def change_identity_post(request):
check = check_request(request, need_login=True, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
if 'identity' not in post_info:
return http_str(ErrorInfo.Permission.identity_required)
username = post_info['username']
identity = post_info['identity']
check_manage = check_can_manage(request, username, 'CHANGE_IDENTITY')
if not check_manage.ok:
return http_str(check_manage.info)
if identity not in database_identity_choices():
return http_str(ErrorInfo.Permission.wrong_identity_word)
if not database_can_promote(request.user.username, identity):
return http_str(ErrorInfo.Permission.cannot_promote)
operation_result = database_change_identity(username, identity)
if not operation_result.ok:
return http_str(ErrorInfo.User.user_not_exists)
return http_str(SuccessInfo.success)
def follow_user_post(request):
"""
关注用户
:param request:
:return:
"""
check = check_request(request, need_login=True, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
username = post_info['username']
if has_no_permission_to_do(request.user.username, 'normal', 'FOLLOW_USER'):
return http_str(ErrorInfo.Permission.no_permission)
operation_result = database_follow_user(request.user.username, username)
if not operation_result.ok:
return http_str(ErrorInfo.User.user_not_exists)
return http_str(SuccessInfo.success)
def remove_user_post(request):
"""
删除用户
:param request:
:return:
"""
check = check_request(request, need_login=True, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
username = post_info['username']
check = check_can_manage(request, username, 'REMOVE_USER')
if not check.ok:
return check.info
operation_result = database_remove_user(username)
if not operation_result.ok:
return http_str(ErrorInfo.User.user_not_exists)
return http_str(SuccessInfo.success)
def modify_user_info_post(request):
"""
修改用户信息。
:param request:
:return:
"""
check = check_request(request, need_login=True, is_post=True)
if not check.ok:
return check.info
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
username = post_info['username']
if not is_himself(request, username):
check_manage = check_can_manage(request, username,
'MODIFY_USER_INFO_OTHER')
if not check_manage.ok:
return http_str(check_manage.info)
else:
pass
else:
pass
operation_result = database_modify_info(username, post_info)
if not operation_result.ok:
return http_str(ErrorInfo.User.wrong_sex_value)
return http_str(SuccessInfo.success)
def create_user_post(request):
"""
创建用户。
:param request:
:return:
"""
check = check_request(request, need_login=False, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
if 'password' not in post_info:
return http_str(ErrorInfo.User.password_required)
username = post_info['username'].lower()
password = post_info['password']
operation_result = database_create_user(username,
password,
identity_word='normal')
if not operation_result.ok:
if operation_result.info.info_type == database_InfoType.Exists:
return http_str(ErrorInfo.User.user_exists)
elif operation_result.info.info_type == database_InfoType.Invalid:
return http_str(ErrorInfo.User.invalid_username)
else:
return http_str(ErrorInfo.Permission.wrong_identity_word)
return http_str(SuccessInfo.success)
def login_post(request):
"""
用户登录。
:param request:
:return:
"""
check = check_request(request, need_login=False, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
if 'password' not in post_info:
return http_str(ErrorInfo.User.password_required)
username = post_info['username'].lower()
password = post_info['password']
user = authenticate(username=username, password=password)
if user is not None:
if has_no_permission_to_do(username, 'normal', 'LOGIN'):
return http_str(ErrorInfo.Permission.no_permission)
django_login(request, user)
return http_str(SuccessInfo.success)
else:
return http_str(ErrorInfo.User.username_or_password_wrong)
def change_password_post(request):
"""
修改密码。
:param request:
:return:
"""
check = check_request(request, need_login=True, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
if 'new_password' not in post_info:
return http_str(ErrorInfo.User.new_password_required)
username = post_info['username']
new_password = post_info['new_password']
if is_himself(request, username):
# 修改密码的是本人,验证本人密码并检查权限
if 'old_password' not in post_info:
return http_str(ErrorInfo.User.old_password_required)
old_password = post_info['old_password']
user = authenticate(username=username, password=old_password)
if user is None:
return http_str(ErrorInfo.User.username_or_password_wrong)
if has_no_permission_to_do(username, 'normal', 'CHANGE_PASSWORD_SELF'):
return http_str(ErrorInfo.Permission.no_permission)
else:
# 修改密码的不是本人,检查权限
check_manage = check_can_manage(request, username,
'CHANGE_PASSWORD_OTHER')
if not check_manage.ok:
return http_str(check_manage.info)
operation_result = database_change_password(username,
new_password=new_password)
if not operation_result.ok:
return http_str(ErrorInfo.User.user_not_exists)
return http_str(SuccessInfo.success)
def unfollow_user_post(request):
check = check_request(request, need_login=True, is_post=True)
if not check.ok:
return http_str(check.info)
post_info = request.POST
if 'username' not in post_info:
return http_str(ErrorInfo.User.username_required)
username = post_info['username']
if has_no_permission_to_do(request.user.username, 'normal',
'UNFOLLOW_USER'):
return http_str(ErrorInfo.Permission.no_permission)
operation_result = database_unfollow_user(request.user.username, username)
if not operation_result.ok:
if operation_result.info.info_field == database_InfoField.User:
return http_str(ErrorInfo.User.user_not_exists)
else:
return http_str(ErrorInfo.User.user_following_not_exists)
return http_str(SuccessInfo.success)