def delete_item_by_id(category_id, item_id):
"""
HTML endpoint providing a form to delete an item
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to delete an item')
return redirect('/login')
item = session.query(Item).filter_by(id=item_id).one()
# Users may delete only items they created
if not Permissions.get_user_permissions_for_item(item).delete:
flash('you may delete only items you created')
return redirect(url_for('get_category_by_id', category_id=category_id))
if request.method == 'POST':
session.delete(item)
session.commit()
flash('item deleted')
return redirect(url_for('get_category_by_id', category_id=category_id))
else:
category = session.query(Category).filter_by(id=category_id).one()
return UserUtils.render_user_template('item_delete.html',
category=category,
category_id=category_id,
item=item,
page_title="%s %s Item" %
("Delete", item.title))
def update_item_by_id(category_id, item_id):
"""
HTML endpoint providing a form to edit an item
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to edit an item')
return redirect('/login')
item = session.query(Item).filter_by(id=item_id).one()
# Users may update only items they created
if not Permissions.get_user_permissions_for_item(item).update:
flash('you may edit only items you created')
return redirect(url_for('get_category_by_id', category_id=category_id))
category = session.query(Category).filter_by(id=category_id).one()
if request.method == 'POST':
# Extract and validate the form inputs
(title, title_error) = \
extract_and_validate_item_title(request.form)
(description, description_error) = \
extract_and_validate_item_description(request.form)
if title_error or description_error:
return UserUtils.render_user_template(
'item_update.html',
category=category,
category_id=category_id,
item=item,
page_title="%s %s Item" % ("Edit", item.title),
title=title,
title_error=title_error,
description=description,
description_error=description_error)
# Create the item in the data store
item.title = title
item.description = description
session.add(item)
session.commit()
flash('item updated')
return redirect(url_for('get_category_by_id', category_id=category_id))
else:
return UserUtils.render_user_template('item_update.html',
category=category,
category_id=category_id,
item=item,
page_title="%s %s Item" %
("Edit", item.title),
title=item.title,
description=item.description)
def get_category_by_id(category_id):
"""
HTML endpoint providing details for a given category
"""
category = session.query(Category).filter_by(id=category_id).one()
items = session.query(Item).filter_by(category_id=category_id).all()
return UserUtils.render_user_template(
'category_items.html',
category=category,
items=items,
page_title="%s Category" % category.name,
can=Permissions.get_user_permissions_for_category(category))
def get_item_by_id(category_id, item_id):
"""
HTML endpoint providing details for a given item within a category
"""
category = session.query(Category).filter_by(id=category_id).one()
item = session.query(Item).filter_by(id=item_id).one()
return UserUtils.render_user_template(
'item_read.html',
category=category,
category_id=category_id,
item=item,
page_title="%s Item" % item.title,
can=Permissions.get_user_permissions_for_item(item))
def api_get_items_by_category_id(category_id):
"""
API endpoint providing a list of all items within a given category
"""
items = session.query(Item).filter_by(category_id=category_id).all()
def serialize(i):
"""
Provides a representation of an item,
suitable for conversion to JSON format
"""
return {
'id':
i.id,
'url':
url_for('api_get_item_by_id',
category_id=i.category_id,
item_id=i.id),
'user_id':
i.user_id,
'category_id':
i.category_id,
'title':
i.title,
'description':
i.description
}
return jsonify(items=[serialize(item) for item in items])
def delete_category_by_id(category_id):
"""
HTML endpoint providing a form to delete a category
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to delete categories')
return redirect('/login')
category = session.query(Category).filter_by(id=category_id).one()
if not Permissions.get_user_permissions_for_category(category).delete:
flash('you may delete only empty categories you created')
return redirect(url_for('get_categories'))
if request.method == 'POST':
session.delete(category)
session.commit()
flash('category deleted')
return redirect(url_for('get_categories'))
else:
return UserUtils.render_user_template('category_delete.html',
category=category,
page_title="%s %s Category" %
("Delete", category.name))
def api_get_category(category_id):
"""
API endpoint providing details for a given category
"""
category = \
session.query(Category).filter_by(id=category_id).one()
items = \
session.query(Item).filter_by(category_id=category_id).all()
def serialize_item(i):
"""
Provides a representation of an item,
suitable for conversion to JSON format
"""
return {
'id':
i.id,
'user_id':
i.user_id,
'category_id':
i.category_id,
'url':
url_for('api_get_item_by_id',
category_id=i.category_id,
item_id=i.id),
'title':
i.title,
'description':
i.description
}
items = [serialize_item(item) for item in items]
def serialize(c):
"""
Provides a representation of a category,
suitable for conversion to JSON format
"""
return {
'id': c.id,
'user_id': c.user_id,
'name': c.name,
'items': items
}
return jsonify(category=serialize(category))
def get_categories():
"""
HTML endpoint providing a list of all categories
"""
items = session.query(Category).all()
return UserUtils.render_user_template('category_list.html',
categories=items,
page_title="Category List")
def try_get_user_by_email(email):
"""
Retrieves and returns a user by email from the data repository,
or None if the user is not found
:type email: String
:rtype: User
"""
try:
return session.query(User).filter_by(email=email).one()
except:
return None
def create_user(fields):
"""
Creates and returns a new user in the data repository given a
dictionary containing the user's username, email, and picture
:rtype: User
"""
user = User(name=fields['username'],
email=fields['email'],
picture=fields['picture'])
session.add(user)
session.commit()
return session.query(User).filter_by(email=fields['email']).one()
def create_item(category_id):
"""
HTML endpoint providing a form to create a new item within a category
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to create an item')
return redirect('/login')
category = \
session.query(Category).filter_by(id=category_id).one()
if request.method == 'POST':
# Extract and validate the form inputs
(title, title_error) = \
extract_and_validate_item_title(request.form)
(description, description_error) = \
extract_and_validate_item_description(request.form)
if title_error or description_error:
return UserUtils.render_user_template(
'item_create.html',
category=category,
category_id=category_id,
title=title,
title_error=title_error,
description=description,
description_error=description_error)
# Create the item in the data store
item = Item(title=title,
description=description,
category_id=category_id,
user_id=UserUtils.get_authenticated_user_id())
session.add(item)
session.commit()
flash('item created')
return redirect(url_for('get_category_by_id', category_id=category_id))
else:
return UserUtils.render_user_template('item_create.html',
category=category,
category_id=category_id)
def get_user_permissions_for_category(category):
"""
:param category: Category
:rtype: Permissions
"""
belongs_to_user = \
category.user_id == UserUtils.get_authenticated_user_id()
is_in_use = \
session.query(Item). \
filter_by(category_id=category.id). \
count()
return Permissions(create=True,
read=True,
update=belongs_to_user,
delete=belongs_to_user and not is_in_use)
def update_category_by_id(category_id):
"""
HTML endpoint providing a form to edit a category
"""
if not UserUtils.is_authenticated():
UserUtils.set_preauthentication_url()
flash('sign in to edit categories')
return redirect('/login')
category = session.query(Category).filter_by(id=category_id).one()
if not Permissions.get_user_permissions_for_category(category).update:
flash('you may edit only categories you created')
return redirect(url_for('get_categories'))
if request.method == 'POST':
# Extract and validate the form inputs
(name, name_error) = \
extract_and_validate_category_name(request.form)
if name_error:
return UserUtils.render_user_template('category_update.html',
category=category,
page_title="%s %s Category" %
("Edit", category.name),
name=name,
name_error=name_error)
# Create the item in the data store
category.name = name
session.add(category)
session.commit()
flash('category updated')
return redirect(url_for('get_category_by_id', category_id=category_id))
else:
return UserUtils.render_user_template('category_update.html',
category=category,
page_title="%s %s Category" %
("Edit", category.name),
name=category.name)
def api_get_categories():
"""
API endpoint providing a list of all categories
"""
categories = session.query(Category).all()
def serialize(c):
"""
Provides a representation of a category,
suitable for conversion to JSON format
"""
return {
'id': c.id,
'user_id': c.user_id,
'name': c.name,
'items_url': url_for('api_get_items_by_category_id',
category_id=c.id)
}
return jsonify(categories=[serialize(category) for category in categories])
def api_get_item_by_id(category_id, item_id):
"""
API endpoint providing details for a given item within a category
"""
item = session.query(Item). \
filter_by(category_id=category_id, id=item_id). \
one()
def serialize_item(i):
"""
Provides a representation of an item,
suitable for conversion to JSON format
"""
return {
'id': i.id,
'user_id': i.user_id,
'category_id': i.category_id,
'category_url': url_for('api_get_category',
category_id=i.category_id),
'title': i.title,
'description': i.description
}
return jsonify(item=serialize_item(item))
