def item_edit(catalog, item): """ For modifying item arguments: catalog : catalog name item : item name """ # Find item user_id = login_session.get('user_id') this_one = db.session.query(Item).join(Catalog).filter( Item.name == item).filter(Catalog.name == catalog).one() # Show 404 error if it does not exist if not this_one: abort(404) # Show 401 error if current user is not the owner if this_one.user_id != user_id: abort(401) #Show page to user form_action = url_for('catalog.item_edit', catalog=catalog, item=item) if request.method == 'GET': form = ItemForm(obj=this_one) return render_template('catalog/item_edit.html', form_action=form_action, form=form) #Process data when user posts data form = ItemForm(request.form) if request.method == 'POST' and form.validate(): try: filename = upload_file(request.files['image_file']) form.populate_obj(this_one) this_one.filename = filename db.session.merge(this_one) db.session.commit() flash('Item updated successfully!') except: db.session.rollback() flash('Failed to update this item!', 'error') return redirect('/') else: return redirect(request.path)