def put(self, user_id, book_id): """ updates the information pertaining to a single book cannot change the isbn information """ parser = reqparse.RequestParser() parser.add_argument("title") parser.add_argument("author") parser.add_argument("isbn") parser.add_argument("publication_date") args = parser.parse_args() title = args["title"] author = args["author"] isbn = args["isbn"] publication_date = args["publication_date"] if title is "" or author is "" or isbn is "" or publication_date is "": return "Bad user data", 400 book = query_db('SELECT * FROM book WHERE userId = ? and id = ?', \ (user_id, book_id,), one=True) if book is None: return "Resource not found", 404 if isbn == book['isbn']: query_db('UPDATE book SET title = ?, author = ?, publication_date = ? \ WHERE id = ?', (title, author, publication_date, book_id), commit=True) return "", 200 else: return "Bad user data", 400
def post(self): """ create a new user grab the arguments from the request using a parser """ parser = reqparse.RequestParser() parser.add_argument("firstname") parser.add_argument("lastname") parser.add_argument("email") parser.add_argument("password") args = parser.parse_args() firstname = args["firstname"] lastname = args["lastname"] email = args["email"] password = args["password"] # verify the information being passed through the request if firstname is "" or lastname is "" or email is "" or password is "": return "Bad user data", 400 user = query_db('SELECT email FROM user WHERE email == ?', (email, )) if user is None: # encrypt the password before storing it in the db passhash = pbkdf2_sha256.encrypt(password, rounds=10000, salt_size=16) user_id = query_db('INSERT into user (firstname,lastname,email,password) \ VALUES (?, ?, ?, ?)' , (firstname, lastname, email, passhash), \ commit=True) return user_id, 201 else: return "User already exists", 400
def post(self, user_id): """ creates or adds a new book to the given user's wishlist """ user = query_db('SELECT id from user where id = ?', (user_id,)) if user is None: return "User not found", 404 parser = reqparse.RequestParser() parser.add_argument("title") parser.add_argument("author") parser.add_argument("isbn") parser.add_argument("publication_date") args = parser.parse_args() title = args["title"] author = args["author"] isbn = args["isbn"] publication_date = args["publication_date"] book = query_db('SELECT b.id, b.isbn FROM book b WHERE b.isbn == ?', (isbn,)) if book is None: if title is "" or author is "" or isbn is "" or publication_date is "": return "Bad user data", 400 book_id = query_db('INSERT into book (title,author,isbn,publication_date,userId) \ VALUES (?, ?, ?, ?, ?)', (title, author, isbn, publication_date, user_id), \ commit=True) return book_id, 201 else: return "Book already exists", 400
def put(self, user_id): """ update an existing user's firstname and lastname cannot change email or password information as of now """ parser = reqparse.RequestParser() parser.add_argument("firstname") parser.add_argument("lastname") parser.add_argument("email") parser.add_argument("password") args = parser.parse_args() firstname = args["firstname"] lastname = args["lastname"] email = args["email"] password = args["password"] if firstname is "" or lastname is "" or email is "" or password is "": return "Bad user data", 400 user = query_db('SELECT password, email FROM user WHERE id = ?', (user_id,), one=True) if user is None: return "User not found", 404 else: if pbkdf2_sha256.verify(password, user['password']) and \ email == user['email']: query_db('UPDATE user SET firstname = ?, lastname = ? \ WHERE id = ?', (firstname, lastname, user_id), commit=True) return "", 200 else: return "Authentication failure", 401
def delete(self, user_id): """ deletes all books associated with the given user """ user = query_db('SELECT id from user where id = ?', (user_id,)) if user is None: return "User not found", 404 query_db('DELETE from book where userId = ?', (user_id,), commit=True) return "", 204
def delete(self, user_id, book_id): """ deletes the book associated to the given user """ user_book = query_db('SELECT * FROM book WHERE userId = ? and id = ?', \ (user_id, book_id,), one=True) if user_book is None: return "Resource not found", 404 query_db('DELETE FROM book WHERE id = ?', (book_id,), commit=True) return "", 204
def delete(self, user_id): """ deletes the current user information and any connections associated with that user """ user = query_db('SELECT id from user where id = ?', (user_id,)) if user is None: return "User not found", 404 query_db('DELETE from book where userId = ?', (user_id,)) query_db('DELETE from user where id = ?', (user_id,), commit=True) return "", 204
def get(self, user_id): """ retrieves the wishlist for the given user """ user = query_db('SELECT u.id from user u where u.id = ?', (user_id,)) if user is None: return "User not found", 404 books = query_db('SELECT * FROM book WHERE userId = ? ORDER BY \ publication_date DESC', (user_id,)) if books is None: return "No books found in wishlist", 404 else: response = jsonify(books) response.status_code = 200 return response
def get(self): """ retrieve all users currently in the database """ user = query_db('SELECT id, firstname, lastname, email FROM user') if user is None: return "Users not found", 404 response = jsonify(user) response.status_code = 200 return response
def get(self, user_id): """ retrieve all info for the current user """ user = query_db('SELECT id, firstname, lastname, email FROM user \ WHERE id = ?', (user_id,), one=True) if user is None: return "User not found", 404 response = jsonify(user) response.status_code = 200 return response
def get(self, user_id, book_id): """ gets the associated book for the given user """ book = query_db('SELECT * FROM book WHERE userId = ? and id = ?', \ (user_id, book_id,), one=True) if book is None: return "Resource not found", 404 response = jsonify(book) response.status_code = 200 return response