Chris/devopsexam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

User can delete the image they uploaded

Browse Source
This commit is contained in:
XD-DENG
2017-07-08 11:22:21 +08:00
parent 0e73da4df9
commit 4b693ddb69
4 changed files with 42 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app.py
View File

@@ -4,7 +4,7 @@ import hashlib
from flask import Flask, session, url_for, redirect, render_template, request, abort, flash from flask import Flask, session, url_for, redirect, render_template, request, abort, flash
from database import list_users, verify, delete_user_from_db, add_user from database import list_users, verify, delete_user_from_db, add_user
from database import read_note_from_db, write_note_into_db, delete_note_from_db, match_user_id_with_note_id from database import read_note_from_db, write_note_into_db, delete_note_from_db, match_user_id_with_note_id
from database import image_upload_record, list_images_for_user from database import image_upload_record, list_images_for_user, match_user_id_with_image_uid, delete_image_from_db
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
@@ -58,7 +58,8 @@ def FUN_private():
images_list = list_images_for_user(session['current_user']) images_list = list_images_for_user(session['current_user'])
images_table = zip([x[0] for x in images_list],\ images_table = zip([x[0] for x in images_list],\
[x[1] for x in images_list],\ [x[1] for x in images_list],\
[x[2] for x in images_list]) [x[2] for x in images_list],\
["/delete_image/" + x[0] for x in images_list])
return render_template("private_page.html", notes = notes_table, images = images_table) return render_template("private_page.html", notes = notes_table, images = images_table)
else: else:
@@ -126,6 +127,18 @@ def FUN_upload_image():
return(redirect(url_for("FUN_private"))) return(redirect(url_for("FUN_private")))
@app.route("/delete_image/<image_uid>", methods = ["GET"])
def FUN_delete_image(image_uid):
if session.get("current_user", None) == match_user_id_with_image_uid(image_uid): # Ensure the current user is NOT operating on other users' note.
# delete the corresponding record in database
delete_image_from_db(image_uid)
# delete the corresponding image file from image pool
image_to_delete_from_pool = [y for y in [x for x in os.listdir(app.config['UPLOAD_FOLDER'])] if y.split("-", 1)[0] == image_uid][0]
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], image_to_delete_from_pool))
else:
return abort(401)
return(redirect(url_for("FUN_private")))

24
database.py
View File

@@ -132,6 +132,30 @@ def list_images_for_user(owner):
return result return result
def match_user_id_with_image_uid(image_uid):
# Given the note id, confirm if the current user is the owner of the note which is being operated.
_conn = sqlite3.connect(image_db_file_location)
_c = _conn.cursor()
command = "select owner from images where uid = '" + image_uid + "';"
_c.execute(command)
result = _c.fetchone()[0]
_conn.commit()
_conn.close()
return result
def delete_image_from_db(image_uid):
_conn = sqlite3.connect(image_db_file_location)
_c = _conn.cursor()
command = "delete from images where uid = '" + image_uid + "';"
_c.execute(command)
_conn.commit()
_conn.close()

BIN
database_file/images.db
View File

Binary file not shown.

4
templates/private_page.html
View File

@@ -58,13 +58,15 @@
<th>Image ID</th> <th>Image ID</th>
<th>Timestamp</th> <th>Timestamp</th>
<th>Image Name</th> <th>Image Name</th>
<th>Action</th>
</tr> </tr>
</thead> </thead>
{% for image_id, timestamp, image_name in images %} {% for image_id, timestamp, image_name, act in images %}
<tr> <tr>
<td> {{ image_id }} </td> <td> {{ image_id }} </td>
<td> {{ timestamp }} </td> <td> {{ timestamp }} </td>
<td> {{ image_name }} </td> <td> {{ image_name }} </td>
<td><a href={{act}}>Delete</a></td>
</tr> </tr>
{% endfor %} {% endfor %}