def submit_review():
if request.method == "POST":
data = json.loads(request.data)
if is_valid_data(
data,
['reviewId', 'bookId', 'revTitle', 'content', 'score', 'language'
]):
review_id = data['reviewId']
book_id = data['bookId']
review_title = data['revTitle']
content = data['content']
score = data['score']
language = data['language']
user_id = current_user.id
# If admin
if database_helper.is_admin(user_id):
if database_helper.is_own_review(user_id, review_id):
if database_helper.has_reviewed(user_id, book_id):
database_helper.update_review(user_id, review_id,
book_id, review_title,
content, score, language)
else:
database_helper.submit_review(book_id, review_title,
content, score, language,
user_id)
else:
user_id = database_helper.get_review_writer(review_id)
database_helper.update_review(user_id, review_id, book_id,
review_title, content, score,
language)
# If not admin
else:
if not database_helper.has_reviewed(user_id, book_id):
database_helper.submit_review(book_id, review_title,
content, score, language,
user_id)
else:
if database_helper.is_own_review(user_id, review_id):
database_helper.update_review(user_id, review_id,
book_id, review_title,
content, score, language)
else:
abort(401)
return json.dumps({'bookId': book_id})
else:
abort(400)
def init():
doc = request.args.get('doc')
signed_in = current_user.is_authenticated()
if signed_in:
admin = database_helper.is_admin(current_user.id)
else:
admin = False
if doc is None:
url_auth = make_authorization_url()
return render_template("index.html",
URL_AUTH=url_auth,
SIGNED_IN=signed_in,
ADMIN=admin)
if doc == "home":
admin = database_helper.get_user('*****@*****.**')
if admin is not None:
admin_id = admin.id
else:
admin_id = "0"
return render_template("home.html", ADMIN_ID=admin_id)
id_arg = request.args.get('id')
try:
id_arg = int(id_arg)
except:
pass
if doc == "profile":
if signed_in:
own = ((id_arg == 'signedIn') or (id_arg == current_user.id))
else:
own = False
return render_template("profile.html",
SIGNED_IN=signed_in,
OWN_PROFILE=own)
elif doc == "review":
if signed_in:
own = database_helper.is_own_review(current_user.id, id_arg)
else:
own = False
return render_template("review.html",
SIGNED_IN=signed_in,
OWN_REVIEW=own,
ADMIN=admin)
elif doc == "title":
return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin)
elif doc == "author":
return render_template("author.html", ADMIN=admin)
else:
abort(404)
def get_review():
if request.method == "GET":
edit = (request.args.get('edit') == 'edit')
review_id = request.args.get('id')
signed_in = current_user.is_authenticated()
if signed_in and edit:
if not (database_helper.is_own_review(current_user.id, review_id) or database_helper.is_admin(current_user.id)):
abort(404)
data = database_helper.get_review_data(review_id)
if data is None:
abort(404)
data['signedIn'] = signed_in
if signed_in:
data['hasUpvoted'] = database_helper.has_upvoted(current_user.id, review_id)
data['own'] = database_helper.is_own_review(current_user.id, review_id)
return json.dumps({'data': data})
def get_review():
if request.method == "GET":
edit = (request.args.get('edit') == 'edit')
review_id = request.args.get('id')
signed_in = current_user.is_authenticated()
if signed_in and edit:
if not (database_helper.is_own_review(current_user.id, review_id)
or database_helper.is_admin(current_user.id)):
abort(404)
data = database_helper.get_review_data(review_id)
if data is None:
abort(404)
data['signedIn'] = signed_in
if signed_in:
data['hasUpvoted'] = database_helper.has_upvoted(
current_user.id, review_id)
data['own'] = database_helper.is_own_review(
current_user.id, review_id)
return json.dumps({'data': data})
def delete_review():
if request.method == "POST":
data = json.loads(request.data)
if is_valid_data(data, ['reviewId']):
review_id = data['reviewId']
user_id = current_user.id
if database_helper.is_own_review(user_id, review_id) | database_helper.is_admin(user_id):
book_id = database_helper.delete_review(review_id)
return json.dumps({'bookId': book_id})
else:
abort(401)
else:
abort(400)
def submit_review():
if request.method == "POST":
data = json.loads(request.data)
if is_valid_data(data, ['reviewId', 'bookId', 'revTitle', 'content', 'score', 'language']):
review_id = data['reviewId']
book_id = data['bookId']
review_title = data['revTitle']
content = data['content']
score = data['score']
language = data['language']
user_id = current_user.id
# If admin
if database_helper.is_admin(user_id):
if database_helper.is_own_review(user_id, review_id):
if database_helper.has_reviewed(user_id, book_id):
database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language)
else:
database_helper.submit_review(book_id, review_title, content, score, language, user_id)
else:
user_id = database_helper.get_review_writer(review_id)
database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language)
# If not admin
else:
if not database_helper.has_reviewed(user_id, book_id):
database_helper.submit_review(book_id, review_title, content, score, language, user_id)
else:
if database_helper.is_own_review(user_id, review_id):
database_helper.update_review(user_id, review_id, book_id, review_title, content, score, language)
else:
abort(401)
return json.dumps({'bookId': book_id})
else:
abort(400)
def delete_review():
if request.method == "POST":
data = json.loads(request.data)
if is_valid_data(data, ['reviewId']):
review_id = data['reviewId']
user_id = current_user.id
if database_helper.is_own_review(
user_id, review_id) | database_helper.is_admin(user_id):
book_id = database_helper.delete_review(review_id)
return json.dumps({'bookId': book_id})
else:
abort(401)
else:
abort(400)
def init():
doc = request.args.get('doc')
signed_in = current_user.is_authenticated()
if signed_in:
admin = database_helper.is_admin(current_user.id)
else:
admin = False
if doc is None:
url_auth = make_authorization_url()
return render_template("index.html", URL_AUTH=url_auth, SIGNED_IN=signed_in, ADMIN=admin)
if doc == "home":
admin = database_helper.get_user('*****@*****.**')
if admin is not None:
admin_id = admin.id
else:
admin_id = "0"
return render_template("home.html", ADMIN_ID=admin_id)
id_arg = request.args.get('id')
try:
id_arg = int(id_arg)
except:
pass
if doc == "profile":
if signed_in:
own = ((id_arg == 'signedIn') or (id_arg == current_user.id))
else:
own = False
return render_template("profile.html", SIGNED_IN=signed_in, OWN_PROFILE=own)
elif doc == "review":
if signed_in:
own = database_helper.is_own_review(current_user.id, id_arg)
else:
own = False
return render_template("review.html", SIGNED_IN=signed_in, OWN_REVIEW=own, ADMIN=admin)
elif doc == "title":
return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin)
elif doc == "author":
return render_template("author.html", ADMIN=admin)
else:
abort(404)
