Esempio n. 1
0
def patch_item(item_id):
    if request.json is None:
        abort(400)

    data = request.json
    conn = pymysql.connect(**dbparams)

    try:
        with conn.cursor() as cursor:
            query = 'SELECT * FROM items WHERE id=%s'
            cursor.execute(query, (item_id))
            app.logger.debug(cursor._last_executed)
            result = cursor.fetchone()

            if result is None:
                abort(404)

        user_id = current_user.get_id()
        if result['user_id'] != user_id:
            abort(403)

        title = data.get('title', '')
        body = data.get('body', '')

        if title == '' and body == '':
            abort(400)  # missing arguments

        if title == '':
            title = result['title']

        if body == '':
            body = result['body']

        with conn.cursor() as cursor:
            query = 'UPDATE items SET title=%s, body=%s, updated_at=%s '\
                    'WHERE id=%s'

            now = get_today()
            cursor.execute(query, (title, body, now, item_id))
            app.logger.debug(cursor._last_executed)

        conn.commit()

        with conn.cursor() as cursor:
            query = 'SELECT * FROM items WHERE id=%s'
            cursor.execute(query, (item_id))
            app.logger.debug(cursor._last_executed)
            result = cursor.fetchone()

        if result['likes'] is None:
            result['likes'] = ''

        result['username'] = current_user.get_username()
        result.pop('user_id')

        return jsonify(result)
    finally:
        conn.close()
Esempio n. 2
0
def post_users():
    if request.json is None:
        abort(400)

    data = request.json

    username = data.get('username', '')
    password = data.get('password', '')

    if username == '' or password == '':
        abort(400)  # missing arguments

    conn = pymysql.connect(**dbparams)
    try:
        with conn.cursor() as cursor:
            query = 'SELECT * FROM users WHERE username=%s'
            number_of_rows = cursor.execute(query, (username,))
            app.logger.debug(cursor._last_executed)

            if number_of_rows > 0:
                abort(409)  # existing user

        salt = get_salt()
        password_hash = get_passwordhash(salt, password)
        current_time = get_today()

        with conn.cursor() as cursor:
            query = 'INSERT INTO users (username, password_hash,' \
                    'salt, created_at, updated_at)' \
                    ' VALUES (%s, %s, %s, %s, %s);'
            cursor.execute(query, (username, password_hash,
                           salt, current_time, current_time))
            app.logger.debug(cursor._last_executed)
            user_info = {
                    'id': cursor.lastrowid,
                    'username': username,
                    'created_at': current_time,
                    'updated_at': current_time
            }

        conn.commit()
    finally:
        conn.close()

    return jsonify(**user_info), 201
Esempio n. 3
0
def post_item():
    if request.json is None:
        abort(400)

    data = request.json
    title = data.get('title', '')
    body = data.get('body', '')

    if title == '' or body == '':
        abort(400)  # missing arguments

    conn = pymysql.connect(**dbparams)

    try:
        with conn.cursor() as cursor:
            today = get_today()
            user_id = str(current_user.get_id())

            query = 'INSERT INTO items '\
                    '(user_id, title, body, created_at, updated_at) '\
                    'VALUES (%s, %s, %s, %s, %s);'
            cursor.execute(query, (user_id, title, body, today, today))
            app.logger.debug(cursor._last_executed)
            item_id = str(cursor.lastrowid)

        conn.commit()

        with conn.cursor() as cursor:
            query = 'SELECT * FROM items WHERE id=%s'
            cursor.execute(query, (item_id))
            app.logger.debug(cursor._last_executed)
            result = cursor.fetchone()

        if result['likes'] is None:
            result['likes'] = ''

        result['username'] = current_user.get_username()
        result.pop('user_id')

        response = jsonify(result)
        response.status_code = 201
        return response
    finally:
        conn.close()
Esempio n. 4
0
def patch_users(username):
    if request.json is None:
        abort(400)

    data = request.json

    new_username = data.get('username', '')
    password = data.get('password', '')

    if new_username == '' and password == '':
        abort(400)

    conn = pymysql.connect(**dbparams)
    try:
        with conn.cursor() as cursor:
            query = 'SELECT * FROM users WHERE username=%s'
            cursor.execute(query, (username))
            app.logger.debug(cursor._last_executed)
            result = cursor.fetchone()

            if result is None:
                abort(404)

        # Users must not change other username.
        user_id = current_user.get_id()
        if result['id'] != user_id:
            abort(403)

        if new_username == '':
            new_username = result['username']
        else:
            with conn.cursor() as cursor:
                query = 'SELECT * FROM users WHERE username=%s'
                cursor.execute(query, (new_username))
                app.logger.debug(cursor._last_executed)
                user = cursor.fetchone()

                # User can't change to existing username
                if user is not None:
                    abort(409)

        if password == '':
            salt = result['salt']
            password_hash = result['password_hash']
        else:
            salt = get_salt()
            password_hash = get_passwordhash(salt, password)

        with conn.cursor() as cursor:
            query = 'UPDATE users SET username=%s, password_hash=%s, '\
                    'salt=%s, updated_at=%s WHERE id=%s'
            cursor.execute(query,
                           (new_username, password_hash, salt,
                            get_today(), user_id))
            app.logger.debug(cursor._last_executed)

        conn.commit()

        with conn.cursor() as cursor:
            query = 'SELECT id, username, created_at, updated_at '\
                    'FROM users WHERE id=%s'
            cursor.execute(query, (user_id,))
            app.logger.debug(cursor._last_executed)
            result = cursor.fetchone()

        return jsonify(result)
    finally:
        conn.close()