def adm_post_delete():
data = {}
ids = json_to_pyseq(request.argget.all('ids', []))
pending_delete = int(request.argget.all("pending_delete", 1))
for i in range(0, len(ids)):
ids[i] = ObjectId(ids[i])
if pending_delete:
r = mdb_web.db.post.update_many({"_id": {
"$in": ids
}}, {"$set": {
"is_delete": 3
}})
if r.modified_count:
data = {
"msg":
gettext("Move to a permanently deleted area, {}").format(
r.modified_count),
"msg_type":
"s",
"http_status":
204
}
else:
data = {
"msg": gettext("No match to relevant data"),
"msg_type": "w",
"http_status": 400
}
else:
if current_user.can(permissions(["IMPORTANT_DATA_DEL"])):
data = delete_post(ids=ids)
else:
abort(401)
return data
#!/usr/bin/env python
# -*-coding:utf-8-*-
from apps.core.flask.login_manager import osr_login_required
from apps.core.blueprint import api
from apps.core.flask.permission import permission_required
from apps.core.flask.response import response_format
from apps.modules.setting.process.get_file_log import sys_log
from apps.core.flask.permission import permissions
__author__ = "Allen Woo"
@api.route('/admin/setting/sys/log', methods=['GET'])
@osr_login_required
@permission_required(permissions(["SYS_SETTING"]))
def api_sys_log():
'''
GET:
获取文件日志
name:<str>,日志名称
ip:<str>,要获取哪个主机的日志
page:<int>
:return:
'''
data = sys_log()
return response_format(data)
# -*-coding:utf-8-*-
from flask import request
from apps.core.flask.login_manager import osr_login_required
from apps.configs.sys_config import METHOD_WARNING
from apps.core.blueprint import api
from apps.core.flask.permission import permission_required
from apps.core.flask.response import response_format
from apps.modules.post.process.adm_post import adm_get_post, adm_get_posts, adm_post_audit, adm_post_restore, \
adm_post_delete
from apps.core.flask.permission import permissions
@api.route('/admin/post', methods=['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])
@osr_login_required
@permission_required(permissions(["AUDIT"]))
def api_adm_post():
'''
GET:
1. 根据条件获取文章
sort:<array>,排序, 1表示升序, -1表示降序.如:
按时间降序 [{"issue_time":-1},{"update_time",-1}]
按时间升序 [{"issue_time", 1},{"update_time",1}]
先后按赞(like)数降序, 评论数降序,pv降序, 发布时间降序
[{"like", -1}, {"comment_num", -1}, {"pv", -1},{"issue_time", -1}];
默认时按时间降序, 也可以用其他字段排序
page:<int>,第几页,默认第1页
pre:<int>, 每页查询多少条
status:<int> , "is_issued"(正常发布) or "draft"(草稿) or "not_audit"(等待审核) or "unqualified"(未通过审核) or "recycle"(用户的回收站) or "user_remove"
(user_remove是指用户永久删除或被管理删除的)
keyword:<str>, Search keywords, 搜索的时候使用
# -*-coding:utf-8-*-
from apps.core.flask.login_manager import osr_login_required
from apps.core.blueprint import api
from apps.core.flask.permission import permission_required, permissions
from apps.core.flask.response import response_format
from apps.modules.message.process.send_msg import send_msg
__author__ = "Allen Woo"
@api.route('/admin/message/send', methods=['POST'])
@osr_login_required
@permission_required(permissions(["EDITOR"]))
def api_adm_send_msg():
'''
POST
发送消息
title:<title>,标题
content:<str>,正文
content_html:<str>,正文html
send_type:<array>,发送类型on_site, email, sms . 如:["email"], 也可以同时发送多个个["email", "on_site"]
username:<array>, 接收信息的用户名, 如["test", "test2"]
:return:
'''
data = send_msg()
return response_format(data)
# -*-coding:utf-8-*-
from flask import request
from apps.core.flask.login_manager import osr_login_required
from apps.configs.sys_config import METHOD_WARNING
from apps.core.blueprint import api
from apps.core.flask.permission import permission_required
from apps.core.flask.response import response_format
from apps.modules.audit.process.rules import audit_rules, audit_rule_add, audit_rule_delete
from apps.core.flask.permission import permissions
from apps.core.utils.get_config import get_config
__author__ = 'Allen Woo'
@api.route('/admin/audit/rule/key', methods=['GET'])
@osr_login_required
@permission_required(permissions(["WEB_SETTING"]))
def api_audit_rule_key():
'''
GET:
获取审核规则的所有key与说明, 也就config设置中的audit
:return:
'''
keys = get_config("name_audit", "AUDIT_PROJECT_KEY")
data = {"keys":keys}
return response_format(data)
@api.route('/admin/audit/rule', methods=['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])
@osr_login_required
@permission_required(permissions(["WEB_SETTING"]))
def api_audit_rule():
def api_access_token():
'''
GET:
客户端获取/刷新AccessToken (必须使用SecretToken验证通过)
如果请求头中带有ClientId 则使用客户端提供的ClientId, 否则创建新的ClientId
:return:
'''
data = rest_token_auth.create_access_token()
return response_format(data)
@api.route('/admin/token/secret-token', methods=['GET', 'POST', 'PUT','DELETE'])
@osr_login_required
@permission_required(permissions(["ROOT"]))
def api_rest_token():
'''
客户端访问使用的secret token管理
GET:
获取所有secret token
POST:
创建一个secret token
PUT:
激活或禁用一个id
token_id:<id>,token id
action:<str>,如果为"activate"则激活token, 为"disable"禁用token
DELETE:
删除一个token
token_id:<id>,token id
from flask import request
from apps.core.flask.login_manager import osr_login_required
from apps.core.blueprint import api
from apps.core.flask.permission import permission_required
from apps.core.flask.response import response_format
from apps.modules.report.process.basic_access import get_post_access, get_comment_access, get_user_access, get_message, \
get_plugin, get_media, get_inform_data
from apps.utils.format.obj_format import json_to_pyseq
from apps.core.flask.permission import permissions
__author__ = "Allen Woo"
@api.route('/admin/report/basic', methods=['GET'])
@osr_login_required
@permission_required(permissions(["REPORT"]))
def api_basic_report():
'''
GET:
获取网站的最基本报表数据
project:<array>,默认全部,可以是post, comment, user, message, plugin, media, inform
'''
project = json_to_pyseq(request.argget.all('project', []))
data = {}
if "post" in project or not project:
data["post"] = get_post_access()
if "comment" in project or not project:
data["comment"] = get_comment_access()
from apps.core.flask.login_manager import osr_login_required
import regex as re
from apps.configs.sys_config import METHOD_WARNING
from apps.core.blueprint import api
from apps.core.flask.permission import permission_required, permissions
from apps.core.flask.response import response_format
from apps.modules.user.process.role import role, roles, add_role, edit_role, delete_role
from apps.configs.config import CONFIG
__author__ = "Allen Woo"
@api.route('/admin/role/permission', methods=['GET'])
@osr_login_required
@permission_required(permissions(["USER_MANAGE"]))
def get_role_permissions():
'''
GET:
获取所有的权限表
:return:
'''
data = []
for k, v in CONFIG["permission"].items():
if not re.search(r"^__.*__$", k):
data.append((k, v["value"], v["info"]))
data = {"permissions": sorted(data, key=lambda x: x[1])}
return response_format(data)
def sys_config_edit():
key = request.argget.all('key')
project = request.argget.all('project')
value = request.argget.all('value')
info = request.argget.all('info')
version = mdb_sys.db.sys_config.find_one(
{"new_version": {
"$exists": True
}}, {"_id": 0})
s, r = arg_verify(reqargs=[("key", key), ("project", project)],
required=True)
if not s:
return r
# 查看是否是必须root用户才能设置的
if project in MUST_ROOT_SETTING:
# 权限检查
user_role = mdb_user.db.role.find_one(
{"_id": ObjectId(current_user.role_id)})
if get_num_digits(user_role["permissions"]) < get_num_digits(
permissions(["ROOT"])):
data = {
"msg": gettext("Root permission required"),
"msg_type": "w",
"http_status": 401
}
return data
old_conf = mdb_sys.db.sys_config.find_one({
"key":
key,
"project":
project,
"conf_version":
version["new_version"]
})
if not old_conf:
data = {
"msg": gettext("There is no such data"),
"msg_type": "e",
"http_status": 404
}
else:
try:
if old_conf["type"] == "int" or old_conf["type"] == "binary":
value = int(value)
elif old_conf["type"] == "float":
value = float(value)
elif old_conf["type"] == "string":
value = str(value)
elif old_conf["type"] == "bool":
try:
value = int(value)
if value:
value = True
else:
value = False
except:
pass
if value or (isinstance(value, str)
and value.upper() != "FALSE"):
value = True
else:
value = False
elif old_conf["type"] == "list":
# 如果不是list类型,则转为list类型
if not isinstance(value, list):
# "[]"转list
value = json.loads(value)
if not isinstance(value, list):
# "aaa,bbb,ccc"转["aaa", "bbb", "ccc"]
value = value.strip(",").split(",")
value = [v.strip("\n") for v in value]
elif old_conf["type"] == "dict":
if not isinstance(value, dict):
value = json.loads(value)
if not isinstance(value, dict):
data = {
"msg":
gettext(
'The format of the "value" errors, need a "{}" type'
).format(old_conf["type"]),
"msg_type":
"e",
"http_status":
400
}
return data
elif old_conf["type"] == "tuple":
if not isinstance(value, tuple):
value = json.loads(value)
if not isinstance(value, tuple):
data = {
"msg":
gettext(
'The format of the "value" errors, need a "{}" type'
).format(old_conf["type"]),
"msg_type":
"e",
"http_status":
400
}
return data
elif old_conf["type"] == "password":
value = str(value)
else:
data = {
"msg": gettext('There is no {}').format(old_conf["type"]),
"msg_type": "e",
"http_status": 400
}
return data
except Exception as e:
data = {
"msg":
gettext('The format of the "value" errors, need a "{}" type').
format(old_conf["type"]),
"msg_type":
"e",
"http_status":
400
}
return data
if not info:
info = old_conf["info"]
conf = {"value": value, "update_time": time.time(), "info": info}
# 更新版本
# 解释:只要有一台服务器端重启web并更新配置, 则会把重启时最新版本加入到used_version中
if version["new_version"] in version["used_versions"]:
# 如果目前的最新版本号在used_version中, 则本次修改就要生成更新的配置版本
now_version = time_to_utcdate(tformat="%Y_%m_%d_%H_%M_%S")
old_version = mdb_sys.db.sys_config.find(
{
"project": {
"$exists": True
},
"conf_version": version["new_version"]
}, {"_id": 0})
# 生成最新版本配置
for v in old_version:
v["conf_version"] = now_version
mdb_sys.db.sys_config.insert_one(v)
# 更新当前使用的最新版本号
mdb_sys.db.sys_config.update_one(
{"new_version": {
"$exists": True
}}, {"$set": {
"new_version": now_version
}})
# 删除多余的配置版本
ver_cnt = len(version["used_versions"])
if ver_cnt >= 15:
rm_vers = version["used_versions"][0:ver_cnt - 15]
mdb_sys.db.sys_config.update_one(
{"new_version": {
"$exists": True
}}, {
"$set": {
"used_versions":
version["used_versions"][ver_cnt - 15:]
}
})
mdb_sys.db.sys_config.delete_many(
{"version": {
"$in": rm_vers
}})
else:
# 否则, 本次修改暂不生成新配置版本
now_version = version["new_version"]
# 更新修改数据
mdb_sys.db.sys_config.update_one(
{
"project": project,
"key": key,
"conf_version": now_version
}, {"$set": conf},
upsert=True)
# 删除缓存,达到更新缓存
cache.delete(CONFIG_CACHE_KEY)
data = {
"msg": gettext("Modify the success"),
"msg_type": "s",
"http_status": 201
}
return data