def rent_title(): user = User.query.filter_by(username=auth.username()).first() if auth.username() == "admin": return bad_request_response("Admin cannot rent a movie") if not user or auth.username() != user.username: return "Access Denied", 401 movie_id = request.args.get("movie_id") if not movie_id: return bad_request_response( "You must specify the movie id using movie_id param in order to rent a movie." ) movie = Movie.query.filter_by(id=movie_id).first() if not movie: return not_found_response( "The movie_id provided does not match a movie in the database." ) order = Order.query.filter_by(movie_id=movie_id, user_id=user.id).first() if order: return already_exists_response("You have already purchased this movie.") new_order = Order(movie_id=movie_id, user_id=user.id) user.rent_movie(movie) db.session.add(new_order) db.session.commit() res = jsonify({}) res.status_code = 201 return res
def get_home_page(): if auth.username() == "admin": payload = {"message": "You are admin"} return jsonify(payload) user = User.query.filter_by(username=auth.current_user()).first() if not auth.username() == user.username: return unauthorized_access() payload, status_code = user.user_dict(), 200 res = jsonify(payload) res.status_code = status_code return res
def list_orders(): page = request.args.get("page", 1, type=int) per_page = request.args.get("per_page", current_app.config["PER_PAGE"], type=int) if auth.current_user() == "admin": orders = Order.query.order_by(Order.id.asc()).paginate( page=page, per_page=per_page, error_out=False) else: user = User.query.filter_by(username=auth.current_user()).first() if not user or not auth.username() == user.username: return unauthorized_access() orders = Order.query.filter_by(user_id=user.id).paginate( page=page, per_page=per_page, error_out=False) next_url = (url_for("api.list_orders", page=orders.next_num) if orders.has_next else None) prev_url = (url_for("api.list_orders", page=orders.prev_num) if orders.has_prev else None) payload = { "_meta": { "next": next_url, "prev": prev_url }, "orders": [order.order_dict() for order in orders.items], } res = jsonify(payload) return res
def pay_title(): order_id = request.args.get("order_id") amount = request.args.get("amount", type=int) if not order_id: return bad_request_response( "You must use the order_id param to pay an order.") if not amount: return bad_request_response( "You must also use the amount param to pay an order.") order = Order.query.filter_by(id=order_id).first() if not order: return not_found_response( "The order_id provided does not a match an order in the database.") u = User.query.filter_by(username=auth.username()).first() if not u or u.id != order.user_id: return unauthorized_access() if order.paid: return already_exists_response("The order is already paid.") if float(amount) < order.get_charge_per_order(): return bad_request_response( f"The amount you have to pay is {order.get_charge_per_order()}") order.paid = True db.session.add(order) db.session.commit() payload = {"message": "Order successfully paid"} return jsonify(payload)
def get_watched_history(user_id): user = User.query.filter_by(id=user_id).first() if user: if auth.current_user() != "admin" and auth.username() != user.username: return unauthorized_access() if not user: return not_found_response( message= "The user_id provided does not match a user in the database.") payload = {"movies:": [movie.movie_dict() for movie in user.movies]} return jsonify(payload)
def list_user_orders(user_id): user = User.query.filter_by(id=user_id).first() if user: if auth.current_user() != "admin" and auth.username() != user.username: return unauthorized_access() if not user: return not_found_response( "The user_id provided does not match a user in the database.") payload = { "items": [{ f"order id: {order.id}": order.ordered_movie.title, "Paid": order.paid } for order in user.orders] } res = jsonify(payload) return res
def update_username(user_id): user = User.query.filter_by(id=request.args.get(user_id)).first() if not user: if auth.current_user() == "admin": return not_found_response("User not found") return unauthorized_access() if not (auth.current_user() == "admin" or auth.username() == user.username): return unauthorized_access() username = request.args.get("username") if username: u = User.query.filter_by(username=username).first() if u: return already_exists_response( f"Username {u.username} is used by another user. Please user another username." ) else: if not bool(re.search("[a-zA-Z]", username)): return bad_request_response( "You cannot have an empty username.") user.username = username return successful_update()