def submit_review(): if request.method == "POST": data = json.loads(request.data) if is_valid_data( data, ['reviewId', 'bookId', 'revTitle', 'content', 'score', 'language' ]): review_id = data['reviewId'] book_id = data['bookId'] review_title = data['revTitle'] content = data['content'] score = data['score'] language = data['language'] user_id = current_user.id # If admin if database_helper.is_admin(user_id): if database_helper.is_own_review(user_id, review_id): if database_helper.has_reviewed(user_id, book_id): database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language) else: database_helper.submit_review(book_id, review_title, content, score, language, user_id) else: user_id = database_helper.get_review_writer(review_id) database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language) # If not admin else: if not database_helper.has_reviewed(user_id, book_id): database_helper.submit_review(book_id, review_title, content, score, language, user_id) else: if database_helper.is_own_review(user_id, review_id): database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language) else: abort(401) return json.dumps({'bookId': book_id}) else: abort(400)
def init(): doc = request.args.get('doc') signed_in = current_user.is_authenticated() if signed_in: admin = database_helper.is_admin(current_user.id) else: admin = False if doc is None: url_auth = make_authorization_url() return render_template("index.html", URL_AUTH=url_auth, SIGNED_IN=signed_in, ADMIN=admin) if doc == "home": admin = database_helper.get_user('*****@*****.**') if admin is not None: admin_id = admin.id else: admin_id = "0" return render_template("home.html", ADMIN_ID=admin_id) id_arg = request.args.get('id') try: id_arg = int(id_arg) except: pass if doc == "profile": if signed_in: own = ((id_arg == 'signedIn') or (id_arg == current_user.id)) else: own = False return render_template("profile.html", SIGNED_IN=signed_in, OWN_PROFILE=own) elif doc == "review": if signed_in: own = database_helper.is_own_review(current_user.id, id_arg) else: own = False return render_template("review.html", SIGNED_IN=signed_in, OWN_REVIEW=own, ADMIN=admin) elif doc == "title": return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin) elif doc == "author": return render_template("author.html", ADMIN=admin) else: abort(404)
def get_review(): if request.method == "GET": edit = (request.args.get('edit') == 'edit') review_id = request.args.get('id') signed_in = current_user.is_authenticated() if signed_in and edit: if not (database_helper.is_own_review(current_user.id, review_id) or database_helper.is_admin(current_user.id)): abort(404) data = database_helper.get_review_data(review_id) if data is None: abort(404) data['signedIn'] = signed_in if signed_in: data['hasUpvoted'] = database_helper.has_upvoted(current_user.id, review_id) data['own'] = database_helper.is_own_review(current_user.id, review_id) return json.dumps({'data': data})
def get_review(): if request.method == "GET": edit = (request.args.get('edit') == 'edit') review_id = request.args.get('id') signed_in = current_user.is_authenticated() if signed_in and edit: if not (database_helper.is_own_review(current_user.id, review_id) or database_helper.is_admin(current_user.id)): abort(404) data = database_helper.get_review_data(review_id) if data is None: abort(404) data['signedIn'] = signed_in if signed_in: data['hasUpvoted'] = database_helper.has_upvoted( current_user.id, review_id) data['own'] = database_helper.is_own_review( current_user.id, review_id) return json.dumps({'data': data})
def delete_review(): if request.method == "POST": data = json.loads(request.data) if is_valid_data(data, ['reviewId']): review_id = data['reviewId'] user_id = current_user.id if database_helper.is_own_review(user_id, review_id) | database_helper.is_admin(user_id): book_id = database_helper.delete_review(review_id) return json.dumps({'bookId': book_id}) else: abort(401) else: abort(400)
def submit_review(): if request.method == "POST": data = json.loads(request.data) if is_valid_data(data, ['reviewId', 'bookId', 'revTitle', 'content', 'score', 'language']): review_id = data['reviewId'] book_id = data['bookId'] review_title = data['revTitle'] content = data['content'] score = data['score'] language = data['language'] user_id = current_user.id # If admin if database_helper.is_admin(user_id): if database_helper.is_own_review(user_id, review_id): if database_helper.has_reviewed(user_id, book_id): database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language) else: database_helper.submit_review(book_id, review_title, content, score, language, user_id) else: user_id = database_helper.get_review_writer(review_id) database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language) # If not admin else: if not database_helper.has_reviewed(user_id, book_id): database_helper.submit_review(book_id, review_title, content, score, language, user_id) else: if database_helper.is_own_review(user_id, review_id): database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language) else: abort(401) return json.dumps({'bookId': book_id}) else: abort(400)
def delete_review(): if request.method == "POST": data = json.loads(request.data) if is_valid_data(data, ['reviewId']): review_id = data['reviewId'] user_id = current_user.id if database_helper.is_own_review( user_id, review_id) | database_helper.is_admin(user_id): book_id = database_helper.delete_review(review_id) return json.dumps({'bookId': book_id}) else: abort(401) else: abort(400)