def rent_title():
user = User.query.filter_by(username=auth.username()).first()
if auth.username() == "admin":
return bad_request_response("Admin cannot rent a movie")
if not user or auth.username() != user.username:
return "Access Denied", 401
movie_id = request.args.get("movie_id")
if not movie_id:
return bad_request_response(
"You must specify the movie id using movie_id param in order to rent a movie."
)
movie = Movie.query.filter_by(id=movie_id).first()
if not movie:
return not_found_response(
"The movie_id provided does not match a movie in the database."
)
order = Order.query.filter_by(movie_id=movie_id, user_id=user.id).first()
if order:
return already_exists_response("You have already purchased this movie.")
new_order = Order(movie_id=movie_id, user_id=user.id)
user.rent_movie(movie)
db.session.add(new_order)
db.session.commit()
res = jsonify({})
res.status_code = 201
return res
def search_movies():
genre = request.args.get("genre")
page = request.args.get("page", 1, type=int)
per_page = request.args.get("per_page",
current_app.config["PER_PAGE"],
type=int)
if not genre:
return bad_request_response(
"You must specify a category using the genre parameter to search for a movie"
)
g = Category.query.filter_by(genre=genre).first()
if not g:
return bad_request_response(f"Genre {genre} not found!")
titles = []
for m in g.movies:
titles.append(m.title)
res = Movie.query.filter(Movie.title.in_(titles)).paginate(
page=page, per_page=per_page, error_out=False)
next_url = (url_for("api.search_movies", page=res.next_num, genre=genre)
if res.has_next else None)
prev_url = (url_for("api.search_movies", page=res.prev_num, genre=genre)
if res.has_prev else None)
data = {
"_meta": {
"next": next_url,
"prev": prev_url
},
"movies": [movie.movie_dict() for movie in res.items],
}
return jsonify(data)
def pay_title():
order_id = request.args.get("order_id")
amount = request.args.get("amount", type=int)
if not order_id:
return bad_request_response(
"You must use the order_id param to pay an order.")
if not amount:
return bad_request_response(
"You must also use the amount param to pay an order.")
order = Order.query.filter_by(id=order_id).first()
if not order:
return not_found_response(
"The order_id provided does not a match an order in the database.")
u = User.query.filter_by(username=auth.username()).first()
if not u or u.id != order.user_id:
return unauthorized_access()
if order.paid:
return already_exists_response("The order is already paid.")
if float(amount) < order.get_charge_per_order():
return bad_request_response(
f"The amount you have to pay is {order.get_charge_per_order()}")
order.paid = True
db.session.add(order)
db.session.commit()
payload = {"message": "Order successfully paid"}
return jsonify(payload)
def add_category():
genre = request.args.get("genre")
if genre is None:
return bad_request_response(
"You must specify the genre param in order to create a new category."
)
if Category.query.filter_by(genre=genre).first() is not None:
return already_exists_response("The category you specified already exists.")
if genre == "all":
return bad_request_response("You cannot add 'all' as a genre.")
c = Category(genre=genre)
db.session.add(c)
db.session.commit()
res = jsonify({})
res.status_code = 201
return res
def update_movie():
movie_id = request.args.get("movie_id")
if not movie_id:
return bad_request_response(
"You must use the movie_id param in order to update a movie.")
m = Movie.query.filter_by(id=movie_id).first()
if m is None:
return not_found_response(
"The movie_id provided does not a match a movie in the database.")
for param in request.args.keys():
if param not in ["id", "orders"] and hasattr(m, param):
if param == "genre":
c = Category.query.filter_by(
genre=request.args.get(param)).first()
if not c:
return not_found_response(
"There is no such category in the database.")
else:
m.category.append(c)
else:
setattr(m, param, str(request.args.get(param)))
db.session.add(m)
db.session.commit()
res = jsonify({})
res.status_code = 204
res.headers["Location"] = url_for("api.get_movie_from_id", movie_id=m.id)
return res
def create_movie():
title = request.args.get("title")
director = request.args.get("director")
if title is None or director is None:
return bad_request_response(
"You must the specify the title and director params in order to create a movie"
)
m = Movie.query.filter_by(title=title, director=director).first()
if m:
return already_exists_response(
"The movie provided is already in the database.")
new_movie = Movie()
for param in request.args.keys():
if hasattr(new_movie, param):
setattr(new_movie, param, str(request.args.get(param)))
elif param == "genre":
c = Category.query.filter_by(genre=request.args.get(param)).first()
if not c:
return not_found_response(
"There is no such category in the database.")
else:
m.category.append(c)
db.session.add(new_movie)
db.session.commit()
res = jsonify({})
res.status_code = 201
res.headers["Location"] = url_for("api.get_movie_from_id",
movie_id=new_movie.id)
return res
def delete_category():
category_id = request.args.get("id")
genre = request.args.get("genre")
if not (genre or category_id):
return bad_request_response(
"You must specify the genre or id param in order to delete a category."
)
if genre:
c = Category.query.filter_by(genre=genre).first()
if c is None:
return not_found_response("The category you specified does not exist.")
else:
c = Category.query.filter_by(genre=genre).first()
if c is None:
return not_found_response("The category you specified does not exist.")
db.session.delete(c)
db.session.commit()
return successful_update()
def update_username(user_id):
user = User.query.filter_by(id=request.args.get(user_id)).first()
if not user:
if auth.current_user() == "admin":
return not_found_response("User not found")
return unauthorized_access()
if not (auth.current_user() == "admin"
or auth.username() == user.username):
return unauthorized_access()
username = request.args.get("username")
if username:
u = User.query.filter_by(username=username).first()
if u:
return already_exists_response(
f"Username {u.username} is used by another user. Please user another username."
)
else:
if not bool(re.search("[a-zA-Z]", username)):
return bad_request_response(
"You cannot have an empty username.")
user.username = username
return successful_update()