def set_user_new_words(user_id):
if not g.current_user.id == user_id:
return forbidden('不准替别人操作')
response = ''
if request.method == 'POST':
newword = Newword(user_id=g.current_user.id,
word=request.json.get('word'))
response = jsonify({'Info': 'Success', 'Message': 'New word added.'})
response.status_code = 201
db.session.add(newword)
db.session.commit()
elif request.method == 'DELETE':
response = jsonify({'Info': 'Success', 'Message': 'Word deleted.'})
request_data = request.get_data().decode("UTF-8")
json_data = json.loads(request_data)
new_word_id = json_data.get('id')
if new_word_id:
newword = Newword.query.get_or_404(new_word_id)
response.status_code = 201
db.session.delete(newword)
db.session.commit()
return response
else:
return bad_request('Param wrong.')
return response
def edit_post(id):
post = Post.query.get_or_404(id)
if g.current_user != post.author or g.current_user.can(Permission.ADMIN):
return forbidden('Insufficient permissions')
post.body = request.json.get('body', post.body)
db.session.add(post)
db.session.commit()
return jsonify(post.to_json())
def edit_post(id):
post = Post.query.get_or_404(id)
if g.current_user != Post.author and not g.current_user.can(
Permission.ADMINISTER):
return forbidden("权限不够")
post.body = request.json.get("body", post.body)
db.session.add(post)
return jsonify(post.to_json())
def remove_article(id):
article = Article.query.filter_by(id=id).first()
if article is None:
return not_found("article not found")
if not g.current_user.privilege > 0:
return forbidden("Forbidden")
article.remove()
db.session.commit()
return make_response("", 200)
def get(self):
if g.token_used:
return forbidden('forbidden!!!')
return jsonify({
'token': g.current_user.generate_auth_token(),
'profile': {
'email': g.current_user.email
}
})
def set_user_vocabulary(user_id, vocabulary):
if not g.current_user.id == user_id:
return forbidden('不准替别人操作')
g.current_user.vocabulary = vocabulary
db.session.add(g.current_user)
db.session.commit()
response = jsonify({'stauts': 'OK', 'message': 'created.'})
response.status_code = 201
return response
def get_new_words(user_id):
if not g.current_user.id == user_id:
return forbidden('no watch others newwords info.')
newwords = Newword.query.filter_by(user_id=g.current_user.id).order_by(
Newword.id.desc()).all()
num = Newword.query.filter_by(user_id=g.current_user.id).count()
return jsonify({
'count': num,
'newwords': [newword.to_json() for newword in newwords]
})
def get_user_collections(user_id):
if not g.current_user.id == user_id:
return forbidden('no watch others info.')
articles = User.query.get_or_404(user_id).collections.all()
num = User.query.get_or_404(user_id).collections.count()
return jsonify({
'count':
num,
'collections':
[article.to_json_for_list(5000) for article in articles]
})
def set_user_histories(user_id, article_id):
if not g.current_user.id == user_id:
return forbidden('no watch others info.')
# 寻找出要删除的文章并删除。
article_history = ReadHistory.query.filter_by(
user_id=g.current_user.id, article_id=article_id).first()
db.session.delete(article_history)
db.session.commit()
response = jsonify({'Info': 'Success', 'Message': 'History deleted.'})
response.status_code = 204
return response
def get_user_histories(user_id):
if not g.current_user.id == user_id:
return forbidden('no watch others info.')
# read_histories = g.current_user.read_histories.all()
read_histories = ReadHistory.query.filter_by(
user_id=g.current_user.id).order_by(
ReadHistory.id.desc()).limit(20).all()
return jsonify({
'count':
len(read_histories),
'read_histories': [
read_history.article.to_json_for_list(5000)
for read_history in read_histories
]
})
def set_user_collections(user_id, article_id):
if not g.current_user.id == user_id:
return forbidden('不准替别人操作')
# 找到对应的文章
article = Article.query.get_or_404(article_id)
response = ''
if request.method == 'POST':
response = jsonify({'info': 'success', 'message': 'created.'})
response.status_code = 201
try:
g.current_user.collect(article)
except:
return response
elif request.method == 'DELETE':
response = jsonify({'info': 'success', 'message': 'deleted.'})
response.status_code = 204
g.current_user.uncollect(article)
return response
def password():
"""Changes the password to the given new password for the user
corresponding to the given password reset token.
If the token is invalid a 403 FORBIDDEN is returned.
"""
if request.headers['Content-Type'] == 'application/json':
data = request.get_json() or {}
else:
data = request.form.to_dict() or {}
token = data.get('token')
new_password = data.get('new_password')
if not token or not new_password:
return bad_request("Must include 'token' and 'new_password' fields")
user = User.verify_reset_password_token(token)
if user:
user.set_password(new_password)
db.session.commit()
return jsonify(), 204
else:
return forbidden("Invalid password reset token")
def before_request():
if not g.current_user.is_anonymous and \
not g.current_user.confirmed:
return forbidden('Unconfirmed account')
def forbidden_handler(e):
return forbidden('You don\'t have the permission to access the requested'
' resource. It is either read-protected or not readable '
'by the server.')
def before_request():
print("-" * 200)
if not g.current_user.is_anonymous and not g.current_user.confirmed:
return forbidden("未认证的用户")
def decorated_function(*args, **kwargs):
if not g.current_user.can(permission):
return forbidden('Insufficient permissions')
return f(*args, **kwargs)