def delete(self, uid):
user = g.current_user
lid = user.selecting_library_id
attribute = Attribute.query.filter_by(lid=lid, uid=uid).first_or_404()
with db.auto_commit():
db.session.delete(attribute)
return DeleteSuccess()
def generate_test_can(self):
with db.auto_commit():
for role_name, permission_names in role_permission_map.items():
role = Role.query.filter_by(name=role_name).first()
for permission_name in permission_names:
permission = Permission.query.filter_by(name=permission_name).first()
role.permissions.append(permission)
def generate_test_borrows(self):
with db.auto_commit():
borrow_date = datetime.utcnow()
borrow = Borrow(uid=self.creator.id, lid=self.library.id,
bid=self.borrowed_book.id, borrow_date=borrow_date,
deadtime=borrow_date+timedelta(3), state=BorrowState.A)
db.session.add(borrow)
def test_can(self):
@self.app.route("/nothing")
@auth_required
@select_library
@can("nothing")
def nothing():
return "nothing"
@self.app.route("/testing")
@auth_required
@select_library
@can("BORROW")
def func():
return "hello world"
token = self.get_token()
with db.auto_commit():
user = User.query.filter_by(email="*****@*****.**").first()
library = Library.query.filter_by(name="test_library").first()
user.selecting_library = library
response = self.client.get(url_for("nothing"), token=token)
self.assertEqual(response.status_code, 403)
response = self.client.get(url_for("func"), token=token)
self.assertEqual(response.status_code, 200)
self.assertTrue(b"hello world" in response.data)
def get(self, lid):
user = g.current_user
if not user.can("SELECT_LIBRARY", lid):
return PermissionDenied()
with db.auto_commit():
user.selecting_library_id = lid
return Success()
def register():
"""
用户注册
:param email:用户邮箱
:param phone:用户手机号
:param password:用户明文密码
:return:
"""
form = RegisterForm().validate_for_api()
email = form.email.data
phone = form.phone.data
password = form.password.data
user = User.query.filter_by(email=email).first()
if user is not None:
return EmailAlreadyExist()
user = User.query.filter_by(phone=phone).first()
if user is not None:
return PhoneAlreadyExist()
with db.auto_commit():
user = User(email=email, phone=phone)
user.set_password(password)
db.session.add(user)
return Success()
def generate_test_rtype(self):
with db.auto_commit():
self.golden = RType(name="golden reader", date=100, num=10)
self.sliver = RType(name="sliver reader", date=50, num=5)
self.copper = RType(name="copper reader", date=25, num=3)
db.session.add(self.golden)
db.session.add(self.sliver)
db.session.add(self.copper)
def put(self, lid):
# 更改图书馆信息
if not g.current_user.can("UPDATE_LIBRARY_INFO", lid):
return PermissionDenied()
form = LibraryForm().validate_for_api()
name = form.name.data
library = Library.query.get(lid)
with db.auto_commit():
library.name = name
return Success()
def put(self, uid):
form = MemberForm().validate_for_api()
type = form.type.data
rid = form.type.data
user = g.current_user
lid = user.selecting_library_id
attribute = Attribute.query.filter_by(uid=uid, lid=lid).first_or_404()
with db.auto_commit():
attribute.rid = rid or attribute.rid
attribute.type = type or attribute.type
return Success()
def initdb(drop):
if drop:
click.confirm("This operation will drop the database, do you want to continue?", abort=True)
db.drop_all()
click.echo("Drop databases")
db.create_all()
if drop:
with db.auto_commit():
init_rtype()
init_permission()
init_role()
init_can()
click.echo("Create databases")
def get(self, lid):
user = g.current_user
attribute = Attribute.query.filter_by(uid=user.id, lid=lid).first()
if attribute is not None:
return AlreadyJoin()
role = Role.query.filter_by(name="under_review").first()
copper = RType.query.filter_by(name="copper reader").first()
with db.auto_commit():
attribute = Attribute(uid=user.id,
lid=lid,
rid=role.id,
type=copper.id)
db.session.add(attribute)
return Success()
def put(self, bid):
book = Book.query.get_or_404(bid)
user = g.current_user
lid = user.selecting_library_id
# 判断是否有权限
if book.lid != lid:
return PermissionDenied()
# 查找在借图书,如果没有则返回404错误
borrow = Borrow.query.filter_by(bid=bid, state=BorrowState.A).first_or_404()
with db.auto_commit():
borrow.return_date = datetime.utcnow()
borrow.state = BorrowState.B
book.status = BookStatus.A
return Success()
def generate_test_sample(self):
self.generate_test_users()
self.generate_test_libraries()
self.generate_test_rtype()
self.generate_test_attributes()
self.generate_test_books()
self.generate_test_borrows()
self.generate_test_roles()
self.generate_test_permissions()
self.generate_test_can()
with db.auto_commit():
self.creator.selecting_library_id = self.library.id
self.admin.selecting_library_id = self.library.id
self.user.selecting_library_id = self.library.id
def generate_test_books(self):
with db.auto_commit():
self.normal_book = Book(lid=self.library.id, status=BookStatus.A,
title="test1", author="nobody", isbn="1234567891011")
self.borrowed_book = Book(lid=self.library.id, status=BookStatus.B,
title="test2", author="nobody", isbn="1234567891011")
self.destroyed_book = Book(lid=self.library.id, status=BookStatus.C,
title="test3", author="nobody", isbn="1234567891011")
self.lost_book = Book(lid=self.library.id, status=BookStatus.D,
title="test4", author="nobody", isbn="1234567891011")
db.session.add(self.normal_book)
db.session.add(self.borrowed_book)
db.session.add(self.destroyed_book)
db.session.add(self.lost_book)
def delete(self, bid):
book = Book.query.get_or_404(bid)
lid = book.lid
user = g.current_user
# 搜索对应order,没有则直接404
order = Borrow.query.filter_by(uid=user.id,
lid=lid,
bid=bid,
state=BorrowState.C).first_or_404()
# 搜索到则更改对应状态
with db.auto_commit():
order.state = BorrowState.D
book.status = BookStatus.A
return DeleteSuccess()
def generate_test_users(self):
with db.auto_commit():
self.creator = User(email="*****@*****.**", phone="13912345678", gender="m", name="creator")
self.admin = User(email="*****@*****.**", phone="13812345678", gender="m", name="admin")
self.user = User(email="*****@*****.**", phone="13712345678", gender="m", name="user")
self.under_review = User(email="*****@*****.**", phone="13612345678", gender="m", name="under_review")
self.creator.set_password("123456")
self.admin.set_password("123456")
self.user.set_password("123456")
self.under_review.set_password("123456")
db.session.add(self.creator)
db.session.add(self.admin)
db.session.add(self.user)
db.session.add(self.under_review)
def post(self):
# 创建图书馆
form = LibraryForm().validate_for_api()
name = form.name.data
with db.auto_commit():
new_library = Library(name=name, status=LibraryStatus.A)
db.session.add(new_library)
db.session.flush()
golden = RType.query.filter_by(name="golden reader").first()
creator = Role.query.filter_by(name="creator").first()
creator_attribute = Attribute(lid=new_library.id,
uid=g.current_user.id,
type=golden.id,
rid=creator.id)
db.session.add(creator_attribute)
return Success()
def put(self, bid):
book = self.get_book(bid)
form = BookUpdateForm().validate_for_api()
isbn = form.isbn.data
status = form.status.data
title = form.title.data
author = form.author.data
image_urls = form.image_urls.data
with db.auto_commit():
book.isbn = isbn or book.isbn
book.status = status or book.status
book.title = title or book.title
book.author = author or book.author
book.image_urls = image_urls or book.image_urls
return Success()
def post(self):
form = BookForm().validate_for_api()
isbn = form.isbn.data
title = form.title.data
author = form.author.data
image_urls = form.image_urls.data
lid = g.current_user.selecting_library_id
with db.auto_commit():
book = Book(lid=lid,
isbn=isbn,
status=BookStatus.A,
title=title,
author=author,
image_urls=image_urls)
db.session.add(book)
return Success()
def test_select_library(self):
self.assertEqual(self.admin.selecting_library_id, self.library.id)
token = self.get_token(self.admin)
lid = self.library2.id
response = self.client.get(url_for("api_v1.select_library", lid=lid),
headers=[("Authorization",
"Bearer " + token)])
self.assertEqual(response.status_code, 201)
self.assertEqual(self.admin.selecting_library_id, lid)
with db.auto_commit():
library = Library(name="test_library2", status=LibraryStatus.A)
db.session.add(library)
response = self.client.get(url_for("api_v1.select_library",
lid=library.id),
headers=[("Authorization",
"Bearer " + token)])
self.assertEqual(response.status_code, 403)
def generate_test_attributes(self):
with db.auto_commit():
creator_attribute = Attribute(uid=self.creator.id, lid=self.library.id,
rid=1, type=self.golden.id)
admin_attribute = Attribute(uid=self.admin.id, lid=self.library.id,
rid=2, type=self.sliver.id)
user_attribute = Attribute(uid=self.user.id, lid=self.library.id,
rid=3, type=self.copper.id)
under_review_attribute = Attribute(uid=self.under_review.id, lid=self.library.id,
rid=4, type=self.copper.id)
admin_attribute2 = Attribute(uid=self.admin.id, lid=self.library2.id,
rid=2, type=self.golden.id)
db.session.add(creator_attribute)
db.session.add(admin_attribute)
db.session.add(user_attribute)
db.session.add(under_review_attribute)
db.session.add(admin_attribute2)
def post(self, bid):
book = Book.query.get_or_404(bid)
user = g.current_user
lid = user.selecting_library_id
# 非本图书馆图书
if book.lid != lid:
return PermissionDenied()
# 图书不在库
if book.status != BookStatus.A and book.status != BookStatus.C:
return CanNotBorrow()
attribute = Attribute.query.filter_by(lid=lid, uid=user.id).first()
borrow_num = attribute.rtype.num
# todo: optimize sql
borrow_count = Borrow.query.filter_by(uid=user.id, lid=lid, state=BorrowState.A).count()
order_count = Borrow.query.filter_by(uid=user.id, lid=lid, state=BorrowState.C).count()
# 超出可借阅数量
if borrow_count + order_count >= borrow_num:
return CanNotBorrow()
borrow_date = attribute.rtype.date
# todo: 预约情况
with db.auto_commit():
now = datetime.utcnow()
book.status = BookStatus.B
borrow = Borrow.query.filter_by(uid=user.id, lid=lid, bid=bid, state=BorrowState.C).first()
if borrow is None:
borrow = Borrow(uid=user.id, lid=lid, bid=bid,
borrow_date=now,
deadtime=now+timedelta(borrow_date),
create_date=now,
state=BorrowState.A)
db.session.add(borrow)
else:
borrow.borrow_date = now
borrow.deadtime = now+timedelta(borrow_date)
borrow.state = BorrowState.A
return Success()
def post(self, bid):
book = Book.query.get_or_404(bid)
user = g.current_user
lid = user.selecting_library_id
if book.lid != lid:
return PermissionDenied()
if book.status != BookStatus.A:
return CanNotOrder()
with db.auto_commit():
now = datetime.utcnow()
book.status = BookStatus.E
order = Borrow(uid=user.id,
lid=lid,
bid=bid,
create_date=now,
state=BorrowState.C)
db.session.add(order)
return Success()
def test_get_book_info(self):
response = self.client.get(url_for("api_v1.book_api",
bid=self.normal_book.id),
token=self.get_token(self.under_review))
self.assertEqual(response.status_code, 400)
with db.auto_commit():
self.under_review.selecting_library_id = self.library.id
response = self.client.get(url_for("api_v1.book_api",
bid=self.normal_book.id),
token=self.get_token(self.under_review))
self.assertEqual(response.status_code, 403)
response = self.client.get(url_for("api_v1.book_api",
bid=self.normal_book.id),
token=self.get_token())
self.assertEqual(response.status_code, 200)
data = response.get_json()
self.assertEqual(data["id"], self.normal_book.id)
self.assertEqual(data["lid"], self.normal_book.lid)
self.assertEqual(data["isbn"], self.normal_book.isbn)
self.assertEqual(data["status"], self.normal_book.status.value)
self.assertEqual(data["title"], self.normal_book.title)
self.assertEqual(data["author"], self.normal_book.author)
def test_join_library(self):
token = self.get_token()
lid = self.creator.selecting_library_id
response = self.client.get(url_for("api_v1.join_library", lid=lid),
headers=[("Authorization",
"Bearer " + token)])
self.assertEqual(response.status_code, 403)
with db.auto_commit():
user = User(name="testUser",
gender="m",
phone="13412345678",
email="*****@*****.**")
user.set_password("123456")
db.session.add(user)
token = self.get_token(user)
lid = self.library.id
response = self.client.get(url_for("api_v1.join_library", lid=lid),
headers=[("Authorization",
"Bearer " + token)])
self.assertEqual(response.status_code, 201)
attribute = Attribute.query.filter_by(uid=user.id, lid=lid).first()
self.assertIsNotNone(attribute)
self.assertEqual(attribute.type, self.copper.id)
def delete(self, bid):
book = self.get_book(bid)
with db.auto_commit():
db.session.delete(book)
return DeleteSuccess()
def generate_test_roles(self):
with db.auto_commit():
for role in ROLES:
r = Role(name=role)
db.session.add(r)
def generate_test_permissions(self):
with db.auto_commit():
for permission in PERMISSIONS:
p = Permission(name=permission)
db.session.add(p)
def generate_test_libraries(self):
with db.auto_commit():
self.library = Library(name="test_library", status=LibraryStatus.A)
self.library2 = Library(name="test_library2", status=LibraryStatus.A)
db.session.add(self.library)
db.session.add(self.library2)
