def deleteItem(category_name, item_name):
loggedIn = 'access_token' in login_session \
and login_session['access_token'] is not None
name = ''
user_email = ''
if loggedIn:
name = login_session['name']
user_email = login_session['email']
itemToDelete = session.query(Item).join(Category).filter(
Category.name == category_name, Item.name == item_name).first()
if request.method == 'POST':
if loggedIn == False and user_email == request.form['user_email']:
abort(403)
session.delete(itemToDelete)
session.commit()
return redirect(
url_for('showItems',
category_name=category_name,
item_name='items'))
else:
return render_template('catalog/deleteItem.html',
category_name=category_name,
item_name=item_name,
loggedIn=loggedIn,
name=name,
user_email=user_email)
def deleteitem(itemid):
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
if request.method == 'GET':
_user_id = login_session['userid']
_itemToDelete = session.query(Item).filter_by(
id=itemid, user_id=_user_id).first()
# Check if item to be deleted is in databes and if not tell the user.
if _itemToDelete is None:
_flashmessage = "Unfortunately you're not authorized to delete \
this item!"
flash(_flashmessage)
return redirect(url_for('metalitems'))
else:
session.delete(_itemToDelete)
session.commit()
# Let the user know that his item has been deleted.
_flashmessage = 'Item ' + _itemToDelete.title \
+ ' has been deleted.'
flash(_flashmessage)
# return to main page
return redirect(url_for('metalitems'))
def deleteitem(itemid):
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
if request.method == 'GET':
_user_id = login_session['userid']
_itemToDelete = session.query(Item).filter_by(
id=itemid, user_id=_user_id).first()
# Check if item to be deleted is in databes and if not tell the user.
if _itemToDelete is None:
_flashmessage = "Unfortunately you're not authorized to delete \
this item!"
flash(_flashmessage)
return redirect(url_for('metalitems'))
else:
session.delete(_itemToDelete)
session.commit()
# Let the user know that his item has been deleted.
_flashmessage = 'Item ' + _itemToDelete.title \
+ ' has been deleted.'
flash(_flashmessage)
# return to main page
return redirect(url_for('metalitems'))
def deleteMenuItem(restaurant_id, menu_id):
menuitem = session.query(MenuItem).filter_by(id=menu_id).one()
if request.method == 'POST':
session.delete(menuitem)
session.commit()
flash("Menu-Item deleted")
return redirect(url_for('listMenuItems', restaurant_id=restaurant_id))
return render_template('deleteMenuItem.html', menuitem=menuitem)
def deleteRestaurant(restaurant_id):
restaurant = session.query(Restaurant).filter_by(id=restaurant_id).one()
if request.method == 'POST':
session.delete(restaurant)
session.commit()
flash("Restaurant deleted")
return redirect(url_for('listRestaurants'))
return render_template('deleteRestaurant.html', restaurant=restaurant)
def itemDelete(redirect_category_id, item_id=None):
"""Handles two possibilities:
1) User clicks delete while on screen to create new item - reload
to category list page.
2) User clicks delete while modifying an item - remove item from
table and reload to parent category's page.
"""
if item_id is None:
# User escaped from new item process
return redirect('/')
else:
item = Item.by_id(item_id)
if item:
session.delete(item)
session.commit()
return redirect('/category/' + redirect_category_id)
def categoryDelete(category_id):
"""Delete the category, per the users input.
Arg:
category_id: category to be deleted
Result:
redirects user to full category list, showing them category is deleted.
"""
items = Item.by_category_id(category_id)
for item in items:
session.delete(item)
session.commit()
category = Category.by_id(category_id)
session.delete(category)
session.commit()
return redirect('/')
def delete_item_details(item_id):
"""
Delete item for specified ID
CSRF Token regenerated for each new page
:param item_id:
:return:
"""
item = is_user_the_creator(item_id)
item_name = item.Item.name
if request.method == 'GET':
return render_template('item_delete_confirm.html',
item_name=item_name,
item_id=item_id,
login_session=login_session,
csrf_token=generate_csrf_token())
else:
session.delete(item.Item)
session.commit()
flash(item_name + " deleted")
return redirect(url_for('show_homepage'))
def delete_contact(contact):
if 'email' not in session:
return redirect(url_for('login'))
form = ContactForm()
contactDetails = db_session.query(Contact).filter_by(
contactId=contact).first()
if request.method == 'GET':
return render_template('deletecontact.html', contact=contactDetails)
if request.method == 'POST':
useremail = db_session.query(User).filter_by(
id=contactDetails.UserId).first()
if useremail.email == session['email']:
contactDetails = db_session.query(Contact).filter_by(
contactId=contact).first()
db_session.delete(contactDetails)
db_session.commit()
flash('Contact has been deleted.')
return redirect(url_for('contacts'))
else:
flash('You are not the owner of this contact.')
return redirect(url_for('login'))
def delete_item(category_name, item_name):
category = session.query(Category).filter_by(name=category_name).one()
item_to_delete = session.query(Item).filter_by(name=item_name,
category=category).one()
# Authorisation - check if current user can edit the item
# Only a user who created an item can edit/delete it
user_id = get_user_id(login_session['email'])
if item_to_delete.user_id != user_id:
message = json.dumps('You are not allowed to delete the item')
response = make_response(message, 403)
response.headers['Content-Type'] = 'application/json'
return response
if request.method == 'POST':
session.delete(item_to_delete)
session.commit()
return redirect(url_for('show_category',
category_name=category.name))
else:
return render_template('deleteitem.html', item=item_to_delete)
def deleteItem(item_id):
# If the request is POST, try to delete the item
if request.method == "POST":
item = database_session.query(Items).filter_by(id=item_id).join(
Items.catagory).one()
if item.user_id != session['user_id']:
flash('You have no permission to delete item %s' % (item.name,))
redirect('/')
database_session.delete(item)
database_session.commit()
flash("Item \"%s\" has already deleted!" %
(item.name, ))
return redirect("/")
else:
# Try to find the item and render to the confirmation page
try:
item = database_session.query(Items).filter_by(id=item_id).join(
Items.catagory).one()
return render_template("delete.html", item=item, id=item_id)
except NoResultFound:
flash("Cannot find the item!")
return redirect('/')
def deletecategory(categoryid):
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
# Make sure site is only accessible by clicking the button and not by typing
# url in browser.
if request.method == 'POST':
_user_id = login_session['userid']
_categoryToDelete = session.query(Category).filter_by(
id=categoryid, user_id=_user_id).first()
# Check if category to be deleted is in database. And if not, tell the
# user.
if _categoryToDelete is None:
_flashmessage = "Unfortunately you're not authorized to delete \
this category!"
flash(_flashmessage)
return redirect(url_for('metalitems'))
else:
# Tell user category has been deleted.
_flashmessage = 'Category ' + _categoryToDelete.name \
+ ' has been delete!'
flash(_flashmessage)
# Do it!
session.delete(_categoryToDelete)
session.commit()
return redirect(url_for('metalitems'))
def deletecategory(categoryid):
# Check if user is authorized
if isauthorized() == False:
return redirect('/welcome')
# Make sure site is only accessible by clicking the button and not by typing
# url in browser.
if request.method == 'POST':
_user_id = login_session['userid']
_categoryToDelete = session.query(Category).filter_by(
id=categoryid, user_id=_user_id).first()
# Check if category to be deleted is in database. And if not, tell the
# user.
if _categoryToDelete is None:
_flashmessage = "Unfortunately you're not authorized to delete \
this category!"
flash(_flashmessage)
return redirect(url_for('metalitems'))
else:
# Tell user category has been deleted.
_flashmessage = 'Category ' + _categoryToDelete.name \
+ ' has been delete!'
flash(_flashmessage)
# Do it!
session.delete(_categoryToDelete)
session.commit()
return redirect(url_for('metalitems'))