From 45d2773f9a18b5eab488149277ead245811bfbe6 Mon Sep 17 00:00:00 2001
From: Luke Else <mail@luke-else.co.uk>
Date: Wed, 14 Feb 2024 14:56:58 +0000
Subject: [PATCH] REFACTOR: Changed blueprints to allow for preprocessing of
 requests

---
 controllers/web/admin.py     | 29 +++++++++++++++-
 controllers/web/endpoints.py |  3 +-
 controllers/web/product.py   | 65 ++++++++++++++----------------------
 templates/header.html        |  4 +--
 templates/new_product.html   |  4 +--
 templates/product.html       |  4 +--
 6 files changed, 61 insertions(+), 48 deletions(-)

diff --git a/controllers/web/admin.py b/controllers/web/admin.py
index 99d16bb..b2097e7 100644
--- a/controllers/web/admin.py
+++ b/controllers/web/admin.py
@@ -2,14 +2,27 @@
     in the web app
 """
 
-from flask import render_template, Blueprint
+from flask import render_template, Blueprint, redirect, url_for, flash
 
 from controllers.database.user import UserController
+from controllers.database.product import ProductController
+
+from utils.user_utils import is_role
 
 # Blueprint to append user endpoints to
 blueprint = Blueprint("admin", __name__, url_prefix="/admin")
 
 
+@blueprint.before_request
+def check_admin_user():
+    """ Preprocess for all admin endpoints to ensure that the requesting
+        user is logged in as an 'Admin'
+    """
+    if not is_role("Admin"):
+        flash("You must be logged in as an Admin to view this page.", "error")
+        return redirect(url_for('main.index'))
+
+
 @blueprint.route('/')
 def main():
     """ Function responsible for delivering the admin page for the site """
@@ -24,3 +37,17 @@ def users():
     users = db.read_all()
 
     return render_template("index.html", content="admin.html", users=users)
+
+
+@blueprint.route('/products/')
+def products():
+    """ Endpoint responsible for managing products on the site """
+    # Get all products to create admin table on frontend
+    db = ProductController()
+    products = db.read_all()
+
+    return render_template(
+        "index.html",
+        content="admin.html",
+        products=products
+    )
diff --git a/controllers/web/endpoints.py b/controllers/web/endpoints.py
index 49650ab..d12ffee 100644
--- a/controllers/web/endpoints.py
+++ b/controllers/web/endpoints.py
@@ -11,7 +11,8 @@ from . import admin
 blueprint = Blueprint('main', __name__)
 
 blueprint.register_blueprint(user.blueprint)
-blueprint.register_blueprint(product.blueprint)
+blueprint.register_blueprint(product.product_blueprint)
+blueprint.register_blueprint(product.seller_blueprint)
 blueprint.register_blueprint(stats.blueprint)
 blueprint.register_blueprint(admin.blueprint)
 
diff --git a/controllers/web/product.py b/controllers/web/product.py
index 76998bd..097262c 100644
--- a/controllers/web/product.py
+++ b/controllers/web/product.py
@@ -19,7 +19,8 @@ from utils.user_utils import is_role
 
 import os
 
-blueprint = Blueprint("products", __name__, url_prefix="/products")
+product_blueprint = Blueprint("products", __name__, url_prefix="/products")
+seller_blueprint = Blueprint("seller", __name__, url_prefix="/products")
 
 # List of available filters for the user to select
 FILTERS = {
@@ -30,7 +31,7 @@ FILTERS = {
 }
 
 
-@blueprint.context_processor
+@product_blueprint.context_processor
 def filter_list():
     """ Places a list of all the available filters in the
         products context
@@ -49,7 +50,8 @@ def get_filter():
     return FILTERS['Relevance']
 
 
-@blueprint.context_processor
+@product_blueprint.context_processor
+@seller_blueprint.context_processor
 def category_list():
     """ Places a list of all categories in the products context """
     database = CategoryController()
@@ -57,7 +59,15 @@ def category_list():
     return dict(categories=categories)
 
 
-@blueprint.route('/')
+@seller_blueprint.before_request
+def check_role():
+    # User must be logged in as seller to view page
+    if not is_role("Seller") and not is_role("Admin"):
+        flash("You must be logged in as a seller to view this page!", "error")
+        return redirect(url_for('main.index'))
+
+
+@product_blueprint.route('/')
 def index():
     """ The front product page """
     # Returning an empty category acts the same
@@ -65,7 +75,7 @@ def index():
     return category("")
 
 
-@blueprint.route('/<string:category>')
+@product_blueprint.route('/<string:category>')
 def category(category: str):
     """ Loads a given categories page """
     database = ProductController()
@@ -92,7 +102,7 @@ def category(category: str):
     )
 
 
-@blueprint.route('/<int:id>')
+@product_blueprint.route('/<int:id>')
 def product(id: int):
     """ Loads a given product based on ID """
     db = ProductController()
@@ -116,29 +126,19 @@ def product(id: int):
     )
 
 
-@blueprint.route('/add')
+@seller_blueprint.route('/add')
 def display_add():
     """ Launches the page to add a new product to the site """
-    # User needs to be logged in as a seller to view this page
-    if not is_role("Seller"):
-        flash("You must be logged in as a seller to view this page!", "error")
-        return redirect(url_for('main.index'))
-
     return render_template('index.html', content='new_product.html')
 
 
-@blueprint.post('/add')
+@seller_blueprint.post('/add')
 def add():
     """ Server site processing to handle a request to add a
         new product to the site
     """
     user_id = session.get('user_id')
 
-    # User needs to be logged in as a seller to view this page
-    if not is_role("Seller"):
-        flash("You must be logged in as a seller to view this page!", "error")
-        return redirect(url_for('main.index'))
-
     file = request.files.get('image')
     image_filename = save_image(file)
 
@@ -156,26 +156,21 @@ def add():
     db = ProductController()
     db.create(product)
 
-    return redirect('/products/ownproducts')
+    return redirect(url_for('main.seller.display_own'))
 
 
-@blueprint.post('/update/<int:id>')
+@seller_blueprint.post('/update/<int:id>')
 def update(id: int):
     """ Processes a request to update a product in place on the site """
     # Ensure that the product belongs to the current user
     user_id = session.get('user_id')
 
-    # User needs to be logged in as a seller to view this page
-    if not is_role("Seller"):
-        flash("You must be logged in as a seller to view this page!", "error")
-        return redirect(url_for('main.index'))
-
     db = ProductController()
     product = db.read_id(id)
 
     if product.sellerID != user_id:
         flash("This product does not belong to you!", "error")
-        return redirect(url_for('main.products.own'))
+        return redirect(url_for('main.seller.own'))
 
     # Save new image file
     file = request.files.get('image')
@@ -197,39 +192,29 @@ def update(id: int):
     return redirect(url_for('main.products.product', id=product.id))
 
 
-@blueprint.post('/delete/<int:id>')
+@seller_blueprint.post('/delete/<int:id>')
 def delete(id: int):
     """ Processes a request to delete a product in place on the site """
     # Ensure that the product belongs to the current user
     user_id = session.get('user_id')
 
-    # User needs to be logged in as a seller to view this page
-    if not is_role("Seller"):
-        flash("You must be logged in as a seller to view this page!", "error")
-        return redirect(url_for('main.index'))
-
     db = ProductController()
     product = db.read_id(id)
 
     if product.sellerID != user_id:
         flash("This product does not belong to you!", "error")
-        return redirect(url_for('main.products.display_own'))
+        return redirect(url_for('main.seller.display_own'))
 
     db.delete(id)
     flash("Product Removed!", "success")
-    return redirect(url_for('main.products.display_own'))
+    return redirect(url_for('main.seller.display_own'))
 
 
-@blueprint.route('/ownproducts')
+@seller_blueprint.route('/ownproducts')
 def display_own():
     """ Display products owned by the currently logged in seller """
     user_id = session.get('user_id')
 
-    # User must be logged in as seller to view page
-    if not is_role("Seller"):
-        flash("You must be logged in as a seller to view this page!", "error")
-        return redirect(url_for('main.index'))
-
     db = ProductController()
     products = db.read_user(user_id)
 
diff --git a/templates/header.html b/templates/header.html
index 75e4cd9..8906f32 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -19,8 +19,8 @@
         {% if user.role == "Seller" %}
             <div class="categories">
                 {# List all available Seller tools #}
-                <a href="{{ url_for('main.products.display_add') }}" class="category">Create Products</a>
-                <a href="{{ url_for('main.products.display_own') }}" class="category">View My Products</a>
+                <a href="{{ url_for('main.seller.display_add') }}" class="category">Create Products</a>
+                <a href="{{ url_for('main.seller.display_own') }}" class="category">View My Products</a>
                 <a href="{{ url_for('main.stats.index') }}" class="category">View Seller Stats</a>
             </div>
         {% elif user.role == "Admin" %}
diff --git a/templates/new_product.html b/templates/new_product.html
index 0681781..d742425 100644
--- a/templates/new_product.html
+++ b/templates/new_product.html
@@ -2,7 +2,7 @@
 
 <div id="input-form-wrap">
     <h2>Create New Product</h2>
-    <form class="input-form" method="POST" action="{{ url_for('main.products.add') }}" enctype="multipart/form-data">
+    <form class="input-form" method="POST" action="{{ url_for('main.seller.add') }}" enctype="multipart/form-data">
         <div class="input-form-row">
             <input type="text" id="name" name="name" placeholder="Product Name" required>
             <input type="file" id="image" name="image" accept="image/x" required>
@@ -31,6 +31,6 @@
     </form>
     
     <div id="create-account-wrap">
-        <p>Want to view all of your products? <a href="{{ url_for('main.products.display_own') }}">Click Here</a><p>
+        <p>Want to view all of your products? <a href="{{ url_for('main.seller.display_own') }}">Click Here</a><p>
     </div>
 </div>
diff --git a/templates/product.html b/templates/product.html
index 4c57ee3..b4969cf 100644
--- a/templates/product.html
+++ b/templates/product.html
@@ -4,7 +4,7 @@
 {% if product != None %}
     {% if user.id == product.sellerID %}
         <!-- Form -->
-        <form class="product-fs" method="POST" action="{{ url_for('main.products.update', id=product.id) }}" enctype="multipart/form-data">
+        <form class="product-fs" method="POST" action="{{ url_for('main.seller.update', id=product.id) }}" enctype="multipart/form-data">
             <img class="product-image" src="{{ url_for('static', filename='assets/img/products/' + product.image) }}" alt="Brake Disks"/>
             <div class="product-details">
                 <div class="input-form-row">
@@ -83,7 +83,7 @@
                 <label class="modal__close" for="deleteModal"></label>
                 <h2>Confirm Delete</h2>
                 <p>Are you sure you want to <b>delete {{product.name}}</b> from your products</p>
-                <form method="POST" action="{{ url_for('main.products.delete', id=product.id) }}">
+                <form method="POST" action="{{ url_for('main.seller.delete', id=product.id) }}">
                     <div class="input-form-row">
                         <input type="submit" class="modal-btn error" for="deleteModal" value="Delete" />
                     </div>