def update_user(uid: int, json: UpdateUserInfoSchema):
"""
更新用户信息
"""
user = manager.user_model.get(id=uid)
if user is None:
raise NotFound("用户不存在")
if user.email != g.email:
exists = manager.user_model.get(email=g.email)
if exists:
raise ParameterError("邮箱已被注册,请重新输入邮箱")
with db.auto_commit():
user.email = g.email
group_ids = g.group_ids
# 清空原来的所有关联关系
manager.user_group_model.query.filter_by(user_id=user.id).delete(
synchronize_session=False)
# 根据传入分组ids 新增关联记录
user_group_list = list()
# 如果没传分组数据,则将其设定为 guest 分组
if not group_ids:
group_ids = [
manager.group_model.get(level=GroupLevelEnum.GUEST.value).id
]
for group_id in group_ids:
user_group = manager.user_group_model()
user_group.user_id = user.id
user_group.group_id = group_id
user_group_list.append(user_group)
db.session.add_all(user_group_list)
return Success("操作成功")
def update_group(gid, json: GroupBaseSchema):
"""
更新一个分组基本信息
"""
exists = manager.group_model.get(id=gid)
if not exists:
raise NotFound("分组不存在,更新失败")
exists.update(name=g.name, info=g.info, commit=True)
return Success("更新成功")
def get_group(gid):
"""
获取一个分组及其权限
"""
group = manager.group_model.get(id=gid, one=True, soft=False)
if group is None:
raise NotFound("分组不存在")
permissions = manager.permission_model.select_by_group_id(gid)
setattr(group, "permissions", permissions)
group._fields.append("permissions")
return group
def get_all_group():
"""
获取所有分组
"""
groups = manager.group_model.query.filter(
manager.group_model.is_deleted == False,
manager.group_model.level != GroupLevelEnum.ROOT.value,
).all()
if groups is None:
raise NotFound("不存在任何分组")
return groups
def change_user_password(uid: int, json: ResetPasswordSchema):
"""
修改用户密码
"""
user = manager.find_user(id=uid)
if not user:
raise NotFound("用户不存在")
with db.auto_commit():
user.reset_password(g.new_password)
return Success("密码修改成功")
def get_all(self, form):
query = self.query.filter_by(is_deleted=False)
if form.author.data:
query = query.filter_by(author=form.author.data)
limit = (form.count.data
if form.count.data else lin_config.get_config("poem.limit"))
poems = query.limit(limit).all()
if not poems:
raise NotFound("没有找到相关诗词")
return poems
def delete_user(uid):
"""
删除用户
"""
user = manager.user_model.get(id=uid)
if user is None:
raise NotFound("用户不存在")
groups = manager.group_model.select_by_user_id(uid)
# 超级管理员分组的用户仅有一个分组
if groups[0].level == GroupLevelEnum.ROOT.value:
raise Forbidden("无法删除此用户")
with db.auto_commit():
manager.user_group_model.query.filter_by(user_id=uid).delete(
synchronize_session=False)
user.hard_delete()
return Success("操作成功")
def refresh():
"""
刷新令牌
"""
try:
verify_jwt_in_request(refresh=True)
except Exception:
return RefreshFailed
identity = get_jwt_identity()
if identity:
access_token = create_access_token(identity=identity)
refresh_token = create_refresh_token(identity=identity)
return LoginTokenSchema(access_token=access_token,
refresh_token=refresh_token)
return NotFound("refresh_token未被识别")
def delete_group(gid):
"""
删除一个分组
"""
exist = manager.group_model.get(id=gid)
if not exist:
raise NotFound("分组不存在,删除失败")
guest_group = manager.group_model.get(level=GroupLevelEnum.GUEST.value)
root_group = manager.group_model.get(level=GroupLevelEnum.ROOT.value)
if gid in (guest_group.id, root_group.id):
raise Forbidden("不可删除此分组")
if manager.user_model.select_page_by_group_id(gid, root_group.id):
raise Forbidden("分组下存在用户,不可删除")
with db.auto_commit():
# 删除group id 对应的关联记录
manager.group_permission_model.query.filter_by(group_id=gid).delete(
synchronize_session=False)
# 删除group
exist.delete()
return Success("删除分组成功")
def search(self, q):
poems = self.query.filter(Poem.title.like("%" + q + "%")).all()
if not poems:
raise NotFound("没有找到相关诗词")
return poems
security=[AuthorizationBearerSecurity],
resp=DocResponse(r=UserSchema),
)
def get_information():
"""
获取用户信息
"""
current_user = get_current_user()
return current_user
@user_api.route("/refresh")
@permission_meta(name="刷新令牌", module="用户", mount=False)
@api.validate(
resp=DocResponse(RefreshFailed,
NotFound("refresh_token未被识别"),
r=LoginTokenSchema),
tags=["用户"],
)
def refresh():
"""
刷新令牌
"""
try:
verify_jwt_in_request(refresh=True)
except Exception:
return RefreshFailed
identity = get_jwt_identity()
if identity:
access_token = create_access_token(identity=identity)
total_page = math.ceil(total / g.count)
page = get_page_from_query()
return AdminUserPageSchema(count=g.count,
total=total,
total_page=total_page,
page=page,
items=users)
@admin_api.route("/user/<int:uid>/password", methods=["PUT"])
@permission_meta(name="修改用户密码", module="管理员", mount=False)
@admin_required
@api.validate(
tags=["管理员"],
resp=DocResponse(NotFound("用户不存在"), Success("密码修改成功")),
security=[AuthorizationBearerSecurity],
)
def change_user_password(uid: int, json: ResetPasswordSchema):
"""
修改用户密码
"""
user = manager.find_user(id=uid)
if not user:
raise NotFound("用户不存在")
with db.auto_commit():
user.reset_password(g.new_password)
return Success("密码修改成功")