def set_user_new_words(user_id): if not g.current_user.id == user_id: return forbidden('不准替别人操作') response = '' if request.method == 'POST': newword = Newword(user_id=g.current_user.id, word=request.json.get('word')) response = jsonify({'Info': 'Success', 'Message': 'New word added.'}) response.status_code = 201 db.session.add(newword) db.session.commit() elif request.method == 'DELETE': response = jsonify({'Info': 'Success', 'Message': 'Word deleted.'}) request_data = request.get_data().decode("UTF-8") json_data = json.loads(request_data) new_word_id = json_data.get('id') if new_word_id: newword = Newword.query.get_or_404(new_word_id) response.status_code = 201 db.session.delete(newword) db.session.commit() return response else: return bad_request('Param wrong.') return response
def edit_post(id): post = Post.query.get_or_404(id) if g.current_user != post.author or g.current_user.can(Permission.ADMIN): return forbidden('Insufficient permissions') post.body = request.json.get('body', post.body) db.session.add(post) db.session.commit() return jsonify(post.to_json())
def edit_post(id): post = Post.query.get_or_404(id) if g.current_user != Post.author and not g.current_user.can( Permission.ADMINISTER): return forbidden("权限不够") post.body = request.json.get("body", post.body) db.session.add(post) return jsonify(post.to_json())
def remove_article(id): article = Article.query.filter_by(id=id).first() if article is None: return not_found("article not found") if not g.current_user.privilege > 0: return forbidden("Forbidden") article.remove() db.session.commit() return make_response("", 200)
def get(self): if g.token_used: return forbidden('forbidden!!!') return jsonify({ 'token': g.current_user.generate_auth_token(), 'profile': { 'email': g.current_user.email } })
def set_user_vocabulary(user_id, vocabulary): if not g.current_user.id == user_id: return forbidden('不准替别人操作') g.current_user.vocabulary = vocabulary db.session.add(g.current_user) db.session.commit() response = jsonify({'stauts': 'OK', 'message': 'created.'}) response.status_code = 201 return response
def get_new_words(user_id): if not g.current_user.id == user_id: return forbidden('no watch others newwords info.') newwords = Newword.query.filter_by(user_id=g.current_user.id).order_by( Newword.id.desc()).all() num = Newword.query.filter_by(user_id=g.current_user.id).count() return jsonify({ 'count': num, 'newwords': [newword.to_json() for newword in newwords] })
def get_user_collections(user_id): if not g.current_user.id == user_id: return forbidden('no watch others info.') articles = User.query.get_or_404(user_id).collections.all() num = User.query.get_or_404(user_id).collections.count() return jsonify({ 'count': num, 'collections': [article.to_json_for_list(5000) for article in articles] })
def set_user_histories(user_id, article_id): if not g.current_user.id == user_id: return forbidden('no watch others info.') # 寻找出要删除的文章并删除。 article_history = ReadHistory.query.filter_by( user_id=g.current_user.id, article_id=article_id).first() db.session.delete(article_history) db.session.commit() response = jsonify({'Info': 'Success', 'Message': 'History deleted.'}) response.status_code = 204 return response
def get_user_histories(user_id): if not g.current_user.id == user_id: return forbidden('no watch others info.') # read_histories = g.current_user.read_histories.all() read_histories = ReadHistory.query.filter_by( user_id=g.current_user.id).order_by( ReadHistory.id.desc()).limit(20).all() return jsonify({ 'count': len(read_histories), 'read_histories': [ read_history.article.to_json_for_list(5000) for read_history in read_histories ] })
def set_user_collections(user_id, article_id): if not g.current_user.id == user_id: return forbidden('不准替别人操作') # 找到对应的文章 article = Article.query.get_or_404(article_id) response = '' if request.method == 'POST': response = jsonify({'info': 'success', 'message': 'created.'}) response.status_code = 201 try: g.current_user.collect(article) except: return response elif request.method == 'DELETE': response = jsonify({'info': 'success', 'message': 'deleted.'}) response.status_code = 204 g.current_user.uncollect(article) return response
def password(): """Changes the password to the given new password for the user corresponding to the given password reset token. If the token is invalid a 403 FORBIDDEN is returned. """ if request.headers['Content-Type'] == 'application/json': data = request.get_json() or {} else: data = request.form.to_dict() or {} token = data.get('token') new_password = data.get('new_password') if not token or not new_password: return bad_request("Must include 'token' and 'new_password' fields") user = User.verify_reset_password_token(token) if user: user.set_password(new_password) db.session.commit() return jsonify(), 204 else: return forbidden("Invalid password reset token")
def before_request(): if not g.current_user.is_anonymous and \ not g.current_user.confirmed: return forbidden('Unconfirmed account')
def forbidden_handler(e): return forbidden('You don\'t have the permission to access the requested' ' resource. It is either read-protected or not readable ' 'by the server.')
def before_request(): print("-" * 200) if not g.current_user.is_anonymous and not g.current_user.confirmed: return forbidden("未认证的用户")
def decorated_function(*args, **kwargs): if not g.current_user.can(permission): return forbidden('Insufficient permissions') return f(*args, **kwargs)