Exemplo n.º 1
0
def gconnect():
    if request.args.get('state') != login_session['state']:
        return json_response('Invalid state parameter', 400)

    authorization_code = request.data

    try:
        credentials = upgrade_to_credentials(authorization_code)
    except FlowExchangeError:
        return json_response('Failed to upgrade the authorization code.', 401)

    access_token_info = token_info(credentials.access_token)
    if access_token_info.get('error') is not None:
        error = access_token_info.get('error')
        return json_response(error, 500)

    gplus_id = credentials.id_token['sub']
    if access_token_info['user_id'] != gplus_id:
        return json_response("Token's user ID doesn't match given user ID.", 401)

    if access_token_info['issued_to'] != CLIENT_ID:
        return json_response("Token's client ID does not match this app.", 401)

    if is_already_logged_in(login_session):
        return json_response("Current user is already connected.", 401)

    user_info = get_user_info(credentials.access_token)
    update_login_session(login_session, credentials, gplus_id, user_info)
    db_update_user(session, login_session)

    flash("You are now logged in as %s" % login_session['username'])
    return '<html></html>'
Exemplo n.º 2
0
def show_items_in_category(category_id):
    category = db_category(session, category_id)
    items = db_items_in_category(session, category_id)
    return render_template('category.html',
                           category=category,
                           items=items,
                           is_logged_in=is_already_logged_in(login_session))
Exemplo n.º 3
0
def catalog():
    categories = db_categories(session)
    latest_items = db_latest_items(session)
    return render_template('catalog.html',
                           categories=categories,
                           latest_items=latest_items,
                           is_logged_in=is_already_logged_in(login_session))
Exemplo n.º 4
0
def gconnect():
    if request.args.get('state') != login_session['state']:
        return json_response('Invalid state parameter', 400)

    authorization_code = request.data

    try:
        credentials = upgrade_to_credentials(authorization_code)
    except FlowExchangeError:
        return json_response('Failed to upgrade the authorization code.', 401)

    access_token_info = token_info(credentials.access_token)
    if access_token_info.get('error') is not None:
        error = access_token_info.get('error')
        return json_response(error, 500)

    gplus_id = credentials.id_token['sub']
    if access_token_info['user_id'] != gplus_id:
        return json_response("Token's user ID doesn't match given user ID.",
                             401)

    if access_token_info['issued_to'] != CLIENT_ID:
        return json_response("Token's client ID does not match this app.", 401)

    if is_already_logged_in(login_session):
        return json_response("Current user is already connected.", 401)

    user_info = get_user_info(credentials.access_token)
    update_login_session(login_session, credentials, gplus_id, user_info)
    db_update_user(session, login_session)

    flash("You are now logged in as %s" % login_session['username'])
    return '<html></html>'
Exemplo n.º 5
0
def delete_item(category_id, item_id):
    if request.method == 'POST':
        item = db_item(session, item_id)
        if item and is_logged_in_as_owner(login_session, item.user_id):
            db_delete_item(session, item)
            return redirect(
                url_for('show_items_in_category', category_id=category_id))
        else:
            # problem with item, try again
            return redirect(
                url_for('delete_item',
                        category_id=category_id,
                        item_id=item_id))
    else:
        category = db_category(session, category_id)
        item = db_item(session, item_id)
        if is_logged_in_as_owner(login_session, item):
            return render_template(
                'deleteitem.html',
                category=category,
                item=item,
                is_logged_in=is_already_logged_in(login_session))
        else:
            flash(
                "To delete an item, you must first be logged as the item's owner."
            )
            return redirect(url_for('showLogin'))
Exemplo n.º 6
0
def edit_item(category_id, item_id):
    if request.method == 'POST':
        item_from_database = db_item(session, item_id)
        item_from_form = item_from_request_post(request)
        if item_from_form and is_logged_in_as_owner(
                login_session, item_from_database.user_id):
            item_from_database.name = item_from_form.name
            item_from_database.description = item_from_form.description

            session.commit()
            return redirect(
                url_for('show_items_in_category', category_id=category_id))
        else:
            # problem with item, try again
            return redirect(
                url_for('edit_item', category_id=category_id, item_id=item_id))
    else:
        category = db_category(session, category_id)
        item = db_item(session, item_id)
        if is_logged_in_as_owner(login_session, item):
            cancel_url = '/catalog/category/' + str(
                item.category_id) + '/item/' + str(item_id)
            return render_template(
                'edititem.html',
                category=category,
                item=item,
                cancel_url=cancel_url,
                is_logged_in=is_already_logged_in(login_session))
        else:
            flash(
                "To edit an item, you must first be logged in as the item's owner."
            )
            return redirect(url_for('showLogin'))
Exemplo n.º 7
0
def add_item(category_id):
    if request.method == 'POST':
        item = item_from_request_post(request)
        if item and is_already_logged_in(login_session):
            item.category_id = category_id
            item.user_id = login_session['id']
            db_save_item(session, item)
            return redirect(url_for('show_items_in_category', category_id=category_id))
        else:
            # problem with item, try again
            return redirect(url_for('add_item', category_id=category_id))
    else:
        if is_already_logged_in(login_session):
            category = db_category(session, category_id)
            return render_template('additem.html', category=category)
        else:
            flash("To add an item, you must first log in.")
            return redirect(url_for('showLogin'))
Exemplo n.º 8
0
def show_item(category_id, item_id):
    category = db_category(session, category_id)
    item = db_item(session, item_id)
    return render_template('item.html',
                           category=category,
                           item=item,
                           is_logged_in=is_already_logged_in(login_session),
                           is_logged_in_owner=is_logged_in_as_owner(
                               login_session, item.user_id))
Exemplo n.º 9
0
def add_item(category_id):
    if request.method == 'POST':
        item = item_from_request_post(request)
        if item and is_already_logged_in(login_session):
            item.category_id = category_id
            item.user_id = login_session['id']
            db_save_item(session, item)
            return redirect(
                url_for('show_items_in_category', category_id=category_id))
        else:
            return redirect(url_for('add_item', category_id=category_id))
    else:
        if is_already_logged_in(login_session):
            category = db_category(session, category_id)
            return render_template('additem.html', category=category)
        else:
            flash("To add an item, you must first log in.")
            return redirect(url_for('showLogin'))
Exemplo n.º 10
0
def delete_item(category_id, item_id):
    if request.method == 'POST':
        item = db_item(session, item_id)
        if item and is_logged_in_as_owner(login_session, item.user_id):
            db_delete_item(session, item)
            return redirect(url_for('show_items_in_category', category_id=category_id))
        else:
            # problem with item, try again
            return redirect(url_for('delete_item', category_id=category_id, item_id=item_id))
    else:
        category = db_category(session, category_id)
        item = db_item(session, item_id)
        if is_logged_in_as_owner(login_session, item):
            return render_template('deleteitem.html', category=category, item=item,
                                   is_logged_in=is_already_logged_in(login_session))
        else:
            flash("To delete an item, you must first be logged as the item's owner.")
            return redirect(url_for('showLogin'))
Exemplo n.º 11
0
def edit_item(category_id, item_id):
    if request.method == 'POST':
        item_from_database = db_item(session, item_id)
        item_from_form = item_from_request_post(request)
        if item_from_form and is_logged_in_as_owner(login_session, item_from_database.user_id):
            item_from_database.name = item_from_form.name
            item_from_database.description = item_from_form.description

            session.commit()
            return redirect(url_for('show_items_in_category', category_id=category_id))
        else:
            # problem with item, try again
            return redirect(url_for('edit_item', category_id=category_id, item_id=item_id))
    else:
        category = db_category(session, category_id)
        item = db_item(session, item_id)
        if is_logged_in_as_owner(login_session, item):
            cancel_url = '/catalog/category/' + str(item.category_id) + '/item/' + str(item_id)
            return render_template('edititem.html', category=category, item=item, cancel_url=cancel_url,
                                   is_logged_in=is_already_logged_in(login_session))
        else:
            flash("To edit an item, you must first be logged in as the item's owner.")
            return redirect(url_for('showLogin'))
Exemplo n.º 12
0
def show_item(category_id, item_id):
    category = db_category(session, category_id)
    item = db_item(session, item_id)
    return render_template('item.html', category=category, item=item,
                           is_logged_in=is_already_logged_in(login_session),
                           is_logged_in_owner=is_logged_in_as_owner(login_session, item.user_id))
Exemplo n.º 13
0
def show_items_in_category(category_id):
    category = db_category(session, category_id)
    items = db_items_in_category(session, category_id)
    return render_template('category.html', category=category, items=items,
                           is_logged_in=is_already_logged_in(login_session))
Exemplo n.º 14
0
def catalog():
    categories = db_categories(session)
    latest_items = db_latest_items(session)
    return render_template('catalog.html', categories=categories, latest_items=latest_items,
                           is_logged_in=is_already_logged_in(login_session))