async def api_update_blog(id, request, *, title, summary, content, cat_name):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
if not title or not title.strip():
raise APIValueError('title', 'Title can not be empty.')
if not summary or not summary.strip():
summary = content.strip()[:200]
elif len(summary.strip()) > 200:
raise APIValueError('summary',
'Length of summary can not be larger than 200.')
if not content or not content.strip():
raise APIValueError('content', 'Content can not be empty.')
blog = await Blog.find(id)
blog.title = title.strip()
blog.summary = summary.strip()
blog.content = content.strip()
if not cat_name or not cat_name.strip():
blog.cat_name = None
blog.cat_id = None
else:
blog.cat_name = cat_name.strip()
cats = await Category.findAll(where='name=?', args=[cat_name.strip()])
if (len(cats) == 0):
raise APIValueError('cat_name',
'cat_name is not belong to Category.')
blog.cat_id = cats[0].id
await blog.update()
return blog
async def api_modify_password(request, *, user_id, password0, password1,
password2):
if request.__user__ is None:
raise APIPermissionError('You must login first!')
if not user_id or not user_id.strip():
raise APIValueError('user_id', 'user_id can not be empty.')
if not password0 or not password0.strip():
raise APIValueError('password0', 'old password can not be empty.')
if not password1 or not RE_SHA1.match(password1):
raise APIValueError('password1', 'Invalid new password.')
if not password2 or not RE_SHA1.match(password2):
raise APIValueError('password2', 'Invalid confirmimg password.')
user = await User.find(user_id)
if user is None:
raise APIResourceNotFoundError('User not found')
# 检查密码
sha1 = hashlib.sha1()
sha1.update(user_id.encode('utf-8'))
sha1.update(b':')
sha1.update(password0.encode('utf-8'))
if user.password != sha1.hexdigest():
raise APIValueError('password', 'Invalid old password.')
# 修改密码
sha1_password = '******' % (user_id, password1)
user.password = hashlib.sha1(sha1_password.encode('utf-8')).hexdigest()
await user.update()
return dict(user_id=user_id)
async def api_delete_category(id, request):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
cat = await Category.find(id)
if cat is None:
raise APIResourceNotFoundError('Category')
await cat.remove()
return dict(id=id)
async def api_create_category(request, *, name):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
if not name or not name.strip():
raise APIValueError('name', 'Name can not be empty.')
cat = Category(name=name.strip())
await cat.save()
return cat
async def api_delete_user(id, request):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
user = await User.find(id)
if user is None:
raise APIResourceNotFoundError('User')
await user.remove()
return dict(id=id)
async def api_delete_blog(request, *, id):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
blog = await Blog.find(id)
if blog is None:
raise APIResourceNotFoundError('Blog')
await blog.remove()
return dict(id=id)
async def api_update_category(id, request, *, name):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
if not name or not name.strip():
raise APIValueError('name', 'Name can not be empty.')
cat = await Category.find(id)
cat.name = name.strip()
await cat.update()
return cat
async def api_create_comment(id, request, *, content):
user = request.__user__ # 登录再说
if not user:
raise APIPermissionError('Please signin first.')
if not content or not content.strip():
raise APIValueError('content', 'content cannot be empty.')
blog = await Blog.find(id)
if blog is None:
raise APIResourceNotfoundError('Blog')
comment = Comment(blog_id=blog.id, user_id=user.id, user_name=user.name, user_image=user.image, content=content.strip())
await comment.save()
return comment
async def upload(request, *, file):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
path = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'static')
filename = path + '/upload/' + file.filename
ext = os.path.splitext(filename)
# 处理重名文件
n = 1
while os.path.exists(filename):
filename = '%s~%d%s' % (ext[0], n, ext[1])
n = n + 1
with open(filename, 'wb') as f:
f.write(file.file.read())
return dict(filename=os.path.basename(filename))
async def api_create_comment(id, request, *, content):
user = request.__user__
if user is None or not user.admin:
raise APIPermissionError('Only admin can do this!')
if not content or not content.strip():
raise APIValueError('comment', 'Comment can not be empty.')
blog = await Blog.find(id)
if blog is None:
raise APIResourceNotFoundError('Blog')
comment = Comment(blog_id=blog.id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=content.strip())
await comment.save()
return comment
def check_admin(request):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError()
