def editFood(food_id): food = db.session.query(Food).filter_by(id=food_id).one() current_user = get_user() if food.protected: # Cannot edit a food that is protected return render_template('unauthorizedFood.html', food=food) if current_user is None: return render_template('clientOAuth.html') if request.method == 'POST': food.name = request.form['name'] if not food.validate_object(): flash("The name field is blank, which is not allowed!") return render_template('editFood.html') prospective_url = bleach.clean(request.form['picture']) url_resp = Food.verify_valid_pic(prospective_url) food.picture = url_resp db.session.add(food) db.session.commit() if request.form['redirect_choice'] == 'Varieties': return redirect(url_for('foodVarieties', food_id=food.id)) elif request.form['redirect_choice'] == 'ReturnDatabase': return redirect(url_for('showFoods')) else: return render_template('editFood.html', food=food)
def newFood(): current_user = get_user() if current_user is None: # Must be logged in to create a food return render_template('clientOAuth.html') if request.method == 'POST': newFood = Food(name=request.form['name']) if not newFood.validate_object(): flash("The name field is blank, which is not allowed!") return render_template('newFood.html') # Only add a picture if it is valid prospective_url = bleach.clean(request.form['picture']) url_resp = Food.verify_valid_pic(prospective_url) if url_resp is not None: newFood.picture = url_resp db.session.add(newFood) db.session.commit() new_food = newFood.id if request.form['redirect_choice'] == 'EditMenu': return redirect(url_for('foodVarieties', food_id=food.id)) elif request.form['redirect_choice'] == 'ReturnDatabase': return redirect(url_for('showFoods')) else: return render_template('newFood.html')