def book(bid):
# Information about the book
book = db.get_book(bid)
uid = db.get_uid(session['user'])
# Book rating and reviews
avg_rating = db.get_avg_rating(bid)
reviews = db.get_reviews(bid)
# Book rating on GoodReads
gr_rating = goodreads_rating(book['isbn'])
form = ReviewForm()
if form.validate_on_submit():
# Checks whether the user has reviewed this book
review_counter = db.get_review(bid, uid)
if review_counter == 0:
review = form.review.data
rating = int(form.rating.data)
db.add_review(uid, bid, review, rating)
else:
flash("You have already left a review")
return redirect(url_for('book', bid=bid))
return render_template('book.html',
title=book['title'],
book=book,
form=form,
reviews=reviews,
rating=avg_rating,
gr_rating=gr_rating)
def POST(self):
options = [0, 1, 2]
review = db.get_review()
schema = db.wikischema()
data = web.input()
banned = []
for k, v in data.items():
table, col = k.split('.')
# validate all params and options against source schema
if schema[table][col] and int(v) in options:
if table not in review:
review[table] = {}
review[table][col] = int(v)
if int(v) == 2:
banned.append(k)
else:
# add a check for other allowed form post params here
# instead of bailing
raise web.HTTPError("400 Bad request",
{'content-type': 'text/html'},
"invalid option")
db.save_review(review, banned)
def GET(self):
schema = db.wikischema()
tables = sorted(schema)
review = db.get_review()
return render.base(view.menu('review'),
view.review(schema, tables, review))
