diff --git a/store/routes.py b/store/routes.py index f29e07370703ab43c4ce7ef88076d1310c8231b9..7e1710311da59ff174dbb60315f60d60cf3a9a54 100644 --- a/store/routes.py +++ b/store/routes.py @@ -354,6 +354,7 @@ def database_management(): main_item=item, is_item=type(item) is Item, ) + return render_template( "userContent/database_management.html", access_data_form=access_data_form, @@ -361,14 +362,32 @@ def database_management(): ) -# @app.route("/add_item", methods=["POST"]) -# def add_item(): -# if current_user.userType != "admin": -# flash("Unauthorized access") -# return redirect(url_for("home")) +# 25701, 12522 +@app.route("/add_item_to_set", methods=["GET", "POST"]) +def add_item_to_set(): + print("Adding Item", file=sys.stderr) + if current_user.userType != "admin": + flash("Unauthorized access") + return redirect(url_for("home")) + item_id = request.form.get("item_id") + set_id = request.form.get("set_id") + item_set = ItemSet.query.get(set_id) + item = Item.query.get(item_id) + print("Adding Item:", item_id, "To Set:", set_id, file=sys.stderr) -@app.route("/delete_item", methods=["POST"]) + if item_set == None or item == None: + abort(406) + if item in item_set.items: + abort(406) + + print("Adding Item:", item_id, "To Set:", set_id, file=sys.stderr) + item_set.items.append(item) + db.session.commit() + return "ok" + + +@app.route("/delete_item", methods=["DELETE"]) def delete_item(): if current_user.userType != "admin": flash("Unauthorized access") @@ -376,6 +395,7 @@ def delete_item(): id = request.form.get("item_id") item = Item.query.get(id) if item == None: + print("Could not delete item:", id, file=sys.stderr) abort(406) print("Deleting Item:", id, file=sys.stderr) remove_item(item) @@ -403,11 +423,12 @@ def delete_item_from_set(): return redirect(url_for("home")) item_id = request.form.get("item_id") set_id = request.form.get("set_id") - item_set = ItemSet.query.get(set_id) item = Item.query.get(item_id) + if item_set == None or item == None: abort(406) + print("Deleting Item:", item_id, "From Set:", set_id, file=sys.stderr) item_set.items.remove(item) db.session.commit() diff --git a/store/templates/userContent/database_management.html b/store/templates/userContent/database_management.html index 6f9e013e8be21262d407b955f217c5f9cac2866f..8a382d4ccbad7c07aa44b8b91e5f330e5f05575c 100644 --- a/store/templates/userContent/database_management.html +++ b/store/templates/userContent/database_management.html @@ -5,7 +5,7 @@ <form method="POST"> {{access_data_form.hidden_tag()}} <dl> - <table class="loginTable"> + <table> <tr> <td>{{ render_field(access_data_form.table) }} </td> </tr> @@ -54,17 +54,33 @@ {% endfor %} </tbody> </table> + <label for="itemID">Item ID:</label><br> + <input type="number" id="itemID" name="itemID"><br> + <button onclick="addItemToSet({{main_item.id}})">Add</button> </div> {% endif %} </div> {% endif %} <script> + function addItemToSet(set_id) { + console.log(set_id); + console.log($('#itemID').val()); + + $.ajax({ + url: '/add_item_to_set', + type: 'POST', + data: { set_id: set_id, item_id: $('#itemID').val() }, + success: function () { + window.location.href = window.location.href; + } + }); + }; function deleteItem(id) { if (confirm("Are you sure you want to delete this item? It is irreversible.")) { $.ajax({ url: '/delete_item', - type: 'POST', + type: 'DELETE', data: { item_id: id }, success: function () { window.location.href = window.location.href;