def put(self, user_id, book_id):
""" updates the information pertaining to a single book
cannot change the isbn information
"""
parser = reqparse.RequestParser()
parser.add_argument("title")
parser.add_argument("author")
parser.add_argument("isbn")
parser.add_argument("publication_date")
args = parser.parse_args()
title = args["title"]
author = args["author"]
isbn = args["isbn"]
publication_date = args["publication_date"]
if title is "" or author is "" or isbn is "" or publication_date is "":
return "Bad user data", 400
book = query_db('SELECT * FROM book WHERE userId = ? and id = ?', \
(user_id, book_id,), one=True)
if book is None:
return "Resource not found", 404
if isbn == book['isbn']:
query_db('UPDATE book SET title = ?, author = ?, publication_date = ? \
WHERE id = ?', (title, author, publication_date, book_id), commit=True)
return "", 200
else:
return "Bad user data", 400
def post(self):
""" create a new user
grab the arguments from the request using a parser """
parser = reqparse.RequestParser()
parser.add_argument("firstname")
parser.add_argument("lastname")
parser.add_argument("email")
parser.add_argument("password")
args = parser.parse_args()
firstname = args["firstname"]
lastname = args["lastname"]
email = args["email"]
password = args["password"]
# verify the information being passed through the request
if firstname is "" or lastname is "" or email is "" or password is "":
return "Bad user data", 400
user = query_db('SELECT email FROM user WHERE email == ?', (email, ))
if user is None:
# encrypt the password before storing it in the db
passhash = pbkdf2_sha256.encrypt(password,
rounds=10000,
salt_size=16)
user_id = query_db('INSERT into user (firstname,lastname,email,password) \
VALUES (?, ?, ?, ?)' , (firstname, lastname, email, passhash), \
commit=True)
return user_id, 201
else:
return "User already exists", 400
def post(self, user_id):
""" creates or adds a new book to the given user's wishlist
"""
user = query_db('SELECT id from user where id = ?', (user_id,))
if user is None:
return "User not found", 404
parser = reqparse.RequestParser()
parser.add_argument("title")
parser.add_argument("author")
parser.add_argument("isbn")
parser.add_argument("publication_date")
args = parser.parse_args()
title = args["title"]
author = args["author"]
isbn = args["isbn"]
publication_date = args["publication_date"]
book = query_db('SELECT b.id, b.isbn FROM book b WHERE b.isbn == ?', (isbn,))
if book is None:
if title is "" or author is "" or isbn is "" or publication_date is "":
return "Bad user data", 400
book_id = query_db('INSERT into book (title,author,isbn,publication_date,userId) \
VALUES (?, ?, ?, ?, ?)', (title, author, isbn, publication_date, user_id), \
commit=True)
return book_id, 201
else:
return "Book already exists", 400
def put(self, user_id):
""" update an existing user's firstname and lastname
cannot change email or password information as of now
"""
parser = reqparse.RequestParser()
parser.add_argument("firstname")
parser.add_argument("lastname")
parser.add_argument("email")
parser.add_argument("password")
args = parser.parse_args()
firstname = args["firstname"]
lastname = args["lastname"]
email = args["email"]
password = args["password"]
if firstname is "" or lastname is "" or email is "" or password is "":
return "Bad user data", 400
user = query_db('SELECT password, email FROM user WHERE id = ?', (user_id,), one=True)
if user is None:
return "User not found", 404
else:
if pbkdf2_sha256.verify(password, user['password']) and \
email == user['email']:
query_db('UPDATE user SET firstname = ?, lastname = ? \
WHERE id = ?', (firstname, lastname, user_id), commit=True)
return "", 200
else:
return "Authentication failure", 401
def delete(self, user_id):
""" deletes all books associated with the given user
"""
user = query_db('SELECT id from user where id = ?', (user_id,))
if user is None:
return "User not found", 404
query_db('DELETE from book where userId = ?', (user_id,), commit=True)
return "", 204
def delete(self, user_id, book_id):
""" deletes the book associated to the given user
"""
user_book = query_db('SELECT * FROM book WHERE userId = ? and id = ?', \
(user_id, book_id,), one=True)
if user_book is None:
return "Resource not found", 404
query_db('DELETE FROM book WHERE id = ?', (book_id,), commit=True)
return "", 204
def delete(self, user_id):
""" deletes the current user information and any connections
associated with that user
"""
user = query_db('SELECT id from user where id = ?', (user_id,))
if user is None:
return "User not found", 404
query_db('DELETE from book where userId = ?', (user_id,))
query_db('DELETE from user where id = ?', (user_id,), commit=True)
return "", 204
def get(self, user_id):
""" retrieves the wishlist for the given user
"""
user = query_db('SELECT u.id from user u where u.id = ?', (user_id,))
if user is None:
return "User not found", 404
books = query_db('SELECT * FROM book WHERE userId = ? ORDER BY \
publication_date DESC', (user_id,))
if books is None:
return "No books found in wishlist", 404
else:
response = jsonify(books)
response.status_code = 200
return response
def get(self):
""" retrieve all users currently in the database """
user = query_db('SELECT id, firstname, lastname, email FROM user')
if user is None:
return "Users not found", 404
response = jsonify(user)
response.status_code = 200
return response
def get(self, user_id):
""" retrieve all info for the current user
"""
user = query_db('SELECT id, firstname, lastname, email FROM user \
WHERE id = ?', (user_id,), one=True)
if user is None:
return "User not found", 404
response = jsonify(user)
response.status_code = 200
return response
def get(self, user_id, book_id):
""" gets the associated book for the given user
"""
book = query_db('SELECT * FROM book WHERE userId = ? and id = ?', \
(user_id, book_id,), one=True)
if book is None:
return "Resource not found", 404
response = jsonify(book)
response.status_code = 200
return response
