Пример #1
0
def itemDelete():
    """
    Deletes an item owned by the current user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("item_delete_parent"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    item_name = bleach.clean(request.values.get("item_delete_name"))
    item = dal.get_item_by_name(cat.cat_id, item_name)
    if not item:
        return not_found_error()

    if active_user.user_id != item.creator_id:
        return not_authorized_error()

    # All checks passed
    generate_nonce()
    dal.delete_item(item.item_id)
    return redirect("/")
Пример #2
0
def itemDelete():
    """
    Deletes an item owned by the current user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("item_delete_parent"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    item_name = bleach.clean(request.values.get("item_delete_name"))
    item = dal.get_item_by_name(cat.cat_id, item_name)
    if not item:
        return not_found_error()

    if active_user.user_id != item.creator_id:
        return not_authorized_error()

    # All checks passed
    generate_nonce()
    dal.delete_item(item.item_id)
    return redirect("/")
Пример #3
0
def itemUpdate():
    """
    Selectively update fields on an item owned by the logged-in user
    """
    # This will take a few steps. Start with loading the old object and performing
    # our usual auth process.
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    old_parent_name = bleach.clean(
        request.values.get("item_update_old_parent"))
    old_parent = dal.get_category_by_name(old_parent_name)
    if not old_parent:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    old_item_name = bleach.clean(request.values.get("item_update_old_name"))
    old_item = dal.get_item_by_name(old_parent.cat_id, old_item_name)
    if not old_item:
        return not_found_error()

    # Item was found, security checks out.  Now pull in the new values from
    # the request.  If a field is empty, it's assumed that the user doesn't
    # want to change it.  Set to None so the DAL will skip those.
    new_item_name = bleach.clean(
        request.values.get("item_update_new_name")) or None
    desc = bleach.clean(request.values.get("item_update_description")) or None

    raw_pic_data = request.files["item_update_pic"] or None
    pic_data = None
    try:
        if raw_pic_data:
            pic_data = validate_picture(raw_pic_data)
    except InvalidPictureError:
        return bad_request_error()

    new_parent_name = bleach.clean(
        request.values.get("item_update_new_parent")) or None

    new_cat = dal.get_category_by_name(new_parent_name)
    new_cat_id = new_cat.cat_id if new_cat else None

    # New values look good.  All checks passed.
    generate_nonce()
    dal.update_item(old_item.item_id,
                    name=new_item_name,
                    description=desc,
                    pic_id=old_item.pic_id,
                    pic=pic_data,
                    cat_id=new_cat_id)
    redirect_cat = new_parent_name or old_parent_name
    redirect_item = new_item_name or old_item_name
    return redirect("/catalog/{}/{}/".format(redirect_cat, redirect_item))
Пример #4
0
def render(filename, **kwargs):
    """
    Decorator for flask's render_template() function.
    Passes along any provided kwargs after adding in a few fields
    required by our base template, like info on the logged in user
    and sidebar items.
    """
    kwargs["current_user"] = get_active_user()
    kwargs["items_by_cat"] = list_items_by_cat()
    kwargs["state"] = get_current_nonce()
    return render_template(filename, **kwargs)
Пример #5
0
def render(filename, **kwargs):
    """
    Decorator for flask's render_template() function.
    Passes along any provided kwargs after adding in a few fields
    required by our base template, like info on the logged in user
    and sidebar items.
    """
    kwargs["current_user"] = get_active_user()
    kwargs["items_by_cat"] = list_items_by_cat()
    kwargs["state"] = get_current_nonce()
    return render_template(filename, **kwargs)
Пример #6
0
def itemUpdate():
    """
    Selectively update fields on an item owned by the logged-in user
    """
    # This will take a few steps. Start with loading the old object and performing
    # our usual auth process.
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    old_parent_name = bleach.clean(request.values.get("item_update_old_parent"))
    old_parent = dal.get_category_by_name(old_parent_name)
    if not old_parent:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    old_item_name = bleach.clean(request.values.get("item_update_old_name"))
    old_item = dal.get_item_by_name(old_parent.cat_id, old_item_name)
    if not old_item:
        return not_found_error()

    # Item was found, security checks out.  Now pull in the new values from
    # the request.  If a field is empty, it's assumed that the user doesn't
    # want to change it.  Set to None so the DAL will skip those.
    new_item_name = bleach.clean(request.values.get("item_update_new_name")) or None
    desc = bleach.clean(request.values.get("item_update_description")) or None

    raw_pic_data = request.files["item_update_pic"] or None
    pic_data = None
    try:
        if raw_pic_data:
            pic_data = validate_picture(raw_pic_data)
    except InvalidPictureError:
        return bad_request_error()

    new_parent_name = bleach.clean(request.values.get("item_update_new_parent")) or None

    new_cat = dal.get_category_by_name(new_parent_name)
    new_cat_id = new_cat.cat_id if new_cat else None

    # New values look good.  All checks passed.
    generate_nonce()
    dal.update_item(old_item.item_id, name=new_item_name, description=desc,
        pic_id=old_item.pic_id, pic=pic_data, cat_id=new_cat_id)
    redirect_cat = new_parent_name or old_parent_name
    redirect_item = new_item_name or old_item_name
    return redirect("/catalog/{}/{}/".format(redirect_cat, redirect_item))
Пример #7
0
def itemCreate():
    """
    Creates a new item owned by the logged-in user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("item_create_parent"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    item_name = bleach.clean(request.values.get("item_create_name"))
    duplicate = dal.get_item_by_name(cat.cat_id, item_name)
    if duplicate:
        return already_exists_error()

    try:
        pic_data = validate_picture(request.files["item_create_pic"])
    except InvalidPictureError:
        return bad_request_error()

    # All checks passed
    generate_nonce()
    desc = bleach.clean(request.values.get("item_create_description"))
    item_id = dal.create_item(item_name, cat.cat_id, active_user.user_id,
                              pic_data, desc)
    if not item_id:
        logging.error(
            "Unable to create item: did not receive an item_id from database")
        return internal_error()
    item = dal.get_item(item_id)
    if not item:
        logging.error(
            "Unable to create item: an instance was not created for item_id {}"
            .format(item_id))
        return internal_error()
    return redirect("/catalog/{}/{}/".format(cat_name, item_name))
Пример #8
0
def itemCreate():
    """
    Creates a new item owned by the logged-in user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("item_create_parent"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    item_name = bleach.clean(request.values.get("item_create_name"))
    duplicate = dal.get_item_by_name(cat.cat_id, item_name)
    if duplicate:
        return already_exists_error()

    try:
        pic_data = validate_picture(request.files["item_create_pic"])
    except InvalidPictureError:
        return bad_request_error()

    # All checks passed
    generate_nonce()
    desc = bleach.clean(request.values.get("item_create_description"))
    item_id = dal.create_item(
        item_name, cat.cat_id, active_user.user_id, pic_data, desc)
    if not item_id:
        logging.error("Unable to create item: did not receive an item_id from database")
        return internal_error()
    item = dal.get_item(item_id)
    if not item:
        logging.error(
            "Unable to create item: an instance was not created for item_id {}".format(item_id))
        return internal_error()
    return redirect("/catalog/{}/{}/".format(cat_name, item_name))
Пример #9
0
def categoryCreate():
    """
    Creates a new category owned by the logged-in user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    cat_name = bleach.clean(request.values.get("cat_create_name"))
    duplicate = dal.get_category_by_name(cat_name)
    if duplicate:
        return already_exists_error()

    # All checks passed
    generate_nonce()
    cat_id = dal.create_category(cat_name, active_user.user_id)
    return redirect("/")
Пример #10
0
def categoryCreate():
    """
    Creates a new category owned by the logged-in user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    cat_name = bleach.clean(request.values.get("cat_create_name"))
    duplicate = dal.get_category_by_name(cat_name)
    if duplicate:
        return already_exists_error()

    # All checks passed
    generate_nonce()
    cat_id = dal.create_category(cat_name, active_user.user_id)
    return redirect("/")
Пример #11
0
def categoryDelete():
    """
    Deletes a category owned by the logged-in user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("cat_delete_name"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()
    if active_user.user_id != cat.creator_id:
        return not_authorized_error()

    # All checks passed
    generate_nonce()
    dal.delete_category(cat.cat_id)
    return redirect("/")
Пример #12
0
def categoryDelete():
    """
    Deletes a category owned by the logged-in user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("cat_delete_name"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()
    if active_user.user_id != cat.creator_id:
        return not_authorized_error()

    # All checks passed
    generate_nonce()
    dal.delete_category(cat.cat_id)
    return redirect("/")