User can delete the image they uploaded

2017-07-08 11:22:21 +08:00
parent 0e73da4df9
commit 4b693ddb69
4 changed files with 42 additions and 3 deletions
--- a/app.py
+++ b/app.py
@@ -4,7 +4,7 @@ import hashlib
 from flask import Flask, session, url_for, redirect, render_template, request, abort, flash
 from database import list_users, verify, delete_user_from_db, add_user
 from database import read_note_from_db, write_note_into_db, delete_note_from_db, match_user_id_with_note_id
-from database import image_upload_record, list_images_for_user
+from database import image_upload_record, list_images_for_user, match_user_id_with_image_uid, delete_image_from_db
 from werkzeug.utils import secure_filename


@@ -58,7 +58,8 @@ def FUN_private():
        images_list = list_images_for_user(session['current_user'])
        images_table = zip([x[0] for x in images_list],\
                          [x[1] for x in images_list],\
-                          [x[2] for x in images_list])
+                          [x[2] for x in images_list],\
+                          ["/delete_image/" + x[0] for x in images_list])

        return render_template("private_page.html", notes = notes_table, images = images_table)
    else:
@@ -126,6 +127,18 @@ def FUN_upload_image():

    return(redirect(url_for("FUN_private")))

+@app.route("/delete_image/<image_uid>", methods = ["GET"])
+def FUN_delete_image(image_uid):
+    if session.get("current_user", None) == match_user_id_with_image_uid(image_uid): # Ensure the current user is NOT operating on other users' note.
+        # delete the corresponding record in database
+        delete_image_from_db(image_uid)
+        # delete the corresponding image file from image pool
+        image_to_delete_from_pool = [y for y in [x for x in os.listdir(app.config['UPLOAD_FOLDER'])] if y.split("-", 1)[0] == image_uid][0]
+        os.remove(os.path.join(app.config['UPLOAD_FOLDER'], image_to_delete_from_pool))
+    else:
+        return abort(401)
+    return(redirect(url_for("FUN_private")))
+



--- a/database.py
+++ b/database.py
@@ -132,6 +132,30 @@ def list_images_for_user(owner):

    return result

+def match_user_id_with_image_uid(image_uid):
+    # Given the note id, confirm if the current user is the owner of the note which is being operated.
+    _conn = sqlite3.connect(image_db_file_location)
+    _c = _conn.cursor()
+
+    command = "select owner from images where uid = '" + image_uid + "';" 
+    _c.execute(command)
+    result = _c.fetchone()[0]
+
+    _conn.commit()
+    _conn.close()
+
+    return result
+
+def delete_image_from_db(image_uid):
+    _conn = sqlite3.connect(image_db_file_location)
+    _c = _conn.cursor()
+
+    command = "delete from images where uid = '" + image_uid + "';" 
+    _c.execute(command)
+
+    _conn.commit()
+    _conn.close()
+



--- a/database_file/images.db
+++ b/database_file/images.db
--- a/templates/private_page.html
+++ b/templates/private_page.html
@@ -58,13 +58,15 @@
                  <th>Image ID</th>
                  <th>Timestamp</th>
                  <th>Image Name</th>
+                  <th>Action</th>
                </tr>
            </thead>
-            {% for image_id, timestamp, image_name in images %}
+            {% for image_id, timestamp, image_name, act in images %}
                    <tr>
                       <td> {{ image_id }} </td>
                       <td> {{ timestamp }} </td>
                       <td> {{ image_name }} </td>
+                       <td><a href={{act}}>Delete</a></td>
                    </tr>
                    
            {% endfor %}