def index():
if request.method == 'GET':
form = FilterForm()
return render_template('users/index.html', form=form)
else:
form = FilterForm(request.form)
if not form.validate():
return abort(403)
query_set = BlogUser.objects(status=form.status.data, username__ne='admin')
if form.username.data:
query_set = query_set.filter(username__contains=form.username.data)
if form.nickname.data:
query_set = query_set.filter(nickname__contains=form.nickname.data)
if form.privilege.data != -1:
query_set = query_set.filter(privileges=form.privilege.data)
page = request.form.get('page', 1, int)
per_page = 15
pagination = query_set.paginate(page=page, per_page=per_page)
items_dic = list()
for item in pagination.items:
item_dic = item.as_json()
items_dic.append(item_dic)
item_dic['could_modify'] = current_user.is_admin
return json.dumps({
'users': items_dic,
'page': page,
'per_page': per_page,
'total': pagination.total,
})
def test_user():
'''添加admin账号'''
# user = BlogUser()
# user.username = '******'
# user.password = '******'
# user.nickname = 'fleago'
# user.email = 'fleago.163.com'
#
# user.is_admin = True
# user.privileges = [BlogUser.PV_PUBLISH, BlogUser.PV_DELETE, BlogUser.PV_COMMENT, BlogUser.PV_EDIT]
# user.status = 1
# user.last_login_time = now_lambda()
# user.created_at = now_lambda()
#
#
# user.save()
user = BlogUser.objects().first()
print BlogUser.objects().count()
print user.username, user.password, user.nickname, user.username
def load_user(username):
return BlogUser.objects(username=username).first()
def edit():
user_id = request.args.get('user_id')
if user_id:
# 编辑用户
user = BlogUser.objects.with_id(ObjectId(user_id))
if not user:
return '用户不存在'
if user.id == current_user.id and not current_user.is_admin:
# 编辑自己
title = '编辑个人信息'
mode = 'edit_self'
elif current_user.is_admin:
# 只有管理员能编辑其他用户
title = '编辑用户信息'
mode = 'edit_other'
else:
return '您没有这个权限'
elif not current_user.is_admin:
# 只有管理员能建立用户
return '您没有这个权限'
else:
# 新建用户
title = '新建用户'
mode = 'create'
user = BlogUser()
if request.method == 'GET':
form = EditForm(obj=user, mode=mode)
else:
form = EditForm(request.form, mode=mode)
if form.validate():
if form.password.data != form.password_confirm.data:
flash('两次输入密码不一致')
elif mode == 'create' and not form.password.data:
flash('密码不能为空')
elif mode == 'create' and BlogUser.objects(username=form.username.data).limit(1):
flash('用户名已被占用')
# elif form.password.data and (len(form.password.data) < 8 or
# re.match(r'^\d+$', form.password.data) or
# re.match(r'^[a-zA-Z]+$', form.password.data)):
# flash('密码需要超过8位,且同时包括字母和数字')
else:
user.nickname = form.nickname.data
user.email = form.email.data
if mode != 'edit_self':
user.username = form.username.data
user.privileges = form.privileges.data
user.status = form.status.data
if form.password.data:
user.set_password(form.password.data)
user.save()
flash('保存成功')
return render_template('users/edit.html', form=form, title=title)
