def edit_user():
"""编辑用户信息"""
form = UserEditForm().validate_for_api()
baseuser = form.obj
user = User.query.filter(User.id == baseuser.id).first()
with db.auto_commit():
if form.name.data:
baseuser.name = form.name.data
if form.email.data:
user.email = form.email.data
if form.phone.data:
user.phone = form.phone.data
if form.info.data:
user.info = form.info.data
try:
a = request.files
file = request.files[form.face.name]
if not allowed_image_file(file.filename):
return ReturnObj.get_response(
ReturnEnum.IMAGE_TYPE_ERROR.value,
"只允许上传png jpg jpeg gif格式")
file_face = secure_filename(file.filename)
face = change_filename(file_face)
file.save(os.path.join(current_app.config["FACE_DIR"], face))
user.face = urljoin(current_app.config["FACE_PATH"], face)
except:
pass
db.session.add(baseuser)
db.session.add(user)
return ReturnObj.get_response(ReturnEnum.SUCCESS.value, "success")
def update(self):
if str(self.params['user_id']) != str(self.current_user.id):
return abort(403)
self.form = UserEditForm()
if self.form.validate_on_submit():
ext = os.path.splitext(self.form.avatar.data.filename)[1]
filename = sha1(os.urandom(50)).hexdigest() + ext
avatar = request.files['avatar'].read()
path = os.path.join(app.config.root_path, 'static', 'img', filename)
open(path, 'wb').write(avatar)
self.current_user.update(avatar=filename)
return redirect(url_for('users.show', user_id=self.current_user.id))
else:
return self.edit()
class UsersController(BaseController):
@render
def show(self):
self.user = User.query.get_or_404(self.params['user_id'])
@login_required
@render
def edit(self):
if str(self.params['user_id']) != str(self.current_user.id):
return abort(403)
self.form = getattr(self, 'form', None) or UserEditForm()
@login_required
def update(self):
if str(self.params['user_id']) != str(self.current_user.id):
return abort(403)
self.form = UserEditForm()
if self.form.validate_on_submit():
ext = os.path.splitext(self.form.avatar.data.filename)[1]
filename = sha1(os.urandom(50)).hexdigest() + ext
avatar = request.files['avatar'].read()
path = os.path.join(app.config.root_path, 'static', 'img', filename)
open(path, 'wb').write(avatar)
self.current_user.update(avatar=filename)
return redirect(url_for('users.show', user_id=self.current_user.id))
else:
return self.edit()
def sign_up(self):
if 'user' in session:
return redirect(url_for('root'))
error = None
form = UserSignUpForm()
if request.method == 'POST' and form.validate_on_submit():
if User.query.filter_by(username=request.form['username']).first():
error = 'Пользователь с таким именем уже существует'
else:
is_admin = not User.query.first()
username = request.form['username']
password = request.form['password']
user = User.create(username=username, is_admin=is_admin, **User.create_password(password))
session['user'] = user.to_dict()
return redirect(url_for('root'))
return render_template('users/sign_up.html', current_user=self.current_user, error=error, form=form)
def sign_in(self):
if 'user' in session:
return redirect(url_for('root'))
error = None
form = UserSignInForm()
if request.method == 'POST' and form.validate_on_submit():
user = User.query.filter_by(username=request.form['username']).first()
if user and user.check_password(password=request.form['password']):
session['user'] = user.to_dict()
return redirect(url_for('root'))
else:
error = 'Неверный логин или пароль'
return render_template('users/sign_in.html', current_user=self.current_user, error=error, form=form)
def sign_out(self):
session.pop('user', None)
return redirect(url_for('root'))
