def post(self):
#create session cookie and return it to the user
request_data = request.get_json()
#zamjenit sa request_data.get() jer mozda u req nema uname i pass
username = request_data['username']
password = request_data['password']
db = get_db()
db_cursor = db.cursor()
errors = {}
if not username:
errors['username'] = '******'
elif len(username) > self.max_username_len:
errors['username'] = '******'
#check if password is correct only if there are no username format errors
if not errors:
db_cursor.execute('SELECT * FROM user WHERE username = %s',
(username, ))
user = db_cursor.fetchone()
if user is None:
errors['username'] = '******'
if password is None:
errors['password'] = '******'
elif not check_password_hash(user['password'], password):
errors['password'] = '******'
if not errors:
session.clear()
session['user_id'] = user['id']
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def get_posts(self):
db = get_db()
db_cursor = db.cursor()
sort_by = request.args.get('sort_by')
if sort_by not in ('top', 'rising', 'new'):
sort_by = 'rising'
user_id = None
if g.user:
user_id = g.user['id']
errors = {}
db_cursor.execute(
'SELECT * FROM post INNER JOIN'
' (SELECT id, username FROM user) u ON post.user_id = u.id'
' LEFT OUTER JOIN'
' (select positive as user_vote_positive, user_id, post_id from post_vote'
' where user_id = %s) v'
' ON post.id = v.post_id' + ranking_sql[sort_by] +
' LIMIT %s OFFSET %s', (user_id, g.limit, g.offset))
posts = db_cursor.fetchall()
if not errors:
return {"status": "success", "data": posts}
else:
return {"status": "fail", "data": errors}
def patch(self, id):
request_data = request.get_json()
db = get_db()
db_cursor = db.cursor()
#provjerit foreign key constraint u bazi kad se brise user (postovi, komentari)
errors = {}
db_cursor.execute('SELECT * FROM comment WHERE id = %s', (id, ))
comment = db_cursor.fetchone()
if not comment:
errors['id'] = 'Comment with selected id does not exist'
elif int(comment['user_id']) != g.user['id']:
errors['id'] = 'user does not own selected post'
else:
body = request_data.get('body', None)
if not body:
errors['body'] = 'No content was found in update request'
if not errors:
db_cursor.execute(
'UPDATE comment SET body = %s, edited = 1 WHERE id = %s',
(body, id))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def get_user_scores(self, user_id):
db = get_db()
db_cursor = db.cursor()
errors = {}
db_cursor.execute('SELECT * FROM user WHERE id = %s', (user_id))
user = db_cursor.fetchone()
if not user:
errors['user_id'] = 'User with given id does not exist'
if not errors:
db_cursor.execute(
'SELECT SUM(votes) as score FROM post WHERE user_id = %s',
(user_id))
posts_score = db_cursor.fetchone()['score']
if not posts_score:
posts_score = 0
db_cursor.execute(
'SELECT SUM(votes) as score FROM comment WHERE user_id = %s',
(user_id))
comment_score = db_cursor.fetchone()['score']
if not comment_score:
comment_score = 0
scores = {
"posts_score": int(posts_score),
"comment_score": int(comment_score)
}
return {"status": "success", "data": scores}
else:
return {"status": "fail", "data": errors}
def create_vote(self, post_id):
db = get_db()
db_cursor = db.cursor()
request_data = request.get_json()
positive = True
direction = request_data.get('direction', None)
if direction and int(direction) == -1:
positive = False
errors = {}
db_cursor.execute(
'SELECT * FROM post_vote WHERE user_id = %s AND post_id = %s',
(g.user['id'], post_id))
vote = db_cursor.fetchone()
if vote:
if positive and vote['positive']:
errors['vote'] = 'Positive vote already exists.'
elif not positive and not vote['positive']:
errors['vote'] = 'Negative vote already exists.'
if not errors:
if vote:
db_cursor.execute(
'UPDATE post_vote SET positive = %s'
' WHERE user_id = %s and post_id = %s',
(positive, g.user['id'], post_id))
else:
db_cursor.execute(
'INSERT INTO post_vote (user_id, post_id, positive)'
' VALUES (%s, %s, %s)', (g.user['id'], post_id, positive))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
db = get_db()
db_cursor = db.cursor()
db_cursor.execute('SELECT * FROM user WHERE id = %s', (user_id, ))
g.user = db_cursor.fetchone()
def get(self, id):
db = get_db()
db_cursor = db.cursor()
errors = {}
db_cursor.execute('SELECT * FROM comment WHERE id = %s', (id, ))
comment = db_cursor.fetchone()
if comment is None:
errors['comment_id'] = 'Comment not found.'
if not errors:
return {"status": "success", "data": comment}
else:
return {"status": "fail", "data": errors}
def delete(self, id):
db = get_db()
db_cursor = db.cursor()
#provjerit foreign key constraint u bazi kad se brise user (postovi, komentari)
errors = {}
if int(g.user['id']) != id:
errors['id'] = 'user id does not match login id'
else:
#provjerit ako je delete uspio
db_cursor.execute('DELETE FROM user WHERE id = %s', (id, ))
db.commit()
if not errors:
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def get_post(self, id):
db = get_db()
db_cursor = db.cursor()
errors = {}
db_cursor.execute(
'SELECT * FROM post INNER JOIN on post.user_id = u.id'
' (SELECT id, username FROM user) u WHERE id = %s', (id, ))
post = db_cursor.fetchone()
if post is None:
errors['post_id'] = 'Post not found.'
if not errors:
return {"status": "success", "data": post}
else:
return {"status": "fail", "data": errors}
def get_comments_by_user(self, user_id):
db = get_db()
db_cursor = db.cursor()
errors = {}
db_cursor.execute('SELECT * FROM user WHERE id = %s', (user_id))
user = db_cursor.fetchone()
if not user:
errors['user_id'] = 'User with given id does not exist'
if not errors:
db_cursor.execute('SELECT * FROM comment WHERE user_id = %s',
(user_id))
comments = db_cursor.fetchall()
return {"status": "success", "data": comments}
else:
return {"status": "fail", "data": errors}
def post(self):
#create new user
request_data = request.get_json()
username = request_data.get('username')
password = request_data.get('password')
confirm_password = request_data.get('confirm_password')
#email is optional, set as None if not found in request data
email = request_data.get('email', None)
db = get_db()
db_cursor = db.cursor()
errors = {}
if not username:
errors['username'] = '******'
elif len(username) > self.max_username_len:
errors['username'] = '******'
elif db_cursor.execute(
'SELECT id FROM user WHERE username = %s',
(username, )) and db_cursor.fetchone() is not None:
errors['username'] = '******'.format(
username)
if not password:
errors['password'] = '******'
elif not confirm_password:
errors['password'] = '******'
elif password != confirm_password:
errors['password'] = '******'
if email is not None:
if len(email) > 0:
db_cursor.execute('SELECT email FROM user WHERE email = %s',
(email, ))
if db_cursor.fetchone():
errors['email'] = 'email is already used by another user'
else:
email = None #set to null in db
if not errors:
db_cursor.execute(
'INSERT INTO user (username, password, email) VALUES (%s, %s, %s)',
(username, generate_password_hash(password), email))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def delete_comment(self, id):
db = get_db()
db_cursor = db.cursor()
#provjerit foreign key constraint u bazi kad se brise user (postovi, komentari)
errors = {}
db_cursor.execute('SELECT * FROM comment WHERE id = %s', (id, ))
comment = db_cursor.fetchone()
if not comment:
errors['id'] = 'Comment with selected id does not exist'
elif int(comment['user_id']) != g.user['id']:
errors['id'] = 'user does not own selected post'
if not errors:
#provjerit ako je delete uspio
db_cursor.execute('DELETE FROM comment WHERE id = %s', (id, ))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def delete_vote(self, comment_id):
db = get_db()
db_cursor = db.cursor()
errors = {}
db_cursor.execute(
'SELECT * FROM comment_vote WHERE user_id = %s AND comment_id = %s',
(g.user['id'], comment_id))
vote = db_cursor.fetchone()
if not vote:
errors['vote'] = 'Vote does not exist.'
if not errors:
db_cursor.execute(
'DELETE FROM comment_vote WHERE user_id = %s and comment_id = %s',
(g.user['id'], comment_id))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def get_post_comments(self, post_id):
db = get_db()
db_cursor = db.cursor()
errors = {}
db_cursor.execute('SELECT * FROM post WHERE id = %s', (post_id, ))
post = db_cursor.fetchone()
if not post:
errors['post_id'] = 'Post with given id does not exist'
if not errors:
db_cursor.execute(
'SELECT * FROM comment INNER JOIN'
' (SELECT id, username FROM user) u on comment.user_id = u.id'
' WHERE post_id = %s ORDER BY depth, created', (post_id, ))
comments = db_cursor.fetchall()
#comments = create_comment_threads(deque(comments))
return {"status": "success", "data": comments}
else:
return {"status": "fail", "data": errors}
def create_post(self):
#create new post
request_data = request.get_json()
title = request_data.get('title', None)
url = request_data.get('url', None)
body = request_data.get('body', None)
db = get_db()
db_cursor = db.cursor()
errors = {}
if not title:
errors['title'] = 'Title is required'
if not errors:
db_cursor.execute(
'INSERT INTO post (title, url, body, user_id) VALUES (%s, %s, %s, %s)',
(title, url, body, g.user['id']))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
def create_comment(self, post_id):
request_data = request.get_json()
db = get_db()
db_cursor = db.cursor()
user_id = g.user['id']
body = request_data.get('body')
depth = 0
errors = {}
if not post_id:
errors['post_id'] = 'Post is missing'
if not body:
errors['body'] = 'Content is missing.'
#if parent_id is found in query params,
#this comment will be a response to the comment with id = parent_id
parent_id = request_data.get('parent_id')
if parent_id:
db_cursor.execute(
'SELECT depth, post_id FROM comment WHERE id = %s',
(parent_id, ))
parent_comment = db_cursor.fetchone()
if not parent_comment:
errors['parent'] = 'Comment with id = parent_id does not exist'
elif parent_comment['post_id'] != post_id:
errors[
'parent'] = 'Parent comment is not related to selected post'
else:
depth = parent_comment['depth'] + 1
if not errors:
db_cursor.execute(
'INSERT INTO comment (body, post_id, user_id, parent_id, depth)'
' VALUES (%s, %s, %s, %s, %s)',
(body, post_id, user_id, parent_id, depth))
db.commit()
return {"status": "success", "data": None}
else:
return {"status": "fail", "data": errors}
