def deleteProduct(cid, pid): #Check if the user is the owner of this product. Allow user to delete if they are the creator of it. logged_in = CheckUserLoggedIn() if not logged_in: return redirect('/login') username = getSessionUsername() user_id = getSessionUserID() catagories = database_service.GetAllCatagory() picture = getSessionUserPic() #Check if the user is the owner of this product. Allow user to delete if they are the creator of it. if database_service.hasProductPermission(pid, user_id): if request.method == 'POST': #When user clicks the Yes button, delete the product along with it's image from our database database_service.DeleteProduct(pid) flash('Product deleted!', 'alert-success') return redirect(url_for('showProducts', cid=cid)) else: sel_catagory = database_service.GetCatagoryByID(cid) sel_product = database_service.GetProductByID(pid) return render_template('deleteproduct.html', catagories=catagories, sel_catagory=sel_catagory, sel_product=sel_product, logged_in=logged_in, username=username, picture=picture) else: flash('No permission to delete this product!', 'alert-danger') return redirect(url_for('showProducts', cid=cid))
def editProduct(cid,pid): #Direct user to login page if not logged in. User must be logged in before modifying products. logged_in = CheckUserLoggedIn() if not logged_in: return redirect('/login') username = getSessionUsername() user_id=getSessionUserID() catagories = database_service.GetAllCatagory() picture = getSessionUserPic() #Check if the user is the owner of this catagory. Allow user to modify if they are the creator of it. if database_service.hasProductPermission(pid,user_id): if request.method == 'POST': #When user clicks the submit button pic_path = '' file = request.files['file'] if file and allowed_file(file.filename): #if there are new image uploaded, save into /static/uploads filename = secure_filename(file.filename) pic_path = os.path.join(app.config['UPLOAD_FOLDER'],filename) file.save(pic_path) #update the modified product detail into our database database_service.EditProduct(pid,request.form['name'],request.form['desc'],request.form['price'],request.form['flavour'],pic_path,request.form['catagory']) flash('Product updated!','alert-success') return redirect(url_for('showProducts',cid=cid)) else: sel_catagory = database_service.GetCatagoryByID(cid) sel_product = database_service.GetProductByID(pid) return render_template('editproduct.html',catagories=catagories,sel_catagory=sel_catagory, sel_product=sel_product,logged_in=logged_in,username=username,picture=picture) else: #User is NOT the owner of this product. Show red alert message and redirect back to product page flash('No permission to modify this product!','alert-danger') return redirect(url_for('showProducts',cid=cid))
def editProduct(cid, pid): #Direct user to login page if not logged in. User must be logged in before modifying products. logged_in = CheckUserLoggedIn() if not logged_in: return redirect('/login') username = getSessionUsername() user_id = getSessionUserID() catagories = database_service.GetAllCatagory() picture = getSessionUserPic() #Check if the user is the owner of this catagory. Allow user to modify if they are the creator of it. if database_service.hasProductPermission(pid, user_id): if request.method == 'POST': #When user clicks the submit button pic_path = '' file = request.files['file'] if file and allowed_file(file.filename): #if there are new image uploaded, save into /static/uploads filename = secure_filename(file.filename) pic_path = os.path.join(app.config['UPLOAD_FOLDER'], filename) file.save(pic_path) #update the modified product detail into our database database_service.EditProduct(pid, request.form['name'], request.form['desc'], request.form['price'], request.form['flavour'], pic_path, request.form['catagory']) flash('Product updated!', 'alert-success') return redirect(url_for('showProducts', cid=cid)) else: sel_catagory = database_service.GetCatagoryByID(cid) sel_product = database_service.GetProductByID(pid) return render_template('editproduct.html', catagories=catagories, sel_catagory=sel_catagory, sel_product=sel_product, logged_in=logged_in, username=username, picture=picture) else: #User is NOT the owner of this product. Show red alert message and redirect back to product page flash('No permission to modify this product!', 'alert-danger') return redirect(url_for('showProducts', cid=cid))
def deleteProduct(cid,pid): #Check if the user is the owner of this product. Allow user to delete if they are the creator of it. logged_in = CheckUserLoggedIn() if not logged_in: return redirect('/login') username = getSessionUsername() user_id=getSessionUserID() catagories = database_service.GetAllCatagory() picture = getSessionUserPic() #Check if the user is the owner of this product. Allow user to delete if they are the creator of it. if database_service.hasProductPermission(pid,user_id): if request.method == 'POST': #When user clicks the Yes button, delete the product along with it's image from our database database_service.DeleteProduct(pid) flash('Product deleted!','alert-success') return redirect(url_for('showProducts',cid=cid)) else: sel_catagory = database_service.GetCatagoryByID(cid) sel_product = database_service.GetProductByID(pid) return render_template('deleteproduct.html',catagories=catagories,sel_catagory=sel_catagory,sel_product=sel_product,logged_in=logged_in,username=username,picture=picture) else: flash('No permission to delete this product!','alert-danger') return redirect(url_for('showProducts',cid=cid))