Example #1
0
def change_identity_post(request):
    check = check_request(request, need_login=True, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    if 'identity' not in post_info:
        return http_str(ErrorInfo.Permission.identity_required)
    username = post_info['username']
    identity = post_info['identity']

    check_manage = check_can_manage(request, username, 'CHANGE_IDENTITY')
    if not check_manage.ok:
        return http_str(check_manage.info)

    if identity not in database_identity_choices():
        return http_str(ErrorInfo.Permission.wrong_identity_word)

    if not database_can_promote(request.user.username, identity):
        return http_str(ErrorInfo.Permission.cannot_promote)

    operation_result = database_change_identity(username, identity)

    if not operation_result.ok:
        return http_str(ErrorInfo.User.user_not_exists)

    return http_str(SuccessInfo.success)
Example #2
0
def follow_user_post(request):
    """
    关注用户
    :param request:
    :return:
    """
    check = check_request(request, need_login=True, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    username = post_info['username']

    if has_no_permission_to_do(request.user.username, 'normal', 'FOLLOW_USER'):
        return http_str(ErrorInfo.Permission.no_permission)

    operation_result = database_follow_user(request.user.username, username)

    if not operation_result.ok:
        return http_str(ErrorInfo.User.user_not_exists)

    return http_str(SuccessInfo.success)
Example #3
0
def remove_user_post(request):
    """
    删除用户
    :param request:
    :return:
    """
    check = check_request(request, need_login=True, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    username = post_info['username']

    check = check_can_manage(request, username, 'REMOVE_USER')
    if not check.ok:
        return check.info

    operation_result = database_remove_user(username)

    if not operation_result.ok:
        return http_str(ErrorInfo.User.user_not_exists)
    return http_str(SuccessInfo.success)
Example #4
0
def modify_user_info_post(request):
    """
    修改用户信息。
    :param request:
    :return:
    """
    check = check_request(request, need_login=True, is_post=True)
    if not check.ok:
        return check.info

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    username = post_info['username']

    if not is_himself(request, username):
        check_manage = check_can_manage(request, username,
                                        'MODIFY_USER_INFO_OTHER')
        if not check_manage.ok:
            return http_str(check_manage.info)
        else:
            pass
    else:
        pass

    operation_result = database_modify_info(username, post_info)

    if not operation_result.ok:
        return http_str(ErrorInfo.User.wrong_sex_value)
    return http_str(SuccessInfo.success)
Example #5
0
def create_user_post(request):
    """
    创建用户。
    :param request:
    :return:
    """
    check = check_request(request, need_login=False, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    if 'password' not in post_info:
        return http_str(ErrorInfo.User.password_required)

    username = post_info['username'].lower()
    password = post_info['password']

    operation_result = database_create_user(username,
                                            password,
                                            identity_word='normal')

    if not operation_result.ok:
        if operation_result.info.info_type == database_InfoType.Exists:
            return http_str(ErrorInfo.User.user_exists)
        elif operation_result.info.info_type == database_InfoType.Invalid:
            return http_str(ErrorInfo.User.invalid_username)
        else:
            return http_str(ErrorInfo.Permission.wrong_identity_word)
    return http_str(SuccessInfo.success)
Example #6
0
def login_post(request):
    """
    用户登录。
    :param request:
    :return:
    """
    check = check_request(request, need_login=False, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    if 'password' not in post_info:
        return http_str(ErrorInfo.User.password_required)

    username = post_info['username'].lower()
    password = post_info['password']

    user = authenticate(username=username, password=password)

    if user is not None:
        if has_no_permission_to_do(username, 'normal', 'LOGIN'):
            return http_str(ErrorInfo.Permission.no_permission)

        django_login(request, user)
        return http_str(SuccessInfo.success)
    else:
        return http_str(ErrorInfo.User.username_or_password_wrong)
Example #7
0
def change_password_post(request):
    """
    修改密码。
    :param request:
    :return:
    """
    check = check_request(request, need_login=True, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    if 'new_password' not in post_info:
        return http_str(ErrorInfo.User.new_password_required)

    username = post_info['username']
    new_password = post_info['new_password']

    if is_himself(request, username):
        # 修改密码的是本人,验证本人密码并检查权限
        if 'old_password' not in post_info:
            return http_str(ErrorInfo.User.old_password_required)
        old_password = post_info['old_password']
        user = authenticate(username=username, password=old_password)
        if user is None:
            return http_str(ErrorInfo.User.username_or_password_wrong)
        if has_no_permission_to_do(username, 'normal', 'CHANGE_PASSWORD_SELF'):
            return http_str(ErrorInfo.Permission.no_permission)
    else:
        # 修改密码的不是本人,检查权限
        check_manage = check_can_manage(request, username,
                                        'CHANGE_PASSWORD_OTHER')
        if not check_manage.ok:
            return http_str(check_manage.info)

    operation_result = database_change_password(username,
                                                new_password=new_password)

    if not operation_result.ok:
        return http_str(ErrorInfo.User.user_not_exists)
    return http_str(SuccessInfo.success)
Example #8
0
def unfollow_user_post(request):
    check = check_request(request, need_login=True, is_post=True)
    if not check.ok:
        return http_str(check.info)

    post_info = request.POST

    if 'username' not in post_info:
        return http_str(ErrorInfo.User.username_required)
    username = post_info['username']

    if has_no_permission_to_do(request.user.username, 'normal',
                               'UNFOLLOW_USER'):
        return http_str(ErrorInfo.Permission.no_permission)

    operation_result = database_unfollow_user(request.user.username, username)

    if not operation_result.ok:
        if operation_result.info.info_field == database_InfoField.User:
            return http_str(ErrorInfo.User.user_not_exists)
        else:
            return http_str(ErrorInfo.User.user_following_not_exists)

    return http_str(SuccessInfo.success)