def create_comment(post_id): comment_raw = request.get_json(force=True) comment_cleaned, error = parse_validate_comment_raw(comment_raw) if error: return error_response(HTTP_400_BAD_REQUEST, error) for_user_id = comment_cleaned['user_id'] post = Post.query.get(post_id) if not post: return error_response(HTTP_404_NOT_FOUND, 'Post does not exist') for ban in post.banned_users: if ban.user_id == for_user_id: return error_response( HTTP_403_FORBIDDEN, 'This user is not allowed to create comments') comment = Comment(body=comment_cleaned['body'], user_id=for_user_id, post_id=post_id) db.session.add(comment) try: db.session.commit() db.session.flush() except IntegrityError: return error_response(HTTP_400_BAD_REQUEST, 'Post does not belong this user') return success_response(HTTP_201_CREATED, { 'id': comment.id, 'pub_date': comment.pub_date })
def get_comments_or_create(user_id, post_id): user = User.query.get(user_id) if not user: return error_response(HTTP_404_NOT_FOUND, 'User does not exist') post = Post.query.get(post_id) if not post: return error_response(HTTP_404_NOT_FOUND, 'Post does not exist') if request.method == 'GET': return get_comments(post_id) else: return create_comment(post_id)
def create_user(): user_raw = request.get_json(force=True) user_cleaned, error = parse_validate_user_raw(user_raw) if error: return error_response(HTTP_400_BAD_REQUEST, error) user = User(username=user_cleaned['username']) db.session.add(user) try: db.session.commit() db.session.flush() except IntegrityError: return error_response(HTTP_400_BAD_REQUEST, 'User already exists') return success_response(HTTP_201_CREATED, { 'id': user.id, 'username': user.username })
def delete_ban(user_id, post_id, ban_id): user = User.query.get(user_id) if not user: return error_response(HTTP_404_NOT_FOUND, 'User does not exist') post = Post.query.get(post_id) if not post: return error_response(HTTP_404_NOT_FOUND, 'Post does not exist') ban = BanForComment.query.get(ban_id) if not ban: return error_response(HTTP_404_NOT_FOUND, 'Ban does not exist') else: db.session.delete(ban) try: db.session.commit() except IntegrityError: return error_response(HTTP_400_BAD_REQUEST, 'Already deleted') return success_response(HTTP_200_OK)
def create_post(user_id): user = User.query.get(user_id) if not user: return error_response(HTTP_404_NOT_FOUND, 'User does not exist') post_raw = request.get_json(force=True) post_cleaned, error = parse_validate_post(post_raw) if error: return error_response(HTTP_400_BAD_REQUEST, error) tags = [] tags_name = post_cleaned['tags'] for name in tags_name: tag = Tag.query.filter(Tag.name == name).first() if not tag: # create tag db.session.add(Tag(name=name)) try: db.session.commit() except IntegrityError: # tag already exists db.session.rollback() finally: tag = Tag.query.filter(Tag.name == name).first() if tag: tags.append(tag) post = Post(title=post_cleaned['title'], body=post_cleaned['body'], user_id=user_id, tags=tags) db.session.add(post) try: db.session.commit() db.session.flush() except IntegrityError: return error_response(HTTP_400_BAD_REQUEST, 'Could not create post') return success_response( HTTP_201_CREATED, { 'id': post.id, 'pub_date': post.pub_date, 'title': post.title, 'tags': [t.name for t in post.tags] })
def create_ban(user_id, post_id): user = User.query.get(user_id) if not user: return error_response(HTTP_404_NOT_FOUND, 'User does not exist') post = Post.query.get(post_id) if not post: return error_response(HTTP_404_NOT_FOUND, 'Post does not exist') ban_raw = request.get_json(force=True) ban_cleaned, error = parse_validate_ban_raw(ban_raw) if error: return error_response(HTTP_400_BAD_REQUEST, error) for_user_id = ban_cleaned['user_id'] for_user = User.query.get(for_user_id) if not for_user: return error_response(HTTP_404_NOT_FOUND, 'User does not exist') ban = BanForComment.query.filter( BanForComment.post_id == post_id, BanForComment.user_id == for_user_id ).first() if ban: return error_response(HTTP_400_BAD_REQUEST, 'Ban for this user and post already exists') else: ban = BanForComment(post_id=post_id, user_id=for_user_id) db.session.add(ban) try: db.session.commit() db.session.flush() except IntegrityError: return error_response(HTTP_400_BAD_REQUEST, 'Post or user does not exist') return success_response(HTTP_201_CREATED, {'id': ban.id, 'user_id': ban.user_id, 'post_id': ban.post_id})
def search(): tags_arg = request.args.get('tags') if tags_arg: tags_name = tags_arg.split(',') for tag in tags_name: if not contains_only_letters_and_numbers(tag): return error_response(HTTP_400_BAD_REQUEST, 'Bad param `tags`') else: tags_name = [] date_beg_arg = request.args.get('date_begin') date_end_arg = request.args.get('date_end') title_arg = request.args.get('title') if not tags_arg and not date_beg_arg and not date_end_arg and not title_arg: return success_response(HTTP_200_OK, []) if not tags_arg: sql_search_template = """ SELECT p.id, p.title, p.body, p.pub_date FROM post p WHERE {search_date_begin} AND {search_date_end} AND {search_title} """ sql_search = sql_search_template.format( search_date_begin='p.pub_date >= :date_begin' if date_beg_arg else 1, search_date_end='p.pub_date <= :date_end' if date_end_arg else 1, search_title='p.title LIKE :title' if title_arg else 1) else: # Поиск в том числе по тегам sql_search_template = """ WITH cte_tags as ( select t.id from tag t where t.name IN ({search_tags}) ) SELECT DISTINCT p.id, p.title, p.body, p.pub_date FROM post p join tag_post tp ON p.id = tp.post_id join cte_tags c ON tp.tag_id = c.id WHERE {search_date_begin} AND {search_date_end} AND {search_title} """ sql_search = sql_search_template.format( search_tags=str(tags_name)[1:-1], search_date_begin='p.pub_date >= :date_begin' if date_beg_arg else 1, search_date_end='p.pub_date <= :date_end' if date_end_arg else 1, search_title='p.title LIKE :title' if title_arg else 1) stmt = text(sql_search) conn = db.engine.connect() args = {} if title_arg: args['title'] = '%' + title_arg + '%' if date_beg_arg: args['date_begin'] = date_beg_arg if date_end_arg: args['date_end'] = date_end_arg cursor = conn.execute(stmt, **args) res = [] for rec in cursor: post_id, post_title, post_body, post_pub_date = rec res.append({ 'id': post_id, 'title': post_title, 'body': post_body, 'pub_date': post_pub_date }) return success_response(HTTP_200_OK, res)