def login():
data = json.loads(request.get_data())
check_data(LoginUsersSchema, data)
user = mongo.db.user.find_one_or_404({'email': data['email']})
user = User(user)
result = user.check_password(data['password'])
# no need to use jwt_claim now
additional_claims = {"is_admin": False}
if result:
if user.type == 1:
additional_claims['is_admin'] = True
access_token = create_access_token(identity=user.id,
additional_claims=additional_claims)
# add admin special jwt
# add logout
return jsonify(access_token=access_token)
else:
raise ApiError(WRONG_PASSWORD)
def edit_comment(id):
data = json.loads(request.get_data())
data = check_data(CommentSchema, data)
user_id = get_jwt_identity()
comment_query = {"$and": [{"_id": id}, {"user_id": user_id}]}
comment = mongo.db.comment.find_one_or_404(comment_query)
comment['content'] = data['content']
update_data = {'$set': comment}
mongo.db.comment.update_one(comment_query, update_data)
return comment
def add_family():
data = json.loads(request.get_data())
data = check_data(FamilySchema, data) #
currentUserId = get_jwt_identity()
family = Family(entries=data)
family.created_by = currentUserId
family.id = generateID()
print(family)
mongo.db.family.insert_one(family.serialize())
return family.serialize()
def add_person(): #
currentUserId = get_jwt_identity()
data = json.loads(request.get_data())
data = check_data(PersonSchema, data) #
person = Person(entries=data)
person.user_id = currentUserId
person.id = generateID()
print(person.serialize())
mongo.db.person.insert_one(person.serialize())
return person.serialize()
def edit_article(id):
data = json.loads(request.get_data())
data = check_data(ArticleSchema,data)
user_id = get_jwt_identity()
article_query = {"$and":[{"_id":id},{"user_id":user_id}]}
article = mongo.db.article.find_one_or_404(article_query)
data['modified_time']=currentTime()
update_data={'$set':data}
mongo.db.article.update_one(article_query,update_data)
article = mongo.db.article.find_one_or_404(article_query)
return article
def add_article():
data = json.loads(request.get_data())
data = check_data(ArticleSchema,data)
user_id = get_jwt_identity()
data['_id']=generateID()
data['user_id']=user_id
data['created_time']=currentTime()
data['modified_time']=data['created_time']
data['click_num']=data['like_num']=data['favorite_num']=0
mongo.db.article.insert_one(data)
article = mongo.db.article.find_one_or_404({'_id':data['_id']})
return article
def update_family(id):
is_admin = get_jwt()['is_admin']
currentUserId = get_jwt_identity()
query = {"_id": id}
data = json.loads(request.get_data())
data = check_data(FamilySchema, data)
family = mongo.db.family.find_one_or_404({'_id': id})
family = Family(entries=family)
if check_family_edit_auth(family, currentUserId, is_admin):
update_data = {"$set": data}
mongo.db.family.update_one(query, update_data)
family = Family(entries=data)
return family.serialize()
else:
raise ApiError(NO_AUTH, 403)
def update_relation(id):
is_admin = get_jwt()['is_admin']
query = {"_id": id}
data = json.loads(request.get_data())
data = check_data(RelationSchema, data)
currentUserId = get_jwt_identity()
relation = mongo.db.relation.find_one_or_404(query)
family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
family = Family(entries=family)
if relation.user_id == currentUserId or check_family_edit_auth(
family, currentUserId, is_admin):
update_data = {"$set": data}
mongo.db.relation.update_one(query, update_data)
relation = Relation(entries=data)
else:
raise ApiError(NO_AUTH, 403)
return relation.serialize()
def add_relation():
is_admin = get_jwt()['is_admin']
data = json.loads(request.get_data())
data = check_data(RelationSchema, data)
current_user_id = get_jwt_identity()
relation = Relation(entries=data)
family = mongo.db.family.find_one_or_404({'_id': relation.family_id})
family = Family(entries=family)
if check_family_edit_auth(family, current_user_id,
is_admin): # todo:need to add admins
relation.id = generateID()
relation.user_id = current_user_id
mongo.db.relation.insert_one(relation)
return relation.serialize()
else:
raise ApiError(NO_AUTH, 403)
def register_user():
data = json.loads(request.get_data())
data = check_data(RegisterUserSchema, data)
if list(mongo.db.user.find({"email": data['email']}))!=[]:
raise ApiError(EMAIL_ALREADY_EXIST)
user = User(entries=data)
user.type = 0
#设定注册时间
user.register_time = currentTime()
#加密
user.passwordHash()
#生成ID
user.id = generateID()
print(user.id)
print(user.serialize())
mongo.db.user.insert_one(user.serialize())
return user.serialize()
def add_comment(id):
data = json.loads(request.get_data())
data = check_data(CommentSchema, data)
user_id = get_jwt_identity()
is_admin = get_jwt()['is_admin']
query = {"_id": id}
articles = mongo.db.article.find_one_or_404({'_id': id})
article = Article(entries=articles)
#TODO: 权限校验
if check_article_like_auth(article, is_admin, user_id):
comment = dict()
comment['_id'] = generateID()
comment['user_id'] = user_id
comment['article_id'] = id
comment['content'] = data['content']
comment['time'] = currentTime()
mongo.db.comment.insert_one(comment)
return comment
raise ApiError(NO_AUTH, 403)
def update_person(id):
print(id)
is_admin = get_jwt()['is_admin']
currentUserId = get_jwt_identity()
query = {"_id": id}
data = json.loads(request.get_data())
data = check_data(PersonSchema, data)
person = mongo.db.person.find_one_or_404({'_id': id})
family = mongo.db.family.find_one_or_404({"_id": person['family']})
family = Family(entries=family)
if person['user_id'] == currentUserId or check_family_edit_auth(
family, currentUserId, is_admin):
update_data = {"$set": data}
mongo.db.person.update_one(query, update_data)
person = Person(entries=data)
return person.serialize()
else:
raise ApiError(NO_AUTH, 403)
