def delete_item(category_id, item_id): """ Route that renders the page to delete an item. This method validate that the user is logged in, and the item were created by him, to avoid malicious behaviors in the url. The item is deleted from database and the folder created to store the uploaded images is deleted as well. Args: category_id: The id of the category of the item to be deleted. item_id: The id of the item to be deleted. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) item = db_session.query(Item).filter_by(id=item_id, category_id=category_id).one() if login_session['user_id'] != item.user_id: flash("You can only modify items created by you", category="error") return redirect( url_for('get_item_by_category', category_id=category_id, item_id=item_id)) form = DeleteForm() if form.validate_on_submit(): delete_dir('static/images/uploads/' + str(item.id)) db_session.delete(item) db_session.commit() flash("Item '{}' successfully deleted".format(item.name)) if category_id > 0: return redirect( url_for('get_category', category_id=category_id)) else: return redirect(url_for('index')) else: categories = db_session.query(Category).order_by( Category.name).all() return render_template('delete_item.html', categories=categories, active_category=int(category_id), item=item, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))
def delete_category(category_id): """ Route that renders the page to delete a category. This method validate that the user is logged in, and the category were created by him, to avoid malicious behaviors in the url. The category is deleted from database and all the items that belongs to this category are deleted in cascade, as well as all the images associated with the items. All the items are deleted even if weren't created for this user, it is enough to be the owner of the category. Args: category_id: The id of the category to be deleted. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) category = db_session.query(Category).filter_by(id=category_id).one() if login_session['user_id'] != category.user_id: flash("You can only modify categories created by you", category="error") return redirect(url_for('get_category', category_id=category_id)) form = DeleteForm() if form.validate_on_submit(): items = db_session.query(Item).filter_by( category_id=category_id).all() for item in items: delete_dir('static/images/uploads/' + str(item.id)) db_session.delete(category) db_session.commit() flash("Category '{}' successfully deleted".format(category.name)) return redirect(url_for('index')) else: categories = db_session.query(Category).order_by( Category.name).all() return render_template('delete_category.html', categories=categories, active_category=int(category_id), category=category, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))
def delete_item(category_id, item_id): """ Route that renders the page to delete an item. This method validate that the user is logged in, and the item were created by him, to avoid malicious behaviors in the url. The item is deleted from database and the folder created to store the uploaded images is deleted as well. Args: category_id: The id of the category of the item to be deleted. item_id: The id of the item to be deleted. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) item = db_session.query(Item).filter_by(id=item_id, category_id=category_id).one() if login_session['user_id'] != item.user_id: flash("You can only modify items created by you", category="error") return redirect(url_for('get_item_by_category', category_id=category_id, item_id=item_id)) form = DeleteForm() if form.validate_on_submit(): delete_dir('static/images/uploads/' + str(item.id)) db_session.delete(item) db_session.commit() flash("Item '{}' successfully deleted".format(item.name)) if category_id > 0: return redirect(url_for('get_category', category_id=category_id)) else: return redirect(url_for('index')) else: categories = db_session.query(Category).order_by(Category.name).all() return render_template('delete_item.html', categories=categories, active_category=int(category_id), item=item, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))
def delete_category(category_id): """ Route that renders the page to delete a category. This method validate that the user is logged in, and the category were created by him, to avoid malicious behaviors in the url. The category is deleted from database and all the items that belongs to this category are deleted in cascade, as well as all the images associated with the items. All the items are deleted even if weren't created for this user, it is enough to be the owner of the category. Args: category_id: The id of the category to be deleted. Raises: If an error occurs the application will redirect to index page and a flash message will be displayed with the proper Exception message. """ try: logged_in = 'username' in login_session if not logged_in: flash("You must be logged to perform this operation", category="error") return redirect(url_for('index')) category = db_session.query(Category).filter_by(id=category_id).one() if login_session['user_id'] != category.user_id: flash("You can only modify categories created by you", category="error") return redirect(url_for('get_category', category_id=category_id)) form = DeleteForm() if form.validate_on_submit(): items = db_session.query(Item).filter_by(category_id=category_id).all() for item in items: delete_dir('static/images/uploads/' + str(item.id)) db_session.delete(category) db_session.commit() flash("Category '{}' successfully deleted".format(category.name)) return redirect(url_for('index')) else: categories = db_session.query(Category).order_by(Category.name).all() return render_template('delete_category.html', categories=categories, active_category=int(category_id), category=category, form=form, logged_in=logged_in, login_session=login_session) except Exception as e: flash('An error has occurred: {}'.format(str(e)), 'error') return redirect(url_for('index'))