def post(self, group_content_id): parser = RequestParser() parser.add_argument("token", type=str, location="headers", required=True) args = parser.parse_args(strict=True) token = args["token"] user_id = verify_token(token) if user_id is None: return {'message': 'Illegal token.'}, 403 cursor.execute( "SELECT * FROM Group_Contents WHERE Group_content_id like '%s' " % (group_content_id, )) result = cursor.fetchone() connection.commit() if result is None: abort_if_doesnt_exist("Group_content_id") group_id = result['Group_id'] cursor.execute("SELECT * FROM Groups WHERE Group_id like '%s' " % (group_id, )) result = cursor.fetchone() if result['User_id'] != user_id: return {'message': 'Unauthorized.'}, 401 cursor.execute("UPDATE Group_Contents SET Is_pinned=1 \ WHERE Group_content_id like '%s' " % (group_content_id, )) connection.commit() cursor.execute( "SELECT * FROM Group_Contents WHERE Group_content_id like '%s' " % (group_content_id, )) result = cursor.fetchone() connection.commit() result['Create_time'] = str(result['Create_time']) return {'result': result}
def get(self, pic_name): try: file = open('../pic/' + pic_name, 'rb') img = file.read() resp = Response(img, mimetype="image") return resp except FileNotFoundError: abort_if_doesnt_exist("pictrue")
def get(self, topic_id): cursor.execute("SELECT * FROM Topics WHERE Topic_id LIKE '%s'" % (topic_id)) result = cursor.fetchone() if result is None: abort_if_doesnt_exist("Topic_id") cursor.execute( "SELECT Topic_content_id,Topic_content_content,Topic_content_image,Topic_id,Create_time,`User`.User_id,`User`.User_name FROM Topic_Contents,`User`\ WHERE Topic_id = %d AND Topic_Contents.User_id=`User`.User_id" % (topic_id)) content = cursor.fetchall() connection.commit() for i in content: i['Create_time'] = str(i['Create_time']) return { 'result': { 'info': result, 'contents': content, } }
def get(self, group_id): cursor.execute("SELECT * FROM Groups WHERE Group_id LIKE '%s'" % (group_id)) result = cursor.fetchone() if result is None: abort_if_doesnt_exist("Group_id") cursor.execute( "SELECT Group_content_id,Group_content_content,Group_content_title,Group_id,Group_content_image,Create_time,\ Is_highlighted,Is_pinned,`User`.User_id,`User`.User_name FROM Group_Contents,`User`\ WHERE Group_id=%d and Group_Contents.User_id=User.User_id ORDER BY Is_pinned DESC" % (group_id)) content = cursor.fetchall() connection.commit() for i in content: i['Create_time'] = str(i['Create_time']) return { 'result': { 'info': result, 'contents': content, } }
def get(self, book_id): cursor.execute("SELECT * FROM Books WHERE Book_id LIKE '%s'" % (book_id)) result = cursor.fetchone() if result is None: abort_if_doesnt_exist("Book_id") cursor.execute( "SELECT Book_comment_id,Book_comment_title,Book_comment_approve,Book_comment_disapprove,Book_comment_content,\ Book_id,Create_time,`User`.User_id,`User`.User_name FROM Book_Comments,`User`\ WHERE Book_id= %d and Book_Comments.User_id=User.User_id" % (book_id)) content = cursor.fetchall() connection.commit() for i in content: i['Create_time'] = str(i['Create_time']) return { 'result': { 'info': result, 'comments': content, } }
def delete(self, book_comment_id): parser = RequestParser() parser.add_argument('token', type=str, location='headers', required=True) args = parser.parse_args() token = args["token"] user_id = verify_token(token) if user_id is None: return {'message': 'Illegal token.'}, 403 cursor.execute( "SELECT Type FROM Book_Comment_Approvals WHERE Book_comment_id = %d AND User_id = %d" % (book_comment_id, user_id)) result = cursor.fetchone() if result == None: connection.commit() abort_if_doesnt_exist("book_comment_id") approve_type = result['Type'] cursor.execute( "DELETE FROM Book_Comment_Approvals WHERE Book_comment_id = %d AND User_id = %d " % (book_comment_id, user_id)) if approve_type == 1: temp_str = "Book_comment_approve" else: temp_str = "Book_comment_disapprove" cursor.execute("UPDATE Book_Comments \ SET %s = %s - 1 \ WHERE Book_comment_id = %d" % (temp_str, temp_str, book_comment_id)) connection.commit() cursor.execute( "SELECT * FROM Book_Comments WHERE Book_comment_id = %d " % (book_comment_id)) result = cursor.fetchone() result['Create_time'] = str(result['Create_time']) connection.commit() return {'result': result}