redirect(url_for('show_albums'))
else:
return render_template('deleteAlbum.html', album=album, title='Delete Album')
def show_images(album_id):
"""Page that shows all images in the album."""
album = session.query(Album).filter_by(id=album_id).one()
images = session.query(Image).filter_by(album_id=album_id).all()
# check to see if images belong to creator of the images:
creator = get_user_info(album.user_id)
# if user is creator, render the page where he has add/delete/edit options:
if 'username' not in login_session or \
(creator.id != login_session['user_id']):
return render_template('publicImages.html', album=album, images=images, title='Public Images')
else:
return render_template('images.html', album=album, images=images, title='Images')
def edit_image(album_id, image_id):
"""Page for editing image's name and description."""
item = session.query(Image).filter_by(id=image_id).one()
# protect page from unauthorized people using url to directly access:
if login_session['user_id'] != item.user_id:
return alert_script("edit this image")
if request.method == 'POST':
# make changes to items:
item.name = request.form['itemName']
item.description = request.form['itemText']
# try committing changes:
if not commit_changes(item, 'add'):
return redirect(url_for('show_albums'))
# flash message:
flash("Image successfully edited")
return redirect(url_for('show_images', album_id=album_id))
else:
return render_template('editImage.html', album_id=album_id, item=item, title='Edit Image')
def get_user_id(email):
"""Returns user_id given email address."""
try:
user = session.query(User).filter_by(email=email).first()
return user.id
except AttributeError:
return None
def image_items_xml(album_id, image_id):
"""List image info for given image as XML."""
item = session.query(Image).filter_by(id=image_id).all()
data = [x.serialize for x in item]
template = render_template("xmlEndpoint.xml", data=data, wrap="image")
response_ = make_response(template)
response_.headers['Content-Type'] = 'application/xml'
return response_
def albums_xml():
"""List all albums as XML."""
albums = session.query(Album).all()
data = [x.serialize for x in albums]
template = render_template("xmlEndpoint.xml", data=data, wrap="all_albums")
response_ = make_response(template)
response_.headers['Content-Type'] = 'application/xml'
return response_
def show_albums():
"""The main/home page where user sees all created albums."""
albums = session.query(Album).all()
# if logged in, render the page where user has add/delete/edit options:
if 'username' not in login_session:
return render_template('publicAlbums.html', albums=albums, title='Public Albums')
else:
return render_template('albums.html', albums=albums, title='Albums')
def create_user(login_session):
"""Uses login_session to add user to database."""
new_user = User(name =login_session['username'],
email =login_session['email'],
picture =login_session['picture'])
session.add(new_user)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def edit_album(album_id):
"""Page for editing album name."""
album = session.query(Album).filter_by(id=album_id).one()
# protect page from unauthorized people using url to directly access:
if login_session['user_id'] != album.user_id:
return alert_script("edit this album")
if request.method == 'POST':
if request.form['name']:
album.name = request.form['name']
# flash message:
flash("Album successfully edited")
return redirect(url_for('show_albums'))
else:
return render_template('editAlbum.html', album=album, title='Edit Album')
def new_image(album_id):
"""Page for adding image to album."""
album = session.query(Album).filter_by(id=album_id).one()
# protect page from unauthorized people using url to directly access:
if login_session['user_id'] != album.user_id:
return alert_script("create a new image")
if request.method == 'POST':
# for handling image upload:
file_ = request.files['file_']
# check if a file was uploaded and filename is valid:
if file_ and allowed_file(file_.filename):
file_name = secure_filename(file_.filename)
file_path = album.file_path + "/" + file_name
file_.save(file_path)
else:
flash("Please select a valid file to upload")
return redirect(url_for('show_images', album_id=album_id))
# create Image object with all fields [name, description, file_name]
item = Image(name =request.form['itemName'],
description =request.form['itemText'],
file_name =file_name,
album_id =album_id,
user_id =album.user_id
)
# try committing changes:
if not commit_changes(item, 'add'):
return redirect(url_for('show_albums'))
# flash message:
flash("New image successfully created: %s" % item.file_name)
return redirect(url_for('show_images', album_id=album_id))
else:
return render_template('newImage.html', album=album, title='New Image')
def get_user_info(user_id):
"""Returns User object given user_id."""
user_object = session.query(User).filter_by(id=user_id).first()
return user_object
def image_items_json(album_id, image_id):
"""List image info for given image as JSON."""
item = session.query(Image).filter_by(id=image_id).all()
return jsonify(ImageItem=[x.serialize for x in item])
def images_json(album_id):
"""List images for given album as JSON."""
items = session.query(Image).filter_by(album_id=album_id).all()
return jsonify(Images=[x.serialize for x in items])
def albums_json():
"""List all albums as JSON."""
albums = session.query(Album).all()
return jsonify(Albums=[x.serialize for x in albums])
