def album_api(album_id):
album = extensions.get_album(album_id)
if album == None:
return send_404()
response = {}
picLis = []
if request.method == 'GET':
for photo in album.get_picList():
thisPic = {}
thisPic['albumid'] = photo.get_albumID()
thisPic['caption'] = photo.get_caption()
thisPic['format'] = photo.get_format()
thisPic['next'] = photo.get_nextID()
thisPic['picid'] = photo.get_picid()
thisPic['prev'] = photo.get_prevID()
picLis.append(thisPic)
if album.is_private() == True:
if 'username' not in session:
return send_401()
if session['username'] != album.get_username():
return send_403()
response['access'] = 'private'
else:
response['access'] = 'public'
response['albumid'] = album.get_id()
response['created'] = str(album.get_created())
response['lastupdated'] = str(album.get_lastUpdated())
response['pics'] = picLis
response['title'] = album.get_title()
response['username'] = album.get_username()
#elif request.method == 'POST':
# req = request.get_json(force=True)
# #not sure what to do with retrived data
return jsonify(response), 200
def logout_api():
if 'username' not in session:
return send_401()
session.pop('username', None)
session.pop('firstname', None)
session.pop('lastname', None)
return ('', 204)
def pic_api(pic):
errors = []
print "got to route"
if request.method == 'PUT':
req = request.get_json(force=True)
if ('albumid' not in req) or ('caption' not in req) or (
'format' not in req) or ('next' not in req) or (
'picid' not in req) or ('prev' not in req):
errors.append("You did not provide the necessary fields")
return jsonify(generate_error_response(errors)), 422
photo = extensions.get_photo(pic)
if photo == None:
return send_404()
if 'username' not in session:
return send_401()
if session['username'] != photo.get_username_owner():
return send_403()
if req['albumid'] != photo.get_albumID(
) or req['format'] != photo.get_format(
) or req['next'] != photo.get_nextID(
) or req['picid'] != photo.get_picid(
) or req['prev'] != photo.get_prevID():
errors.append("You can only update caption")
return jsonify(generate_error_response(errors)), 403
pic = req['picid']
if photo.get_username_owner() == session['username']:
extensions.update_photo_caption(pic, req['caption'])
if pic != '':
response = {}
photo = extensions.get_photo(pic)
if photo == None:
return send_404()
response['albumid'] = photo.get_albumID()
response['caption'] = photo.get_caption()
response['format'] = photo.get_format()
response['next'] = photo.get_nextID()
response['picid'] = pic
response['prev'] = photo.get_prevID()
if photo.is_private():
if 'username' not in session:
return send_401()
elif photo.has_access(session['username']):
return jsonify(response)
else:
return send_403()
return jsonify(response), 200
def user_api():
username = ''
print 'got to func'
print 'got hereereee'
if request.method == 'POST':
req = request.get_json(force=True)
errors = []
if ('username' not in req) or ('firstname' not in req) or (
'lastname' not in req) or ('email' not in req) or (
'password1' not in req) or ('password2' not in req):
errors.append('You did not provide the necessary fields')
return jsonify(generate_error_response(errors)), 422
if (req['username'] == '') or (req['email'] == '') or (
req['password1'] == '') or (req['password2'] == ''):
errors.append('You did not provide the necessary fields')
return jsonify(generate_error_response(errors)), 422
if req['password1'] != req['password2']:
errors.append('Passwords do not match')
user = User(req['username'], req['firstname'], req['lastname'],
req['password1'], req['email'])
errors = errors + user.validate()
temp_user = extensions.get_user(req['username'])
if temp_user != None:
errors.append('This username is taken')
if errors != []:
return jsonify(generate_error_response(errors)), 422
user.create_salt()
user.hash_pass()
extensions.add_user(user)
username = req['username']
if username == '':
if 'username' not in session:
return send_401()
return get_api_user_helper(username)
print "GOT HERE"
if 'username' not in session:
return send_401()
username = session['username']
return get_api_user_helper(username)
def user_edit_api():
if 'username' not in session:
return send_401()
req = request.get_json(force=True)
username = session['username']
this_user = extensions.get_user(username)
if (req['username'] != this_user.get_username()):
return send_403()
if ('username' not in req) or ('firstname' not in req) or (
'lastname' not in req) or ('email' not in req) or (
'password1' not in req) or ('password2' not in req):
errors.append('You did not provide the necessary fields')
return jsonify(generate_error_response(errors)), 422
if (req['username'] == '') or (req['email'] == ''):
errors.append('You did not provide the necessary fields')
return jsonify(generate_error_response(errors)), 422
errors = []
if req['password1'] != req['password2']:
errors.append('Passwords do not match')
this_user.set_firstname(req['firstname'])
this_user.set_lastname(req['lastname'])
this_user.set_email(req['email'])
if req['password1'] != '' and req['password2'] != '':
print 'CHANGED PASSWORD'
this_user.set_password(req['password1'])
errors = errors + this_user.validate()
if errors != []:
return jsonify(generate_error_response(errors)), 422
elif req['password1'] != '':
this_user.create_salt()
this_user.hash_pass()
extensions.update_user(this_user)
print 'will return now'
session['firstname'] = this_user.get_firstname()
session['lastname'] = this_user.get_lastname()
return user_api()