def POST(self):
inputs = sh.inputs()
if inputs['action'] == 'isLogin':
if sh.session.is_login:
return sh.toJsonp({'is_login': True, 'name': sh.session.name, 'id': sh.session.id})
else:
return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})
if inputs['action'] == 'login':
assert(inputs.get('email', '').strip())
assert(inputs.get('password', ''))
model = sh.model('User')
uc = sh.ctrl('User')
if not uc.validate(inputs.email, inputs.password):
return sh.toJsonp({'is_login':False, 'error':'邮箱或密码不对'})
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.toJsonp({'is_login':False, 'error':'你已被列入黑名单'})
uc.login(user, inputs.get('remember_me', '') == 'on')
return sh.toJsonp({'is_login':True, 'name': user.name, 'id': user.id})
if inputs['action'] == 'logout':
sh.ctrl('User').logout()
return 'bye'
def _insert(self, inputs):
assert inputs.has_key('model_name'), u'请指明需要插入的数据类型'
if not sh.session.is_login:
return sh.toJsonp({'success':False, 'error': '请先登录'})
if inputs.has_key('Userid'):
return sh.toJsonp({'success':False, 'error': '不能指定Userid'})
inputs.Userid = sh.session.id
return sh.toJsonp({'success':True, 'new_id': sh.model(inputs.model_name).insert(inputs)})
def POST(self,inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
assert inputs.has_key('model_id'), u'请指明需要修改的数据id'
model = sh.model(inputs.model_name)
# 只允许删除自己的东西
exists = model.get(inputs.model_id)
if not exists:
return sh.toJsonp({'success':True, 'affected': 0})
if sh.session.is_login and exists.get('Userid', None) == int(sh.session.id):
return sh.toJsonp({'success':True, 'affected': model.delete(inputs.model_id)})
else:
return sh.toJsonp({'success':False, 'msg':'不能删除不属于你的东西.'})
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.toJsonp({'is_login': False, 'error': error})
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'no') == 'yes')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
else:
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
uc = sh.ctrl('User')
error = uc.checkNewUser(inputs)
if error:
return sh.toJsonp({'is_login': False, 'error': error})
new_id = uc.register(inputs)
uc.loginById(new_id, inputs.get('remember_me', 'off') == 'on')
if sh.model('User').validation_request:
uc.sendValidationEmail(user)
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功,请查收您的验证邮件'})
else:
return sh.toJsonp({'is_login': True, 'id': new_id, 'msg': '注册成功'})
def _update(self, inputs):
assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
assert inputs.has_key('model_id'), u'请指明需要修改的数据id'
if not sh.session.is_login:
return sh.toJsonp({'success':False, 'error': '请先登录'})
model = sh.model(inputs.model_name)
exists = model.get(inputs.model_id)
if not exists:
return sh.toJsonp({'success':True, 'affected': 0})
if exists.get('Userid', 0) != sh.session.id:
return sh.toJsonp({'success':False, 'error': '您不能修改别人的数据'})
return sh.toJsonp({'success':True, 'affected': model.update(inputs.model_id, inputs)})
def POST(self):
inputs = sh.inputs()
assert inputs.get('access_token', '')
assert inputs.get('access_expires', '')
assert inputs.get('uid', '')
assert inputs.get('state', '')
site_name = inputs.state.partition('_')[0]
oauth_ctrl = sh.ctrl('oauth.%s' % site_name)
oauth_model = sh.model('oauth.%sOAuth2' % site_name)
user_ctrl = sh.ctrl('User')
user_model = sh.model('User')
requested_uid = oauth_ctrl.requestUidWithAccessToken(
inputs.access_token)
# 如果access_token和uid验证不对,则不让登录
if not requested_uid or requested_uid != inputs.uid:
return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_id = oauth_model.insert(
dict(uid=requested_uid,
access_token=inputs.access_token,
access_expires=inputs.access_expires))
exists = oauth_model.get(new_id)
if exists.Userid: # 如果已绑定本站帐号
return self.login(exists.Userid)
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRandomPassword(inputs)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return sh.toJsonp(
dict(is_login=False,
error=conflict,
name=inputs.get('name', ''),
sex=inputs.get('sex', '')))
new_id = user_model.insert(inputs)
oauth_model.update(exists.id, dict(Userid=new_id))
return self.login(new_id)
def GET(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('action')
model = sh.model('UserImage')
if inputs.action in ['delete', 'recover']:
assert sh.session.is_login
assert inputs.get('UserImageid', None)
exists = model.get(inputs.UserImageid)
assert exists and exists.Userid == sh.session.id
if inputs.action == 'delete':
if sh.inModifyTime(exists.created):
model.delete(inputs.UserImageid)
return sh.toJsonp({'success': True})
else:
return sh.toJsonp({'success': False, 'error': '超过了修改时限'})
def GET(self, inputs=None):
if not inputs:
inputs = sh.inputs()
assert inputs.has_key("action")
model = sh.model("UserImage")
if inputs.action in ["delete", "recover"]:
assert sh.session.is_login
assert inputs.get("UserImageid", None)
exists = model.get(inputs.UserImageid)
assert exists and exists.Userid == sh.session.id
if inputs.action == "delete":
if sh.inModifyTime(exists.created):
model.delete(inputs.UserImageid)
return sh.toJsonp({"success": True})
else:
return sh.toJsonp({"success": False, "error": "超过了修改时限"})
def GET(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指明需要查询的数据类型'
assert inputs.has_key('model_id'), u'请指明需要查询的数据id'
item = sh.model(inputs.model_name).get(inputs.model_id)
if item:
item = dict(item)
item['id'] = int(inputs.model_id)
return sh.toJsonp(item)
def POST(self):
inputs = sh.inputs()
assert inputs.get("access_token", "")
assert inputs.get("access_expires", "")
assert inputs.get("uid", "")
assert inputs.get("state", "")
site_name = inputs.state.partition("_")[0]
oauth_ctrl = sh.ctrl("oauth.%s" % site_name)
oauth_model = sh.model("oauth.%sOAuth2" % site_name)
user_ctrl = sh.ctrl("User")
user_model = sh.model("User")
requested_uid = oauth_ctrl.requestUidWithAccessToken(inputs.access_token)
# 如果access_token和uid验证不对,则不让登录
if not requested_uid or requested_uid != inputs.uid:
return sh.toJsonp(dict(error="该第三方帐号未绑定任何站内帐号", is_login=False))
exists = oauth_model.getByUid(requested_uid)
# 如果当前uid还没有插入数据库,则先插入再考虑绑定Userid
if not exists:
new_id = oauth_model.insert(
dict(uid=requested_uid, access_token=inputs.access_token, access_expires=inputs.access_expires)
)
exists = oauth_model.get(new_id)
if exists.Userid: # 如果已绑定本站帐号
return self.login(exists.Userid)
inputs = oauth_ctrl.assignUserInfo(inputs, inputs.access_token)
self.assignRandomPassword(inputs)
self.assignRegisterIP(inputs)
conflict = user_ctrl.checkNewUser(inputs)
if conflict:
return sh.toJsonp(
dict(is_login=False, error=conflict, name=inputs.get("name", ""), sex=inputs.get("sex", ""))
)
new_id = user_model.insert(inputs)
oauth_model.update(exists.id, dict(Userid=new_id))
return self.login(new_id)
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
assert inputs.has_key('model_name'), u'请指明需要修改的数据类型'
assert inputs.has_key('model_id'), u'请指明需要修改的数据id'
model = sh.model(inputs.model_name)
# 只允许删除自己的东西
exists = model.get(inputs.model_id)
if not exists:
return sh.toJsonp({'success': True, 'affected': 0})
if sh.session.is_login and exists.get('Userid', None) == int(
sh.session.id):
return sh.toJsonp({
'success': True,
'affected': model.delete(inputs.model_id)
})
else:
return sh.toJsonp({'success': False, 'msg': '不能删除不属于你的东西.'})
def POST(self):
inputs = sh.inputs()
if inputs['action'] == 'isLogin':
if sh.session.is_login:
return sh.toJsonp({
'is_login': True,
'name': sh.session.name,
'id': sh.session.id
})
else:
return sh.toJsonp({'is_login': False, 'name': '', 'id': 0})
if inputs['action'] == 'login':
assert (inputs.get('email', '').strip())
assert (inputs.get('password', ''))
model = sh.model('User')
uc = sh.ctrl('User')
if not uc.validate(inputs.email, inputs.password):
return sh.toJsonp({'is_login': False, 'error': '邮箱或密码不对'})
user = model.getByEmail(inputs.email)
if user.dead == 'yes':
return sh.toJsonp({'is_login': False, 'error': '你已被列入黑名单'})
uc.login(user, inputs.get('remember_me', '') == 'on')
return sh.toJsonp({
'is_login': True,
'name': user.name,
'id': user.id
})
if inputs['action'] == 'logout':
sh.ctrl('User').logout()
return 'bye'
def POST(self, inputs=None):
if not inputs: inputs = sh.inputs()
return self._update(inputs)
return sh.toJsonp({'success':True, 'affected': self._update(inputs)})
def login(self, Userid):
exists_user = sh.model('User').get(Userid)
assert exists_user, u'用户不存在'
sh.ctrl('User').login(exists_user, self.REMEMBER_ME)
return sh.toJsonp(
dict(is_login=True, Userid=Userid, name=sh.session.name))
def login(self, Userid):
exists_user = sh.model("User").get(Userid)
assert exists_user, u"用户不存在"
sh.ctrl("User").login(exists_user, self.REMEMBER_ME)
return sh.toJsonp(dict(is_login=True, Userid=Userid, name=sh.session.name))
