def user_rewards(user_id):
# Get the user account relevant to the user_id parameter
user = User.query.get(user_id)
# Verify the logged in user is actually the user or an attached user.
verify_user(user)
if request.method == 'GET':
# Return the user's rewards in JSON format.
return jsonify(rewards=[r.serialize() for r in user.rewards])
elif request.method == 'POST':
required_json = ['name', 'cost']
json = request.json
if not valid_json(json, required_json):
abort(400)
reward = Reward(name=json.get('name'), cost=json.get('cost'), user_id=user_id)
db.session.add(reward)
db.session.commit()
notify_if_partner("A new reward is available in the store!")
return jsonify(reward.serialize()), 201
