Beispiel #1
0
def bulletin_board():
    req_data = request.get_json()

    admin_id = g.admin_id

    title = req_data.get("title")
    content = req_data.get("content")
    if not all([admin_id, title, content]):
        return jsonify(msg="参数不完整", code=4000), 400

    # 存的是 公告
    board = Board(title=title, content=content, admin_id=admin_id)
    db.session.add(board)

    # 存操作日志
    ip = request.remote_addr
    detail = "添加了公告:" + title
    aol = AdminOperateLog(admin_id=admin_id, ip=ip, detail=detail)
    db.session.add(aol)

    try:
        db.session.commit()
    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(msg="提交不成功", code=4001), 400
    return jsonify(msg="提交成功", code=200), 200
Beispiel #2
0
def delete_user():
    """
    用户的用户名
    :return:
    """
    admin_id = g.admin_id
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    delete_user_username = req_dict.get("username")

    # 参数完整的校验
    if not all([delete_user_username, ip_addr]):
        return jsonify(code=400, msg="参数不完整")

    user = User.query.filter(User.username == delete_user_username).first()
    if user is None:
        return jsonify(code=400, msg="查询不到用户")

    try:
        user.status = "删除"
        db.session.add(user)
        detail = "删除了用户: %s " % user
        admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(admin_operate_log)
        db.session.commit()
        return jsonify(code=200, msg="删除用户成功!")

    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(code=400, msg="执行操作失败")
Beispiel #3
0
def bulletin_board():
    admin_id = g.admin_id  # 获取管理员的id
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    title = req_dict.get("title")
    content = req_dict.get("content")

    # 校验参数
    # 参数完整的校验
    if not all([title, content, ip_addr]):
        return jsonify(code=400, msg="参数不完整")

    # 将数据保存
    board = Board(title=title, content=content, admin_id=admin_id)

    try:
        detail = "发送了新公告: %s " % title
        admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(board)
        db.session.add(admin_operate_log)
        db.session.commit()
        return jsonify(code=200, msg="保存数据成功")
    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(code=400, msg="保存数据失败")
Beispiel #4
0
def delete_tag():
    admin_id = g.admin_id
    json_data = request.get_json()
    ip_addr = request.remote_addr
    tag = json_data.get("tag")
    if not all([ip_addr, tag]):
        return jsonify(code=4001, msg="参数不完整"), 400

    # 删除标签 软删除
    # t = Tag.query.filter_by(name=tag).delete()
    t = Tag.query.filter_by(name=tag).first()
    if t and t.status is True:
        t.status = False
    else:
        return jsonify(code=4002, msg="标签不存在"), 400

    detail = "删除了旧标签: %s " % tag
    admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
    db.session.add(admin_operate_log)
    db.session.add(t)
    try:
        db.session.commit()
        return jsonify(code=200, msg="删除标签成功")
    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(code=4004, msg="删除标签失败")
Beispiel #5
0
def bulletin_board():
    admin_id = g.admin_id  # 获取管理员的id
    admin_name = session.get("username")  # 获取管理员的名字
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    title = req_dict.get("title")
    content = req_dict.get("content")

    # 校验参数
    # 参数完整的校验
    if not all([title, content, ip_addr]):
        return jsonify(re_code=400, msg="参数不完整")

    # 将数据保存
    board = Board(title=title, content=content, admin_id=admin_id)

    try:
        detail = "管理员:%s --> id:%s ; 新发送了公告 <%s> " % (admin_name, admin_id,
                                                      title)
        admin_operate_log = AdminOperateLog(admin_id=admin_id,
                                            ip=ip_addr,
                                            detail=detail)
        db.session.add(board)
        db.session.add(admin_operate_log)
        db.session.commit()
        return jsonify(re_code=200, msg="保存数据成功")
    except:
        db.session.rollback()
        return jsonify(re_code=400, msg="保存数据失败")
Beispiel #6
0
def add_manager():
    """
    需要的用户信息
        管理员用户名
        管理员密码
        管理员权限等级 1 2 4 8 16 32
    注意:
        管理员只能创建权限比自己小的子管理员
        32 权限的管理员是超级管理员

    :return:
    """
    admin_id = g.admin_id
    admin_name = session.get("username")  # 获取管理员的名字
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    new_admin_username = req_dict.get("username")
    new_admin_password = req_dict.get("password")
    new_admin_power = req_dict.get("power")

    # 校验参数
    # 参数完整的校验
    if not all(
        [new_admin_username, new_admin_password, ip_addr, new_admin_power]):
        return jsonify(re_code=400, msg="参数不完整")

    # 获取当前管理员的信息
    current_admin = Admin.query.get(admin_id)
    if not current_admin:
        return jsonify(re_code=400, msg="当前管理员出错")

    # 获取当前管理员的权限
    current_admin_power = current_admin.authority
    if not current_admin_power:
        current_admin_power = 1
    else:
        current_admin_power = int(current_admin_power)

    # 判断当前管理员的权限是否比新管理员权限大
    if current_admin_power > new_admin_power:
        new_admin = Admin(username=new_admin_username,
                          password=new_admin_password,
                          authority=new_admin_power)
        try:
            db.session.add(new_admin)
            detail = "管理员:%s --> id:%s ;  添加了新管理员:%s " % (admin_name, admin_id,
                                                          new_admin_username)
            admin_operate_log = AdminOperateLog(admin_id=admin_id,
                                                ip=ip_addr,
                                                detail=detail)
            db.session.add(admin_operate_log)
            db.session.commit()
            return jsonify(re_code=200, msg="添加管理员成功")
        except:
            db.session.rollback()
            return jsonify(re_code=400, msg="保存数据失败,或许用户名冲突,请稍后再试")
    else:
        return jsonify(re_code=400, msg="当前管理员无法添加此权限用户")
Beispiel #7
0
def delete_manager():
    """
    需要的用户信息
        管理员用户名
    :return:
    """
    admin_id = g.admin_id
    admin_name = session.get("username")  # 获取管理员的名字
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    delete_admin_username = req_dict.get("username")

    # 参数完整的校验
    if not all([delete_admin_username, ip_addr]):
        return jsonify(code=400, msg="参数不完整")

    # 获取当前管理员的信息
    current_admin = Admin.query.get(admin_id)
    if not current_admin:
        return jsonify(code=400, msg="当前管理员出错")

    # 获取当前管理员的权限
    current_admin_power = current_admin.power
    if current_admin_power != "超级管理员":
        return jsonify(code=400, msg="当前管理员权利不够删除管理员")

    # 执行操作
    if current_admin_power == "超级管理员":
        delete_admin = Admin.query.filter_by(username=delete_admin_username).first()
        if not delete_admin:
            return jsonify(code=400, msg="查询不到将要删除的管理员")

        # 如果删除的是自己
        if delete_admin.username == admin_name:
            return jsonify(code=400, msg="不能删除自己信息")

        try:
            delete_admin.status = "删除"
            db.session.add(delete_admin)

            detail = "删除了管理员: %s " % delete_admin_username
            admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
            db.session.add(admin_operate_log)
            db.session.commit()
            return jsonify(code=200, msg="删除管理员成功!")

        except Exception as e:
            print(e)
            db.session.rollback()
            return jsonify(code=400, msg="执行操作失败")
    return jsonify(code=400, msg="未知错误")
Beispiel #8
0
def post_blog_article():
    """
    title
    content
    summary
    admin_id
    tags = []
    :return:
    """
    admin_id = g.admin_id  # 博主的id
    req_data = request.get_json()
    ip_addr = request.remote_addr
    title = req_data.get("title")  # 标题
    content = req_data.get("content")  # 内容
    summary = req_data.get("summary")  # 简介
    logo = req_data.get("logo")  # 封面
    status = req_data.get("status")  # 状态 "发布", "草稿"

    tags = req_data.get("tags")  # ["name","name"]

    if not all([title, content, summary, tags, logo]):
        return jsonify(code=4000, msg="参数不完整")

    if status not in ("发布", "草稿"):
        return jsonify(code=4001, msg="参数出错")

    try:
        blog = Blog(title=title, content=content, summary=summary, admin_id=admin_id, status=status,logo=logo)

        # 查询标签添加博客标签
        t = Tag.query.filter(Tag.name.in_(tags)).all()

        blog.tags = t

        if status == "草稿":
            detail = "添加草稿: %s " % title
        else:
            detail = "发布博客: %s " % title
        admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(blog)
        db.session.add(admin_operate_log)
        db.session.commit()

    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(code=4002, msg="操作出错,数据库出错")

    return jsonify(code=200, msg="操作成功", id=blog.id)
Beispiel #9
0
def add_manager():
    """
    需要的用户信息
        管理员用户名
        管理员密码
        权限 管理员 超级管理员
    注意:
        管理员只能创建权限比自己小的子管理员
    :return:
    """
    admin_id = g.admin_id
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    new_admin_username = req_dict.get("username")
    new_admin_password = req_dict.get("password")

    # 参数完整的校验
    if not all([new_admin_username, new_admin_password, ip_addr]):
        return jsonify(code=400, msg="参数不完整")

    # 获取当前管理员的信息
    current_admin = Admin.query.get(admin_id)
    if not current_admin:
        return jsonify(code=400, msg="当前管理员出错")

    # 获取当前管理员的权限
    current_admin_power = current_admin.power

    # 判断管理员是否是超级管理员
    if current_admin_power == "超级管理员":
        avatar = "http://bilibili.com"
        new_admin = Admin(username=new_admin_username, password=new_admin_password, power="管理员",
                          avatar=avatar)
        try:
            db.session.add(new_admin)
            detail = "添加了新管理员: %s " % new_admin_username
            # 操作日志
            admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
            db.session.add(admin_operate_log)
            db.session.commit()
            return jsonify(code=200, msg="添加管理员成功")
        except Exception as e:
            print(e)
            db.session.rollback()
            return jsonify(code=400, msg="保存数据失败,或许用户名冲突,请稍后再试")
    else:
        return jsonify(code=400, msg="当前管理员无法添加此权限用户")
Beispiel #10
0
def delete_tag():
    admin_id = g.admin_id
    json_data = request.get_json()
    ip_addr = request.remote_addr
    tag = json_data.get("tag")
    if not all([ip_addr, tag]):
        return jsonify(code=4001, msg="参数不完整")
    try:
        # 删除标签
        t = Tag.query.filter_by(name=tag).delete()
        detail = "删除了旧标签: %s " % tag
        admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(admin_operate_log)
        db.session.commit()
        return jsonify(code=200, msg="删除标签成功")
    except Exception as e:
        print(e)
        return jsonify(code=4004, msg="删除标签失败")
Beispiel #11
0
def delete_blog_article():
    """
    status
    状态 正常 草稿
    :return:
    """
    req_data = request.get_json()
    ip_addr = request.remote_addr
    status = req_data.get("status")  # 博客状态 "发布", "草稿", "删除"
    bid = req_data.get("id")  # 博客id
    admin_id = g.admin_id  # 博主id

    if not all([ip_addr, status, bid, admin_id]):
        return jsonify(code=4000, msg="参数不完整")

    if status not in ["发布", "草稿", "删除"]:
        return jsonify(code=4001, msg="状态更改失败")

    blog = Blog.query.get(bid)
    if blog is None or blog.status == "删除":
        return jsonify(code=4002, msg="博客不存在")

    # 如果 不是超级管理员 也不是作者 那么出错
    if blog.admin_id != admin_id and admin_id != 1:
        return jsonify(code=4002, msg="你不是作者")

    if blog.status == status:
        return jsonify(code=200, msg="操作成功")

    detail = "修改了文章状态: %s --> %s " % (blog.status, status)
    try:
        blog.status = status
        # 添加操作日志
        admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(admin_operate_log)

        db.session.add(blog)
        db.session.commit()
    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(code=4003, msg="修改出错,请稍后再试")

    return jsonify(code=200, msg="操作成功")
Beispiel #12
0
def add_tag():
    admin_id = g.admin_id
    json_data = request.get_json()
    ip_addr = request.remote_addr
    tag = json_data.get("tag")
    if not all([ip_addr, tag]):
        return jsonify(code=4001, msg="参数不完整")

    try:
        # 添加标签
        t = Tag(name=tag)
        detail = "添加了新标签: %s " % tag
        admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(t)
        db.session.add(admin_operate_log)
        db.session.commit()
        return jsonify(code=200, msg="新增标签成功")
    except Exception as e:
        db.session.rollback()
        print(e)
        return jsonify(code=4004, msg="新增标签失败")
Beispiel #13
0
def delete_comment():
    req_json = request.get_json()
    ip_addr = request.remote_addr
    admin_id = g.admin_id
    comment_id = req_json.get("comment_id")
    if not all([admin_id, comment_id, ip_addr]):
        return jsonify(code=4000, msg="参数不完整")

    try:
        # 删除评论
        blog = Comment.query.filter(Comment.id == comment_id).delete()
        if blog != 1:
            return jsonify(code=400, msg="删除评论失败,评论不存在")
        detail = "删除了评论 %d " % comment_id
        user_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
        db.session.add(user_log)
        db.session.commit()
        return jsonify(code=200, msg="删除了评论成功")
    except Exception as e:
        print(e)
        db.session.rollback()
        return jsonify(code=400, msg="删除评论失败,请稍后再试")
Beispiel #14
0
def delete_manager():
    """
    需要的用户信息
        管理员用户名
    判断
        当前管理员的权限是否大于等于16
        只有大于等于16的管理员才能删管理员
    :return:
    """
    admin_id = g.admin_id
    admin_name = session.get("username")  # 获取管理员的名字
    ip_addr = request.remote_addr  # 获取管理员登录的ip
    req_dict = request.get_json()
    delete_admin_username = req_dict.get("username")

    # 参数完整的校验
    if not all([delete_admin_username, ip_addr]):
        return jsonify(re_code=400, msg="参数不完整")

    # 获取当前管理员的信息
    current_admin = Admin.query.get(admin_id)
    if not current_admin:
        return jsonify(re_code=400, msg="当前管理员出错")

    # 获取当前管理员的权限
    current_admin_power = current_admin.authority
    if not current_admin_power:
        current_admin_power = 1
    else:
        current_admin_power = int(current_admin_power)

    if current_admin_power < 16:
        return jsonify(re_code=400, msg="当前管理员权利不够删除管理员")

    # 执行操作
    if current_admin_power >= 16:
        delete_admin = Admin.query.filter_by(
            username=delete_admin_username).first()
        if not delete_admin:
            return jsonify(re_code=400, msg="查询不到将要删除的管理员")

        # 如果删除的是超级管理员
        if delete_admin.authority > current_admin_power:
            return jsonify(re_code=400, msg="当前管理员权利不够删除此管理员")

        # 如果删除的是自己
        if delete_admin.username == admin_name:
            return jsonify(re_code=400, msg="不能删除自己信息")

        try:
            db.session.delete(delete_admin)
            detail = "管理员:%s --> id:%s ;  删除了管理员:%s " % (admin_name, admin_id,
                                                         delete_admin_username)
            admin_operate_log = AdminOperateLog(admin_id=admin_id,
                                                ip=ip_addr,
                                                detail=detail)
            db.session.add(admin_operate_log)
            db.session.commit()
            return jsonify(re_code=200, msg="删除管理员成功!")

        except:
            db.session.rollback()
            return jsonify(re_code=400, msg="执行操作失败")
    return jsonify(re_code=400, msg="未知错误")