def rent_title():
user = User.query.filter_by(username=auth.username()).first()
if auth.username() == "admin":
return bad_request_response("Admin cannot rent a movie")
if not user or auth.username() != user.username:
return "Access Denied", 401
movie_id = request.args.get("movie_id")
if not movie_id:
return bad_request_response(
"You must specify the movie id using movie_id param in order to rent a movie."
)
movie = Movie.query.filter_by(id=movie_id).first()
if not movie:
return not_found_response(
"The movie_id provided does not match a movie in the database."
)
order = Order.query.filter_by(movie_id=movie_id, user_id=user.id).first()
if order:
return already_exists_response("You have already purchased this movie.")
new_order = Order(movie_id=movie_id, user_id=user.id)
user.rent_movie(movie)
db.session.add(new_order)
db.session.commit()
res = jsonify({})
res.status_code = 201
return res
def get_home_page():
if auth.username() == "admin":
payload = {"message": "You are admin"}
return jsonify(payload)
user = User.query.filter_by(username=auth.current_user()).first()
if not auth.username() == user.username:
return unauthorized_access()
payload, status_code = user.user_dict(), 200
res = jsonify(payload)
res.status_code = status_code
return res
def list_orders():
page = request.args.get("page", 1, type=int)
per_page = request.args.get("per_page",
current_app.config["PER_PAGE"],
type=int)
if auth.current_user() == "admin":
orders = Order.query.order_by(Order.id.asc()).paginate(
page=page, per_page=per_page, error_out=False)
else:
user = User.query.filter_by(username=auth.current_user()).first()
if not user or not auth.username() == user.username:
return unauthorized_access()
orders = Order.query.filter_by(user_id=user.id).paginate(
page=page, per_page=per_page, error_out=False)
next_url = (url_for("api.list_orders", page=orders.next_num)
if orders.has_next else None)
prev_url = (url_for("api.list_orders", page=orders.prev_num)
if orders.has_prev else None)
payload = {
"_meta": {
"next": next_url,
"prev": prev_url
},
"orders": [order.order_dict() for order in orders.items],
}
res = jsonify(payload)
return res
def pay_title():
order_id = request.args.get("order_id")
amount = request.args.get("amount", type=int)
if not order_id:
return bad_request_response(
"You must use the order_id param to pay an order.")
if not amount:
return bad_request_response(
"You must also use the amount param to pay an order.")
order = Order.query.filter_by(id=order_id).first()
if not order:
return not_found_response(
"The order_id provided does not a match an order in the database.")
u = User.query.filter_by(username=auth.username()).first()
if not u or u.id != order.user_id:
return unauthorized_access()
if order.paid:
return already_exists_response("The order is already paid.")
if float(amount) < order.get_charge_per_order():
return bad_request_response(
f"The amount you have to pay is {order.get_charge_per_order()}")
order.paid = True
db.session.add(order)
db.session.commit()
payload = {"message": "Order successfully paid"}
return jsonify(payload)
def get_watched_history(user_id):
user = User.query.filter_by(id=user_id).first()
if user:
if auth.current_user() != "admin" and auth.username() != user.username:
return unauthorized_access()
if not user:
return not_found_response(
message=
"The user_id provided does not match a user in the database.")
payload = {"movies:": [movie.movie_dict() for movie in user.movies]}
return jsonify(payload)
def list_user_orders(user_id):
user = User.query.filter_by(id=user_id).first()
if user:
if auth.current_user() != "admin" and auth.username() != user.username:
return unauthorized_access()
if not user:
return not_found_response(
"The user_id provided does not match a user in the database.")
payload = {
"items": [{
f"order id: {order.id}": order.ordered_movie.title,
"Paid": order.paid
} for order in user.orders]
}
res = jsonify(payload)
return res
def update_username(user_id):
user = User.query.filter_by(id=request.args.get(user_id)).first()
if not user:
if auth.current_user() == "admin":
return not_found_response("User not found")
return unauthorized_access()
if not (auth.current_user() == "admin"
or auth.username() == user.username):
return unauthorized_access()
username = request.args.get("username")
if username:
u = User.query.filter_by(username=username).first()
if u:
return already_exists_response(
f"Username {u.username} is used by another user. Please user another username."
)
else:
if not bool(re.search("[a-zA-Z]", username)):
return bad_request_response(
"You cannot have an empty username.")
user.username = username
return successful_update()