From 4b693ddb69e006aa284d41e0c52ce90aeda94a85 Mon Sep 17 00:00:00 2001 From: XD-DENG Date: Sat, 8 Jul 2017 11:22:21 +0800 Subject: [PATCH] User can delete the image they uploaded --- app.py | 17 +++++++++++++++-- database.py | 24 ++++++++++++++++++++++++ database_file/images.db | Bin 12288 -> 12288 bytes templates/private_page.html | 4 +++- 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/app.py b/app.py index a40a581..d956d9f 100644 --- a/app.py +++ b/app.py @@ -4,7 +4,7 @@ import hashlib from flask import Flask, session, url_for, redirect, render_template, request, abort, flash from database import list_users, verify, delete_user_from_db, add_user from database import read_note_from_db, write_note_into_db, delete_note_from_db, match_user_id_with_note_id -from database import image_upload_record, list_images_for_user +from database import image_upload_record, list_images_for_user, match_user_id_with_image_uid, delete_image_from_db from werkzeug.utils import secure_filename @@ -58,7 +58,8 @@ def FUN_private(): images_list = list_images_for_user(session['current_user']) images_table = zip([x[0] for x in images_list],\ [x[1] for x in images_list],\ - [x[2] for x in images_list]) + [x[2] for x in images_list],\ + ["/delete_image/" + x[0] for x in images_list]) return render_template("private_page.html", notes = notes_table, images = images_table) else: @@ -126,6 +127,18 @@ def FUN_upload_image(): return(redirect(url_for("FUN_private"))) +@app.route("/delete_image/", methods = ["GET"]) +def FUN_delete_image(image_uid): + if session.get("current_user", None) == match_user_id_with_image_uid(image_uid): # Ensure the current user is NOT operating on other users' note. + # delete the corresponding record in database + delete_image_from_db(image_uid) + # delete the corresponding image file from image pool + image_to_delete_from_pool = [y for y in [x for x in os.listdir(app.config['UPLOAD_FOLDER'])] if y.split("-", 1)[0] == image_uid][0] + os.remove(os.path.join(app.config['UPLOAD_FOLDER'], image_to_delete_from_pool)) + else: + return abort(401) + return(redirect(url_for("FUN_private"))) + diff --git a/database.py b/database.py index e960ec6..66244ae 100644 --- a/database.py +++ b/database.py @@ -132,6 +132,30 @@ def list_images_for_user(owner): return result +def match_user_id_with_image_uid(image_uid): + # Given the note id, confirm if the current user is the owner of the note which is being operated. + _conn = sqlite3.connect(image_db_file_location) + _c = _conn.cursor() + + command = "select owner from images where uid = '" + image_uid + "';" + _c.execute(command) + result = _c.fetchone()[0] + + _conn.commit() + _conn.close() + + return result + +def delete_image_from_db(image_uid): + _conn = sqlite3.connect(image_db_file_location) + _c = _conn.cursor() + + command = "delete from images where uid = '" + image_uid + "';" + _c.execute(command) + + _conn.commit() + _conn.close() + diff --git a/database_file/images.db b/database_file/images.db index 9ea489d1632edb41e40f34c9031c9801b9aa0fe2..1b63bde8744ddcb0370844c65570f475f07cd794 100644 GIT binary patch delta 484 zcma)&y-EX75Jt0@EH+8HSSTWhjhJ=r|GnvgHWpf|5X{W(ouHs3HbR=DO0D=FO7Ic# zAU=RE;YI`t!N`2|Va}QMr~Svxr1i9Ql(gpkmuA{{s4wb^`RKJiIZtc7jlHfeLO>fG zM;i@st}vn~91xQcn#)OMir76qJvqC+#X$tH+3;>4LAW-Q^E*OxBy^O@jI}}NN~LmH zl5+y|mYfRYwU;WeDhhT6fgIV1E6F+JL5J07X)-M>San}5pT6iuDWhSQ7=r`wghGZq zT2!K7j9LLJ^laQ0S@@{H8j!N!pbh0nf_Pt()h2p@d_~#K@VAeE%sFMWdHdMjP15Fg kdGpbGV{)+8Oa9v}Eo-#@PVrNswj{5VTmQDJK93J)p9#i;?EnA( delta 108 zcmZojXh@hK&B!xR#+i|4W5PQAjfKQq2sKP0UjbQw=RF(hM!k9bJ4q{S1wb4J^z}%;F8rjf{-VO%2R9zm`*G+*tUT MZ(>8`Image ID Timestamp Image Name + Action - {% for image_id, timestamp, image_name in images %} + {% for image_id, timestamp, image_name, act in images %} {{ image_id }} {{ timestamp }} {{ image_name }} + Delete {% endfor %}