def allAds():
#useless comment
if request.method == 'GET':
return ad.getAllAds()
# Check auth token for PUT, POST or DELETE
if (not token_is_valid(request)):
return "CODE 403 - AUTHORIZATION TOKEN IS INVALID OR MISSING.", 403
else:
# Take info from body of request, make an ad in the DB
if request.method == 'POST':
try:
author = request.form['author']
description = request.form['description']
textbookTitle = request.form['textbookTitle']
image = request.files['image']
userId = get_user_id_from_token(
parse_token(request.environ['HTTP_AUTHORIZATION']))
return ad.addAd(author, description, textbookTitle, image,
userId)
except KeyError as err:
return "CODE 400 - ATTRIBUTE MISSING FROM POST BODY.", 400
else:
return "CODE 405 - THAT METHOD IS NOT ALLOWED.", 405
def allReviews():
adId = request.args.get('adId')
if adId == None:
return "CODE 400 - AD ID IS MISSING FROM QUERY PARAMETERS", 400
if request.method == 'GET':
return review.getAllReviews(adId)
# Bearer token required to perform POST requests
if (not token_is_valid(request)):
return "CODE 403 - AUTHORIZATION TOKEN IS INVALID OR MISSING.", 403
else:
if request.method == 'POST':
try:
reviewText = request.form['reviewText']
userId = get_user_id_from_token(
parse_token(request.environ['HTTP_AUTHORIZATION']))
return review.addReview(adId, reviewText, userId)
except KeyError as err:
return "CODE 400 - ATTRIBUTE MISSING FROM POST BODY.", 400
else:
return "CODE 405 - THAT METHOD IS NOT ALLOWED.", 405
def singleAd(adId):
adId = str(adId)
# GET methods do not require auth tokens
if request.method == 'GET':
return ad.getAd(adId)
# Check auth token for PUT, POST or DELETE
if (not token_is_valid(request)):
return "CODE 403 - AUTHORIZATION TOKEN IS INVALID OR MISSING.", 403 #403
else:
userId = get_user_id_from_token(
parse_token(request.environ['HTTP_AUTHORIZATION']))
if request.method == 'PUT':
try:
author = request.form['author']
description = request.form['description']
status = request.form['status']
textbookTitle = request.form['textbookTitle']
image = request.files['image']
userId = get_user_id_from_token(
parse_token(request.environ['HTTP_AUTHORIZATION']))
return ad.editAd(adId, author, description, status,
textbookTitle, image, userId)
except KeyError as err:
print(err)
return "CODE 400 - ATTRIBUTE MISSING FROM POST BODY.", 400
elif request.method == 'DELETE':
return ad.removeAd(adId, userId)
else:
return "CODE 405 - THAT METHOD IS NOT ALLOWED.", 405
def singleReview(reviewId):
reviewId = str(reviewId)
if request.method == 'GET':
return review.getReview(reviewId)
# Bearer token required to perform PUT and DELETE requests
if (not token_is_valid(request)):
return "CODE 403 - AUTHORIZATION TOKEN IS INVALID OR MISSING.", 403
else:
userId = get_user_id_from_token(
parse_token(request.environ['HTTP_AUTHORIZATION']))
if request.method == 'PUT':
try:
reviewText = request.form['reviewText']
return review.editReview(reviewId, reviewText, userId)
except KeyError:
return "CODE 400 - MUST PROVIDE REVIEWTEXT", 400
elif request.method == 'DELETE':
return review.removeReview(reviewId, userId)
else:
return "CODE 405 - THAT METHOD IS NOT ALLOWED.", 405
def getTest():
print(request.args.get('name'))
if (not token_is_valid(request)):
return "CODE 403 - TOKEN IS INVALID OR MISSING.", 403
return "THE TEST WAS SUCCESSFUL"