def post(self): #create session cookie and return it to the user request_data = request.get_json() #zamjenit sa request_data.get() jer mozda u req nema uname i pass username = request_data['username'] password = request_data['password'] db = get_db() db_cursor = db.cursor() errors = {} if not username: errors['username'] = '******' elif len(username) > self.max_username_len: errors['username'] = '******' #check if password is correct only if there are no username format errors if not errors: db_cursor.execute('SELECT * FROM user WHERE username = %s', (username, )) user = db_cursor.fetchone() if user is None: errors['username'] = '******' if password is None: errors['password'] = '******' elif not check_password_hash(user['password'], password): errors['password'] = '******' if not errors: session.clear() session['user_id'] = user['id'] return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def get_posts(self): db = get_db() db_cursor = db.cursor() sort_by = request.args.get('sort_by') if sort_by not in ('top', 'rising', 'new'): sort_by = 'rising' user_id = None if g.user: user_id = g.user['id'] errors = {} db_cursor.execute( 'SELECT * FROM post INNER JOIN' ' (SELECT id, username FROM user) u ON post.user_id = u.id' ' LEFT OUTER JOIN' ' (select positive as user_vote_positive, user_id, post_id from post_vote' ' where user_id = %s) v' ' ON post.id = v.post_id' + ranking_sql[sort_by] + ' LIMIT %s OFFSET %s', (user_id, g.limit, g.offset)) posts = db_cursor.fetchall() if not errors: return {"status": "success", "data": posts} else: return {"status": "fail", "data": errors}
def patch(self, id): request_data = request.get_json() db = get_db() db_cursor = db.cursor() #provjerit foreign key constraint u bazi kad se brise user (postovi, komentari) errors = {} db_cursor.execute('SELECT * FROM comment WHERE id = %s', (id, )) comment = db_cursor.fetchone() if not comment: errors['id'] = 'Comment with selected id does not exist' elif int(comment['user_id']) != g.user['id']: errors['id'] = 'user does not own selected post' else: body = request_data.get('body', None) if not body: errors['body'] = 'No content was found in update request' if not errors: db_cursor.execute( 'UPDATE comment SET body = %s, edited = 1 WHERE id = %s', (body, id)) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def get_user_scores(self, user_id): db = get_db() db_cursor = db.cursor() errors = {} db_cursor.execute('SELECT * FROM user WHERE id = %s', (user_id)) user = db_cursor.fetchone() if not user: errors['user_id'] = 'User with given id does not exist' if not errors: db_cursor.execute( 'SELECT SUM(votes) as score FROM post WHERE user_id = %s', (user_id)) posts_score = db_cursor.fetchone()['score'] if not posts_score: posts_score = 0 db_cursor.execute( 'SELECT SUM(votes) as score FROM comment WHERE user_id = %s', (user_id)) comment_score = db_cursor.fetchone()['score'] if not comment_score: comment_score = 0 scores = { "posts_score": int(posts_score), "comment_score": int(comment_score) } return {"status": "success", "data": scores} else: return {"status": "fail", "data": errors}
def create_vote(self, post_id): db = get_db() db_cursor = db.cursor() request_data = request.get_json() positive = True direction = request_data.get('direction', None) if direction and int(direction) == -1: positive = False errors = {} db_cursor.execute( 'SELECT * FROM post_vote WHERE user_id = %s AND post_id = %s', (g.user['id'], post_id)) vote = db_cursor.fetchone() if vote: if positive and vote['positive']: errors['vote'] = 'Positive vote already exists.' elif not positive and not vote['positive']: errors['vote'] = 'Negative vote already exists.' if not errors: if vote: db_cursor.execute( 'UPDATE post_vote SET positive = %s' ' WHERE user_id = %s and post_id = %s', (positive, g.user['id'], post_id)) else: db_cursor.execute( 'INSERT INTO post_vote (user_id, post_id, positive)' ' VALUES (%s, %s, %s)', (g.user['id'], post_id, positive)) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: db = get_db() db_cursor = db.cursor() db_cursor.execute('SELECT * FROM user WHERE id = %s', (user_id, )) g.user = db_cursor.fetchone()
def get(self, id): db = get_db() db_cursor = db.cursor() errors = {} db_cursor.execute('SELECT * FROM comment WHERE id = %s', (id, )) comment = db_cursor.fetchone() if comment is None: errors['comment_id'] = 'Comment not found.' if not errors: return {"status": "success", "data": comment} else: return {"status": "fail", "data": errors}
def delete(self, id): db = get_db() db_cursor = db.cursor() #provjerit foreign key constraint u bazi kad se brise user (postovi, komentari) errors = {} if int(g.user['id']) != id: errors['id'] = 'user id does not match login id' else: #provjerit ako je delete uspio db_cursor.execute('DELETE FROM user WHERE id = %s', (id, )) db.commit() if not errors: return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def get_post(self, id): db = get_db() db_cursor = db.cursor() errors = {} db_cursor.execute( 'SELECT * FROM post INNER JOIN on post.user_id = u.id' ' (SELECT id, username FROM user) u WHERE id = %s', (id, )) post = db_cursor.fetchone() if post is None: errors['post_id'] = 'Post not found.' if not errors: return {"status": "success", "data": post} else: return {"status": "fail", "data": errors}
def get_comments_by_user(self, user_id): db = get_db() db_cursor = db.cursor() errors = {} db_cursor.execute('SELECT * FROM user WHERE id = %s', (user_id)) user = db_cursor.fetchone() if not user: errors['user_id'] = 'User with given id does not exist' if not errors: db_cursor.execute('SELECT * FROM comment WHERE user_id = %s', (user_id)) comments = db_cursor.fetchall() return {"status": "success", "data": comments} else: return {"status": "fail", "data": errors}
def post(self): #create new user request_data = request.get_json() username = request_data.get('username') password = request_data.get('password') confirm_password = request_data.get('confirm_password') #email is optional, set as None if not found in request data email = request_data.get('email', None) db = get_db() db_cursor = db.cursor() errors = {} if not username: errors['username'] = '******' elif len(username) > self.max_username_len: errors['username'] = '******' elif db_cursor.execute( 'SELECT id FROM user WHERE username = %s', (username, )) and db_cursor.fetchone() is not None: errors['username'] = '******'.format( username) if not password: errors['password'] = '******' elif not confirm_password: errors['password'] = '******' elif password != confirm_password: errors['password'] = '******' if email is not None: if len(email) > 0: db_cursor.execute('SELECT email FROM user WHERE email = %s', (email, )) if db_cursor.fetchone(): errors['email'] = 'email is already used by another user' else: email = None #set to null in db if not errors: db_cursor.execute( 'INSERT INTO user (username, password, email) VALUES (%s, %s, %s)', (username, generate_password_hash(password), email)) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def delete_comment(self, id): db = get_db() db_cursor = db.cursor() #provjerit foreign key constraint u bazi kad se brise user (postovi, komentari) errors = {} db_cursor.execute('SELECT * FROM comment WHERE id = %s', (id, )) comment = db_cursor.fetchone() if not comment: errors['id'] = 'Comment with selected id does not exist' elif int(comment['user_id']) != g.user['id']: errors['id'] = 'user does not own selected post' if not errors: #provjerit ako je delete uspio db_cursor.execute('DELETE FROM comment WHERE id = %s', (id, )) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def delete_vote(self, comment_id): db = get_db() db_cursor = db.cursor() errors = {} db_cursor.execute( 'SELECT * FROM comment_vote WHERE user_id = %s AND comment_id = %s', (g.user['id'], comment_id)) vote = db_cursor.fetchone() if not vote: errors['vote'] = 'Vote does not exist.' if not errors: db_cursor.execute( 'DELETE FROM comment_vote WHERE user_id = %s and comment_id = %s', (g.user['id'], comment_id)) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def get_post_comments(self, post_id): db = get_db() db_cursor = db.cursor() errors = {} db_cursor.execute('SELECT * FROM post WHERE id = %s', (post_id, )) post = db_cursor.fetchone() if not post: errors['post_id'] = 'Post with given id does not exist' if not errors: db_cursor.execute( 'SELECT * FROM comment INNER JOIN' ' (SELECT id, username FROM user) u on comment.user_id = u.id' ' WHERE post_id = %s ORDER BY depth, created', (post_id, )) comments = db_cursor.fetchall() #comments = create_comment_threads(deque(comments)) return {"status": "success", "data": comments} else: return {"status": "fail", "data": errors}
def create_post(self): #create new post request_data = request.get_json() title = request_data.get('title', None) url = request_data.get('url', None) body = request_data.get('body', None) db = get_db() db_cursor = db.cursor() errors = {} if not title: errors['title'] = 'Title is required' if not errors: db_cursor.execute( 'INSERT INTO post (title, url, body, user_id) VALUES (%s, %s, %s, %s)', (title, url, body, g.user['id'])) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}
def create_comment(self, post_id): request_data = request.get_json() db = get_db() db_cursor = db.cursor() user_id = g.user['id'] body = request_data.get('body') depth = 0 errors = {} if not post_id: errors['post_id'] = 'Post is missing' if not body: errors['body'] = 'Content is missing.' #if parent_id is found in query params, #this comment will be a response to the comment with id = parent_id parent_id = request_data.get('parent_id') if parent_id: db_cursor.execute( 'SELECT depth, post_id FROM comment WHERE id = %s', (parent_id, )) parent_comment = db_cursor.fetchone() if not parent_comment: errors['parent'] = 'Comment with id = parent_id does not exist' elif parent_comment['post_id'] != post_id: errors[ 'parent'] = 'Parent comment is not related to selected post' else: depth = parent_comment['depth'] + 1 if not errors: db_cursor.execute( 'INSERT INTO comment (body, post_id, user_id, parent_id, depth)' ' VALUES (%s, %s, %s, %s, %s)', (body, post_id, user_id, parent_id, depth)) db.commit() return {"status": "success", "data": None} else: return {"status": "fail", "data": errors}