def edit_post(id): post = Post.query.get_or_404(id) if g.current_user != post.author and not g.current_user.can(Permission.WRITE_ARTICLES): return forbidden('Insufficient permissions') post.body = request.json.get('body', post.body) db.session.add(post) return jsonify(post.to_json())
def edit_post(id): post = Post.query.get_or_404(id) if g.current_user != post.quthor and not g.current_user.can(Permission.ADMINISTER): return forbidden('无权限') post.body = request.json.get('body', post.body) post.title = request.json.get('title', post.title) db.session.add(post) return jsonify(post.to_json())
def before_request(): if not g.current_user.is_anonymous and \ not g.current_user.confirmed: return forbidden('未注册用户') # @api.route('/posts/1') # def get_post(): # pass # return jsonify({'post':'post1'})
def edit_article(id): article = Article.query.get(id) if not article: return not_found(_('The article not exists')) if g.current_user != article.author and \ not g.current_user.can(Permission.MODERATE_ARTICLE): return forbidden('permission denied') article = Article.from_dict(request.json) db.session.add(article) db.session.commit() return jsonify(article.to_dict())
def get_user(): try: token_flag = g.token_used except AttributeError: return forbidden('Unconfirmed account') else: if token_flag: user = g.current_user return jsonify(user.to_json()) else: return unauthorized('Invalid credentials')
def before_request(): if not g.current_user.is_anonymous and not g.current_user.confirmed: # confirmation code checking try: status = request.json['status'] except (TypeError, KeyError): status = 'auth' if status == 'confirmation': if g.current_user.confirmation_code == request.json['code']: g.current_user.user_confirmed() else: return forbidden('Incorrect Confirmation Code')
def modify_post(id): if request.json and request.json.get('body'): post = Post.query.get_or_404(id) if g.current_user.can( Permission.MODERATE_COMMENTS) or post.author == g.current_user: post.body = request.json.get('body') db.session.add(post) db.session.commit() else: return forbidden("您不具备操作权限") return jsonify(post.to_json()) else: raise ValidationError('body 是空的')
def reset_password(current_user): """Resets user password""" if not current_user: return unauthorized('You are not allowed to perform this action') username = str(request.data.get('Username', '')) old_password = str(request.data.get('Previous Password', '')) new_password = str(request.data.get('New Password', '')) if username and old_password and new_password: update_user = User.reset_password(users_list, username, old_password, \ new_password) if update_user: response = jsonify({ "Message":"Successfuly changed password" }) response.status_code = 200 return response else: return forbidden(update_user) else: return bad_request("Provide all fields")
def login(): """Log a user into their account""" username = str(request.data.get('Username', '')) password = str(request.data.get('Password', '')) if username and password: if User.login(users_list, username, password): # generate token to manage user's session token = jwt.encode({ 'id':username, 'exp': datetime.utcnow() + timedelta(minutes=30)}, current_app.config.get('SECRET_KEY') ) if token: response = jsonify({ 'token': token.decode('UTF-8'), "Message":"{} has successfuly logged in"\ .format(username) }) response.status_code = 200 return response else: return forbidden("Invalid username/password combination") else: return bad_request("Please provide all the fields")
def befor_request(): if (not g.current_user.is_anonymous) and not g.current_user.confirmed: return forbidden("un confirmed account")
def auth_error(): return forbidden('Invalid credentials')
def before_request(): if not g.current_user.is_anonymous and \ not g.current_user.confirmed: return forbidden('Unconfirmed account')
def before_request(): if not g.current_user.is_anonymous and not g.current_user.confirmed: return forbidden('未激活账号')
def before_request(): if not g.current_user.is_anonymous and not g.current_user.confirmed: return forbidden('Unconfirmed account')
def decorated_function(*args, **kwargs): if not g.current_user.can(permission): return forbidden('Insufficient permissions') return f(*args, **kwargs)
def forbidden_error(e): if request.accept_mimetypes.accept_json and \ not request.accept_mimetypes.accept_html: return forbidden('forbidden') return render_template('403.html'), 403
def get_token(): if g.current_user.is_anonymous or g.token_used: return forbidden('Invalid credentials when you get token') return jsonify(token=g.current_user.generate_auth_token(), expiration=3600 * 24)
def before_request(): print('before_request') #如果当前的账户不是匿名的并且还未认证过 if not g.current_user.is_anonymous and \ not g.current_user.confirmed: return forbidden('暂未认证的账户')
def decorate_function(*args, **kwargs): if not g.current_user.can(permission): return forbidden("您无此操作权限") return f(*args, **kwargs)
def wrapper(*argc, **kwargs): if not g.current_user.can(permissions): return forbidden('permission denied') return func(*argc, **kwargs)