Beispiel #1
0
def permissionmanagement(permission):
    form = form_edit_permission()
    if current_user.is_authenticated:
        if current_user.check_permission(
                'usercenter_permission_add') and permission == 'add':
            return render_template('usercenter/add_permission.html',
                                   title=_('Add Permission'),
                                   form=form)
        elif current_user.check_permission(
                'usercenter_permission_add') and permission != None:
            permission = permission.replace("%20", "+")
            print(permission)
            if Permission.query.filter(
                    Permission.permissionname == permission).count() == 1:
                permissiontoedit = permission
            else:
                flash("No legal permission found")
        else:
            flash('You are not allowed to change permission settings')
            return redirect(url_for('usercenter.lobby'))
        form = form_edit_permission()
        permission = Permission.query.filter(
            Permission.permissionname == permission).first()
        print(form.permissionname.data, form.permissionaction.data)
        if form.validate_on_submit():
            # Add new one
            if Permission.query.filter(Permission.permissionname ==
                                       permission.permissionname).count() == 0:
                newpermission = Permission(
                    permissionname=form.permissionname.data,
                    action=form.permissionaction.data)
                db.session.add(newpermission)
                db.session.commit()
                flash('Permission ' + form.permissionname.data +
                      ' has been created')
            elif Permission.query.filter(
                    Permission.permissionname ==
                    permission.permissionname).count() == 1:
                permission = Permission.query.filter(
                    Permission.permissionname == permissiontoedit).first()
                permission.permissionname = form.permissionname.data
                permission.action = form.permissionaction.data
                flash('Permission has been updated')

            db.session.commit()
        return render_template('usercenter/edit_permission.html',
                               title=_('Edit Permission'),
                               form=form,
                               permission=permission)
Beispiel #2
0
 def inner2(*args, **kwargs):
     # if not g.user.check_permission(permission):
     #     abort(403, status=403, username=g.user.username, msg='authorization failed')
     if not current_user.check_permission(permission):
         from flask import abort
         # abort(403)
         return redirect(url_for('blue_error.vf_permission'))
     return func(*args, **kwargs)
Beispiel #3
0
def delete_user(userid):
    if current_user.is_authenticated:
        if current_user.check_permission('delete_user'):
            db.session.query(User).filter(user_id == userid).delete()
            db.session.commit()
            flash('User has been deleted')
            return redirect(url_for('usercenter.lobby'))
    return redirect(url_for('main.index'))
Beispiel #4
0
 def inner2(*args, **kwargs):
     # if not g.user.check_permission(permission):
     #     abort(403, status=403, username=g.user.username, msg='authorization failed')
     if not current_user.check_permission(permission):
         from flask import abort
         # resp = Response()
         # resp.data = 'Permission Required!'
         # resp.status_code = 403
         # abort(resp)
         abort(403)
     return func(*args, **kwargs)
Beispiel #5
0
def get_user(username):
    # 访问他人主页时,需要main模块的WRITE权限
    if current_user.username != username:
        if not current_user.check_permission('main', WRITE_PERMISSION):
            abort(403)
    user = User.query.filter(User.username == username).first_or_404()
    return render_template(
        'main/user_item.jinja2',
        title=_l('User Profile'),
        user=user
    )
Beispiel #6
0
def edit_post(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and not current_user.check_permission(Permission.ADMINISTER):
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.content = form.content.data
        post.title = form.title.data
        db.session.add(post)
        db.session.commit()
        flash('You have changed this article')
        return redirect(url_for('show_post', id=post.id))
    form.content.data = post.content
    form.title.data = post.title
    return render_template('/post/edit_post.html', form=form)
Beispiel #7
0
def add_role():
    form = form_add_role()
    if current_user.check_permission('usercenter_role_add'):
        if form.validate_on_submit():
            if db.session.query(Role).filter(
                    Role.rolename == form.roletoadd.data).count() == 0:
                newrole = Role(rolename=form.roletoadd.data)
                db.session.add(newrole)
                db.session.commit()
                flash('Role has been added!')
            else:
                flash('Role already exists!')
        else:
            print(form.errors)
            return render_template('usercenter/add_role.html', form=form)
    else:
        flash('You have no permission to add new roles')
    return redirect(url_for('usercenter.list_role'))
Beispiel #8
0
def delete_permission(permission):
    permission = permission.replace("%20", "+")
    if current_user.is_authenticated:
        if current_user.check_permission(
                'usercenter_permission_edit') and permission != None:
            if Permission.query.filter(
                    Permission.permissionname == permission).count() == 1:
                item = Permission.query.filter(
                    Permission.permissionname == permission).first()
                #Permission.query.filter(Permission.permissionname == permission).delete()
                db.session.delete(item)
                db.session.commit()
        else:
            flash('You are not allowed to edit permissions')
            return redirect(url_for('usercenter.permissionmanagement'))
    else:
        return redirect(url_for('auth.login'))
    return redirect(url_for('usercenter.permissionmanagement'))
Beispiel #9
0
def usermanagement(username):
    if current_user.is_authenticated:
        if current_user.check_permission(
                'usercenter_user_edit') and username != None:
            if User.query.filter(User.username == username).count() == 1:
                usertoedit = username
            else:
                flash("No legal user found")
                usertoedit = current_user.username
        else:
            usertoedit = current_user.username
            flash('You are not allowed to change other user settings')
            return redirect('usercenter.usermanagement', username=username)
        user = User.query.filter(User.username == usertoedit).first()
        roles = Role.query.all()
        form = form_edit_profile()
        form2 = form_edit_role_for_user()
        form2.role.choices = gamelist = [(g.id, g.rolename)
                                         for g in Role.query.all()]
        if form2.validate_on_submit():
            if db.session.query(Usertorole).filter(
                    Usertorole.user_id == current_user.id).filter(
                        Usertorole.role_id == form2.role.data).count() == 0:
                newrole = Usertorole(role_id=form2.role.data, user_id=user.id)
                db.session.add(newrole)
                db.session.commit()
        if form.validate_on_submit():
            if User.query.filter(User.username == form.username.data).count(
            ) == 0 and form.username.data != user:
                if form.username.data == "":
                    flash("NO emptry username allowed")
                else:
                    user.username = form.username.data
                    flash('Username has been updated')

            user.email = form.email.data
            user.real_name = form.name.data
            db.session.commit()
            flash('User has been updated')
        return render_template('usercenter/edit_profile.html',
                               title=_('Edit User'),
                               form=form,
                               form2=form2,
                               user=user)
Beispiel #10
0
def usermanagement_revoke_permission(role, permission):
    role = role.replace("%20", " ")
    if current_user.is_authenticated:
        if current_user.check_permission(
                'usercenter_role_edit') and permission != None:
            if Role.query.filter(Role.rolename == role).count() == 1:
                roletoedit = Role.query.filter(Role.rolename == role).first()
                db.session.query(Roletopermission).filter(
                    Roletopermission.role_id == roletoedit.id).filter(
                        Roletopermission.permission_id == permission).delete()
                db.session.commit()
            else:
                flash("No legal Role found")
                return redirect(url_for('usercenter.rolemanagement',
                                        role=role))
        else:
            flash('You are not allowed to change Role settings')
            return redirect(url_for('usercenter.rolemanagement', role=role))
    return redirect(url_for('usercenter.rolemanagement', role=role))
Beispiel #11
0
def usermanagement_revoke_role(username, role):
    if current_user.is_authenticated:
        if current_user.check_permission(
                'usercenter_user_edit') and username != None:
            if User.query.filter(User.username == username).count() == 1:
                usertoedit = username
                user = User.query.filter(User.username == usertoedit).first()
                db.session.query(Usertorole).filter(
                    Usertorole.user_id == user.id).filter(
                        Usertorole.role_id == role).delete()
                db.session.commit()
            else:
                flash("No legal user found")
                usertoedit = current_user.username
        else:
            usertoedit = current_user.username
            flash('You are not allowed to change other user settings')
            return redirect(
                url_for('usercenter.usermanagement', username=user.username))
    return redirect(
        url_for('usercenter.usermanagement', username=user.username))
Beispiel #12
0
def rolemanagement(role):
    if current_user.is_authenticated:
        if current_user.check_permission('usercenter_role_edit'):
            if role != None:
                role = role.replace("%20", "+")
                print(role)
                if Role.query.filter(Role.rolename == role).count() == 1:
                    roletoedit = role
                else:
                    flash("No legal role found")
                    return redirect(url_for('usercenter.list_role'))
            else:
                return redirect(url_for('usercenter.lobby'))
        else:
            flash('You are not allowed to change')
            return redirect(url_for('usercenter.lobby'))

        role = Role.query.filter(Role.rolename == roletoedit).first()
        form = form_edit_role()
        if form.validate_on_submit():
            if form.old_rolename.data != form.rolename.data:
                if Role.query.filter(
                        Role.rolename == form.old_rolename.data).count() == 1:
                    role.rolename = form.rolename.data
                    db.session.commit()
                    flash('Rolename has been changed to ' + form.rolename.data)
                    print(role.rolename)
                    return redirect(
                        url_for('usercenter.rolemanagement',
                                role=role.rolename))

                if Role.query.filter(
                        Role.rolename == form.old_rolename.data).count() == 0:
                    newrole = Role(rolename=form.rolename.data)
                    db.session.add(newrole)
                    db.session.commit()
                    flash('Rolename ' + form.rolename.data +
                          ' has been created ')
                    print(role.rolename)
                else:
                    flash('Rolename already exists')
        flash(roletoedit)
        permissionlist = db.session.query(Permission).all()

        form2 = form_edit_role_add_perm()
        form2.permissiontoadd.choices = [(g.id, g.permissionname)
                                         for g in Permission.query.all()]
        if form2.validate_on_submit():
            if db.session.query(Roletopermission).filter(
                    Roletopermission.permission_id ==
                    form2.permissiontoadd.data).filter(
                        Roletopermission.role_id == role.id).count() == 0:
                permissionid = db.session.query(Permission).filter(
                    Permission.id == form2.permissiontoadd.data).first()
                NewRoletopermission = Roletopermission(
                    role_id=role.id, permission_id=permissionid.id)
                db.session.add(NewRoletopermission)
                db.session.commit()
        #choicelist = [(g.id, g.permissionname) for g in db.session.query(Permission).all()]
        #print(choicelist)
        # form2.permissiontoadd.choices=choicelist

        return render_template('usercenter/edit_role.html',
                               title=_('Edit Role'),
                               form=form,
                               form2=form2,
                               role=role,
                               permissionlist=permissionlist)
Beispiel #13
0
 def decorated_function(*args, **kwargs):
     if not current_user.check_permission(permission):
         abort(403)
     return f(*args, **kwargs)