def patch_item(item_id):
if request.json is None:
abort(400)
data = request.json
conn = pymysql.connect(**dbparams)
try:
with conn.cursor() as cursor:
query = 'SELECT * FROM items WHERE id=%s'
cursor.execute(query, (item_id))
app.logger.debug(cursor._last_executed)
result = cursor.fetchone()
if result is None:
abort(404)
user_id = current_user.get_id()
if result['user_id'] != user_id:
abort(403)
title = data.get('title', '')
body = data.get('body', '')
if title == '' and body == '':
abort(400) # missing arguments
if title == '':
title = result['title']
if body == '':
body = result['body']
with conn.cursor() as cursor:
query = 'UPDATE items SET title=%s, body=%s, updated_at=%s '\
'WHERE id=%s'
now = get_today()
cursor.execute(query, (title, body, now, item_id))
app.logger.debug(cursor._last_executed)
conn.commit()
with conn.cursor() as cursor:
query = 'SELECT * FROM items WHERE id=%s'
cursor.execute(query, (item_id))
app.logger.debug(cursor._last_executed)
result = cursor.fetchone()
if result['likes'] is None:
result['likes'] = ''
result['username'] = current_user.get_username()
result.pop('user_id')
return jsonify(result)
finally:
conn.close()
def post_users():
if request.json is None:
abort(400)
data = request.json
username = data.get('username', '')
password = data.get('password', '')
if username == '' or password == '':
abort(400) # missing arguments
conn = pymysql.connect(**dbparams)
try:
with conn.cursor() as cursor:
query = 'SELECT * FROM users WHERE username=%s'
number_of_rows = cursor.execute(query, (username,))
app.logger.debug(cursor._last_executed)
if number_of_rows > 0:
abort(409) # existing user
salt = get_salt()
password_hash = get_passwordhash(salt, password)
current_time = get_today()
with conn.cursor() as cursor:
query = 'INSERT INTO users (username, password_hash,' \
'salt, created_at, updated_at)' \
' VALUES (%s, %s, %s, %s, %s);'
cursor.execute(query, (username, password_hash,
salt, current_time, current_time))
app.logger.debug(cursor._last_executed)
user_info = {
'id': cursor.lastrowid,
'username': username,
'created_at': current_time,
'updated_at': current_time
}
conn.commit()
finally:
conn.close()
return jsonify(**user_info), 201
def post_item():
if request.json is None:
abort(400)
data = request.json
title = data.get('title', '')
body = data.get('body', '')
if title == '' or body == '':
abort(400) # missing arguments
conn = pymysql.connect(**dbparams)
try:
with conn.cursor() as cursor:
today = get_today()
user_id = str(current_user.get_id())
query = 'INSERT INTO items '\
'(user_id, title, body, created_at, updated_at) '\
'VALUES (%s, %s, %s, %s, %s);'
cursor.execute(query, (user_id, title, body, today, today))
app.logger.debug(cursor._last_executed)
item_id = str(cursor.lastrowid)
conn.commit()
with conn.cursor() as cursor:
query = 'SELECT * FROM items WHERE id=%s'
cursor.execute(query, (item_id))
app.logger.debug(cursor._last_executed)
result = cursor.fetchone()
if result['likes'] is None:
result['likes'] = ''
result['username'] = current_user.get_username()
result.pop('user_id')
response = jsonify(result)
response.status_code = 201
return response
finally:
conn.close()
def patch_users(username):
if request.json is None:
abort(400)
data = request.json
new_username = data.get('username', '')
password = data.get('password', '')
if new_username == '' and password == '':
abort(400)
conn = pymysql.connect(**dbparams)
try:
with conn.cursor() as cursor:
query = 'SELECT * FROM users WHERE username=%s'
cursor.execute(query, (username))
app.logger.debug(cursor._last_executed)
result = cursor.fetchone()
if result is None:
abort(404)
# Users must not change other username.
user_id = current_user.get_id()
if result['id'] != user_id:
abort(403)
if new_username == '':
new_username = result['username']
else:
with conn.cursor() as cursor:
query = 'SELECT * FROM users WHERE username=%s'
cursor.execute(query, (new_username))
app.logger.debug(cursor._last_executed)
user = cursor.fetchone()
# User can't change to existing username
if user is not None:
abort(409)
if password == '':
salt = result['salt']
password_hash = result['password_hash']
else:
salt = get_salt()
password_hash = get_passwordhash(salt, password)
with conn.cursor() as cursor:
query = 'UPDATE users SET username=%s, password_hash=%s, '\
'salt=%s, updated_at=%s WHERE id=%s'
cursor.execute(query,
(new_username, password_hash, salt,
get_today(), user_id))
app.logger.debug(cursor._last_executed)
conn.commit()
with conn.cursor() as cursor:
query = 'SELECT id, username, created_at, updated_at '\
'FROM users WHERE id=%s'
cursor.execute(query, (user_id,))
app.logger.debug(cursor._last_executed)
result = cursor.fetchone()
return jsonify(result)
finally:
conn.close()