def editFood(food_id):
food = db.session.query(Food).filter_by(id=food_id).one()
current_user = get_user()
if food.protected:
# Cannot edit a food that is protected
return render_template('unauthorizedFood.html', food=food)
if current_user is None:
return render_template('clientOAuth.html')
if request.method == 'POST':
food.name = request.form['name']
if not food.validate_object():
flash("The name field is blank, which is not allowed!")
return render_template('editFood.html')
prospective_url = bleach.clean(request.form['picture'])
url_resp = Food.verify_valid_pic(prospective_url)
food.picture = url_resp
db.session.add(food)
db.session.commit()
if request.form['redirect_choice'] == 'Varieties':
return redirect(url_for('foodVarieties', food_id=food.id))
elif request.form['redirect_choice'] == 'ReturnDatabase':
return redirect(url_for('showFoods'))
else:
return render_template('editFood.html', food=food)
def newFood():
current_user = get_user()
if current_user is None:
# Must be logged in to create a food
return render_template('clientOAuth.html')
if request.method == 'POST':
newFood = Food(name=request.form['name'])
if not newFood.validate_object():
flash("The name field is blank, which is not allowed!")
return render_template('newFood.html')
# Only add a picture if it is valid
prospective_url = bleach.clean(request.form['picture'])
url_resp = Food.verify_valid_pic(prospective_url)
if url_resp is not None:
newFood.picture = url_resp
db.session.add(newFood)
db.session.commit()
new_food = newFood.id
if request.form['redirect_choice'] == 'EditMenu':
return redirect(url_for('foodVarieties', food_id=food.id))
elif request.form['redirect_choice'] == 'ReturnDatabase':
return redirect(url_for('showFoods'))
else:
return render_template('newFood.html')
