Exemplo n.º 1
0
def item_delete(item_id):
    """
    View for deleting an existing item. Check if current user is owner. Aborts otherwise.
    :param item_id: id of requested item
    :context item: Instance of :model:`item_catalog.Item`
    :template: `item_delete.html`
    """
    item = Item.query.get_or_404(item_id)

    # Check if user is logged in and the item owner. Abort if either check fails
    if not check_login(session) or not is_item_owner(item, session.get('user_id')):
        abort(403)

    if request.method == 'POST':
        db.session.delete(item)
        db.session.commit()
        flash("Successfully Deleted %s" % item.name, 'notice')
        return redirect(url_for('category_view', category_id=item.category_id))

    return render_template('item_delete.html', item=item)
Exemplo n.º 2
0
def item_view(item_id, category_id=None):
    """
    View to view all details of specified item.
    :param item_id: id of requested item
    :param category_id: optional, id of category of requested item
    :context category: Instance of :model:`item_catalog.Category`
    :context item: Instance of :model:`item_catalog.Item`
    :template: `item_view.html`
    """
    if category_id:
        category = Category.query.get_or_404(category_id)
        item = Item.query.filter_by(id=item_id, category=category).first_or_404()
    else:
        category = None
        item = Item.query.get_or_404(item_id)

    # Check if user is owner
    owner = check_login(session) and is_item_owner(item, session.get('user_id'))

    return render_template('item_view.html', category=category, item=item, owner=owner)
Exemplo n.º 3
0
def item_edit(item_id):
    """
    View for editing an existing item. Check if current user is owner. Aborts otherwise.
    :param item_id: id of requested item
    :context form: Instance of :form:`item_catalog.ItemForm`
    :context item: Instance of :model:`item_catalog.Item`
    :template: `item_edit.html`
    """
    item = Item.query.get_or_404(item_id)

    # Check if user is logged in and the item owner. Abort if either check fails
    if not check_login(session) or not is_item_owner(item, session.get('user_id')):
        abort(403)

    form = ItemForm(obj=item)

    if form.validate_on_submit():
        item_path = item.picture

        if form.picture.data:
            data = form.picture.data
            filename = secure_filename(data.filename)
            try:
                item_path = save_uploaded_image(filename, data, item)
            except:
                abort(500)

        form.populate_obj(item)
        item.picture = item_path
        item.edit_timestamp = datetime.utcnow()
        db.session.add(item)
        db.session.commit()
        flash("Successfully Saved %s" % item.name, 'notice')
        return redirect(url_for('item_view', item_id=item.id))

    return render_template('item_edit.html', form=form, item=item)