def itemDelete():
"""
Deletes an item owned by the current user
"""
state = request.values.get('state')
if not check_nonce(state):
return bad_request_error()
cat_name = bleach.clean(request.values.get("item_delete_parent"))
cat = dal.get_category_by_name(cat_name)
if not cat:
return not_found_error()
active_user = get_active_user()
if not active_user:
return not_authenticated_error()
item_name = bleach.clean(request.values.get("item_delete_name"))
item = dal.get_item_by_name(cat.cat_id, item_name)
if not item:
return not_found_error()
if active_user.user_id != item.creator_id:
return not_authorized_error()
# All checks passed
generate_nonce()
dal.delete_item(item.item_id)
return redirect("/")
def itemDelete():
"""
Deletes an item owned by the current user
"""
state = request.values.get('state')
if not check_nonce(state):
return bad_request_error()
cat_name = bleach.clean(request.values.get("item_delete_parent"))
cat = dal.get_category_by_name(cat_name)
if not cat:
return not_found_error()
active_user = get_active_user()
if not active_user:
return not_authenticated_error()
item_name = bleach.clean(request.values.get("item_delete_name"))
item = dal.get_item_by_name(cat.cat_id, item_name)
if not item:
return not_found_error()
if active_user.user_id != item.creator_id:
return not_authorized_error()
# All checks passed
generate_nonce()
dal.delete_item(item.item_id)
return redirect("/")
def itemUpdate():
"""
Selectively update fields on an item owned by the logged-in user
"""
# This will take a few steps. Start with loading the old object and performing
# our usual auth process.
state = request.values.get('state')
if not check_nonce(state):
return bad_request_error()
old_parent_name = bleach.clean(
request.values.get("item_update_old_parent"))
old_parent = dal.get_category_by_name(old_parent_name)
if not old_parent:
return not_found_error()
active_user = get_active_user()
if not active_user:
return not_authenticated_error()
old_item_name = bleach.clean(request.values.get("item_update_old_name"))
old_item = dal.get_item_by_name(old_parent.cat_id, old_item_name)
if not old_item:
return not_found_error()
# Item was found, security checks out. Now pull in the new values from
# the request. If a field is empty, it's assumed that the user doesn't
# want to change it. Set to None so the DAL will skip those.
new_item_name = bleach.clean(
request.values.get("item_update_new_name")) or None
desc = bleach.clean(request.values.get("item_update_description")) or None
raw_pic_data = request.files["item_update_pic"] or None
pic_data = None
try:
if raw_pic_data:
pic_data = validate_picture(raw_pic_data)
except InvalidPictureError:
return bad_request_error()
new_parent_name = bleach.clean(
request.values.get("item_update_new_parent")) or None
new_cat = dal.get_category_by_name(new_parent_name)
new_cat_id = new_cat.cat_id if new_cat else None
# New values look good. All checks passed.
generate_nonce()
dal.update_item(old_item.item_id,
name=new_item_name,
description=desc,
pic_id=old_item.pic_id,
pic=pic_data,
cat_id=new_cat_id)
redirect_cat = new_parent_name or old_parent_name
redirect_item = new_item_name or old_item_name
return redirect("/catalog/{}/{}/".format(redirect_cat, redirect_item))
def itemUpdate():
"""
Selectively update fields on an item owned by the logged-in user
"""
# This will take a few steps. Start with loading the old object and performing
# our usual auth process.
state = request.values.get('state')
if not check_nonce(state):
return bad_request_error()
old_parent_name = bleach.clean(request.values.get("item_update_old_parent"))
old_parent = dal.get_category_by_name(old_parent_name)
if not old_parent:
return not_found_error()
active_user = get_active_user()
if not active_user:
return not_authenticated_error()
old_item_name = bleach.clean(request.values.get("item_update_old_name"))
old_item = dal.get_item_by_name(old_parent.cat_id, old_item_name)
if not old_item:
return not_found_error()
# Item was found, security checks out. Now pull in the new values from
# the request. If a field is empty, it's assumed that the user doesn't
# want to change it. Set to None so the DAL will skip those.
new_item_name = bleach.clean(request.values.get("item_update_new_name")) or None
desc = bleach.clean(request.values.get("item_update_description")) or None
raw_pic_data = request.files["item_update_pic"] or None
pic_data = None
try:
if raw_pic_data:
pic_data = validate_picture(raw_pic_data)
except InvalidPictureError:
return bad_request_error()
new_parent_name = bleach.clean(request.values.get("item_update_new_parent")) or None
new_cat = dal.get_category_by_name(new_parent_name)
new_cat_id = new_cat.cat_id if new_cat else None
# New values look good. All checks passed.
generate_nonce()
dal.update_item(old_item.item_id, name=new_item_name, description=desc,
pic_id=old_item.pic_id, pic=pic_data, cat_id=new_cat_id)
redirect_cat = new_parent_name or old_parent_name
redirect_item = new_item_name or old_item_name
return redirect("/catalog/{}/{}/".format(redirect_cat, redirect_item))
def itemLookupByName(cat_name, item_name):
"""
Looks up an item based on its human-readable item and category names
"""
cat = dal.get_category_by_name(cat_name)
if not cat:
return not_found_error()
item = dal.get_item_by_name(cat.cat_id, item_name)
if not item:
return not_found_error()
# All checks passed
return render("show_item.html", item=item, active_cat=cat_name, active_item=item_name)
def itemLookupByName(cat_name, item_name):
"""
Looks up an item based on its human-readable item and category names
"""
cat = dal.get_category_by_name(cat_name)
if not cat:
return not_found_error()
item = dal.get_item_by_name(cat.cat_id, item_name)
if not item:
return not_found_error()
# All checks passed
return render("show_item.html",
item=item,
active_cat=cat_name,
active_item=item_name)
def itemCreate():
"""
Creates a new item owned by the logged-in user
"""
state = request.values.get('state')
if not check_nonce(state):
return bad_request_error()
cat_name = bleach.clean(request.values.get("item_create_parent"))
cat = dal.get_category_by_name(cat_name)
if not cat:
return not_found_error()
active_user = get_active_user()
if not active_user:
return not_authenticated_error()
item_name = bleach.clean(request.values.get("item_create_name"))
duplicate = dal.get_item_by_name(cat.cat_id, item_name)
if duplicate:
return already_exists_error()
try:
pic_data = validate_picture(request.files["item_create_pic"])
except InvalidPictureError:
return bad_request_error()
# All checks passed
generate_nonce()
desc = bleach.clean(request.values.get("item_create_description"))
item_id = dal.create_item(item_name, cat.cat_id, active_user.user_id,
pic_data, desc)
if not item_id:
logging.error(
"Unable to create item: did not receive an item_id from database")
return internal_error()
item = dal.get_item(item_id)
if not item:
logging.error(
"Unable to create item: an instance was not created for item_id {}"
.format(item_id))
return internal_error()
return redirect("/catalog/{}/{}/".format(cat_name, item_name))
def itemCreate():
"""
Creates a new item owned by the logged-in user
"""
state = request.values.get('state')
if not check_nonce(state):
return bad_request_error()
cat_name = bleach.clean(request.values.get("item_create_parent"))
cat = dal.get_category_by_name(cat_name)
if not cat:
return not_found_error()
active_user = get_active_user()
if not active_user:
return not_authenticated_error()
item_name = bleach.clean(request.values.get("item_create_name"))
duplicate = dal.get_item_by_name(cat.cat_id, item_name)
if duplicate:
return already_exists_error()
try:
pic_data = validate_picture(request.files["item_create_pic"])
except InvalidPictureError:
return bad_request_error()
# All checks passed
generate_nonce()
desc = bleach.clean(request.values.get("item_create_description"))
item_id = dal.create_item(
item_name, cat.cat_id, active_user.user_id, pic_data, desc)
if not item_id:
logging.error("Unable to create item: did not receive an item_id from database")
return internal_error()
item = dal.get_item(item_id)
if not item:
logging.error(
"Unable to create item: an instance was not created for item_id {}".format(item_id))
return internal_error()
return redirect("/catalog/{}/{}/".format(cat_name, item_name))
