jennielees · jal601 · Jun 15, 2015
diff --git a/README.md b/README.md
@@ -25,3 +25,9 @@ $ python app.py
 ```
 
 Visit [http://localhost:5000/](http://localhost:5000/) in your browser to see the results.
+
+### Running Tests
+
+```
+python test_models.py
+```
diff --git a/desserts.db b/desserts.db
diff --git a/models.py b/models.py
@@ -1,4 +1,5 @@
 from app import db
+from flask import session
 
 
 class Dessert(db.Model):
@@ -13,10 +14,14 @@ class Dessert(db.Model):
     price = db.Column(db.Float)
     calories = db.Column(db.Integer)
 
-    def __init__(self, name, price, calories):
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
+    user = db.relationship("User", backref="desserts")
+
+    def __init__(self, name, price, calories, user_id):
         self.name = name
         self.price = price
         self.calories = calories
+        self.user_id = user_id
 
     def calories_per_dollar(self):
         if self.calories:
@@ -32,20 +37,197 @@ def __init__(self, name):
         self.name = name
 
 
-def create_dessert(new_name, new_price, new_calories):
+class User(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(100))
+    password = db.Column(db.String(100))
+    email = db.Column(db.String(250))
+    name = db.Column(db.String(100))
+    avatar = db.Column(db.String(250))
+
+    def __init__(self, username, password, email, name, avatar):
+        self.username = username
+        self.password = password
+        self.email = email
+        self.name = name
+        self.avatar = avatar
+
+
+def get_password(username):
+    user = User.query.filter_by(username=username).first()
+    return user.password
+
+
+def list_users():
+    return User.query.all()
+
+
+def get_user(id):
+    return User.query.get(id)
+
+
+def get_user_by_username(username):
+    return User.query.filter_by(username=username).first()
+
+
+def create_user(username, email, password, realname, avatar):
+    user = User(username, email, password, realname, avatar)
+    db.session.add(user)
+    db.session.commit()
+    return user
+
+
+def update_user(id, username=None, email=None, password=None, realname=None, avatar=None):
+
+    user = User.query.get(id)
+
+    if username:
+        user.username = username
+
+    if email:
+        user.email = email
+
+    if password:
+        user.password = password
+
+    if realname:
+        user.realname = realname
+
+    if avatar:
+        user.avatar = avatar
+
+    db.session.commit()
+    return user
+
+
+def login(username, password):
+    # check if user exists in database
+    user = get_user_by_username(username)
+    if user is None:
+        raise Exception("Sorry, we don't have your username on file.")
+
+    # check if password is correct
+    db_password = get_password(username)
+    if password != db_password:
+        raise Exception("Incorrect password.")
+
+    # store username in Flask session
+    session["username"] = username
+
+
+def get_logged_in_user():
+
+    # get stored username from Flask session
+    current_user = session["username"]
+
+    # get user object
+    user = get_user_by_username(current_user)
+
+    # return user object
+    return user
+
+
+def get_desserts_by_user(username):
+
+    # get user object 
+    user = get_user_by_username(username)
+
+    # query all desserts matching id of user object
+    desserts = Dessert.query.filter_by(user_id=user.id).all()
+    return desserts
+
+
+def edit_dessert(user, new_name, new_price, new_calories):
+
+    # we need every piece of input to be provided
+    if new_name is None or new_price is None or new_calories is None:
+        raise Exception("Need name, price, and calories!")
+
+    if new_name == '' or new_price == '' or new_calories == '':
+        raise Exception("Need name, price, and calories!")
+
+    # check reasonable number of calories
+    if int(new_calories) < 100:
+        raise Exception("That's not enough calories!")
+    elif int(new_calories) > 3000:
+        raise Exception("That's too many calories!")
+
+    # get dessert from database
+    dessert = Dessert.query.filter_by(name=new_name).first()
+
+    # users can only edit their own desserts
+    if user.id != dessert.user_id:
+        raise Exception("That's not your dessert!")
+
+    dessert.price = new_price
+    dessert.calories = new_calories
+    db.session.commit()
+
+
+def create_dessert(new_name, new_price, new_calories, new_user_id):
     # Create a dessert with the provided input.
-    # At first, we will trust the user.
 
-    # This line maps to line 16 above (the Dessert.__init__ method)
-    dessert = Dessert(new_name, new_price, new_calories)
+    # We need every piece of input to be provided.
+
+    # Can you think of other ways to write this following check?
+    if new_name is None or new_price is None or new_calories is None or new_user_id is None: 
+        raise Exception("Need name, price, calories, and user!")
+
+    # They can also be empty strings if submitted from a form
+    if new_name == '' or new_price == '' or new_calories == '' or new_user_id == '':
+        raise Exception("Need name, price, calories, and user!")
+
+    # check for duplicate items
+    name_check = Dessert.query.filter_by(name=new_name).first()
+    if name_check:
+        if new_name == name_check.name:
+            raise Exception("That dessert already exists!")
 
+    # check reasonable number of calories
+    if int(new_calories) < 100:
+        raise Exception("That's not enough calories!")
+    elif int(new_calories) > 3000:
+        raise Exception("That's too many calories!")
+
+    # This line maps to line 16 above (the Dessert.__init__ method)
+    dessert = Dessert(new_name, new_price, new_calories, new_user_id)
     # Actually add this dessert to the database
     db.session.add(dessert)
 
     # Save all pending changes to the database
-    db.session.commit()
 
-    return dessert
+    try:
+        db.session.commit()
+        return dessert
+    except:
+        # If something went wrong, explicitly roll back the database
+        db.session.rollback()
+
+
+def delete_dessert(user, id):
+
+    # get dessert from database
+    dessert = Dessert.query.get(id)
+
+    # users can only delete desserts they created
+    if user.id != dessert.user_id:
+        raise Exception("That's not your dessert!")
+
+    if dessert:
+        # We store the name before deleting it, because we can't access it
+        # afterwards.
+        dessert_name = dessert.name
+        db.session.delete(dessert)
+
+        try:
+            db.session.commit()
+            return "Dessert {} deleted".format(dessert_name)
+        except:
+            # If something went wrong, explicitly roll back the database
+            db.session.rollback()
+            return "Something went wrong"
+    else:
+        return "Dessert not found"
 
 
 if __name__ == "__main__":

diff --git a/templates/add.html b/templates/add.html
@@ -1,27 +1,82 @@
-<h3>Add Dessert</h3>
+{% include 'header.html' %}
 
-{% if dessert %}
+<body>
 
-<p><strong>{{dessert.name}}</strong> successfully created! Add another below.</p>
-<p><a href="/">Back to Dessert List</a></p>
+    <div class="container">
 
-{% endif %}
+    <div class="pull-right">
+    {% if user %}
 
+    Welcome {{ user }} | <a href="/logout">Logout</a> | <a href="/">Home</a>
 
-<!-- The form action and method correspond to a Flask route -->
-<form action="/add" method="POST">
+    {% else %}
 
-<label for="name_id">Name</label>
-<input id="name_id" name="name_field" type="text" />
+    <a href="/login">Login</a> | <a href="/">Home</a>
 
-<label for="price_id">Price</label>
-<input id="price_id" name="price_field" type="text" size="4" />
+    {% endif %}
+    </div>
 
-<label for="cals_id">Calories</label>
-<input id="cals_id" name="cals_field" type="text" size="4" />
+    <h3>Add Dessert</h3>
 
+    {% if dessert %}
 
-<!-- We need a submit button to submit a form! -->
-<input type="submit" value="Add"/>
+    <!-- http://getbootstrap.com/components/#alerts -->
 
-</form>
+    <div class="alert alert-success" role="alert">
+
+        <p><strong>{{dessert.name}}</strong> successfully created! Add another below.</p>
+        <p><a href="/menu">Back to Dessert List</a></p>
+
+    </div>
+
+    {% endif %}
+
+    {% if error %}
+    <div class="alert alert-danger" role="alert">
+
+    An error occurred trying to create your dessert:
+
+    {{ error }}
+
+    </div>
+    {% endif %}
+
+
+    <!-- Bootstrap: http://getbootstrap.com/css/#forms -->
+
+    <!-- The form action and method correspond to a Flask route -->
+    <form action="/add" method="POST" class="form-inline">
+
+    <div class="form-group">
+
+        <label for="name_id">Name</label>
+        <input  class="form-control" id="name_id" name="name_field" type="text" />
+
+    </div>
+
+    <div class="form-group">
+
+        <label for="price_id">Price</label>
+        <input class="form-control" id="price_id" name="price_field" type="text" size="4" />
+
+    </div>
+
+    <div class="form-group">
+
+        <label for="cals_id">Calories</label>
+        <input class="form-control" id="cals_id" name="cals_field" type="text" size="4" />
+
+    </div>
+
+
+
+    <!-- We need a submit button to submit a form! -->
+    <input type="submit" value="Add" class="btn btn-success"/>
+
+
+    </form>
+
+
+    </div>
+
+</body>