def edit_post(id):
post = Post.query.get_or_404(id)
if g.current_user != post.author and not g.current_user.can(Permission.WRITE_ARTICLES):
return forbidden('Insufficient permissions')
post.body = request.json.get('body', post.body)
db.session.add(post)
return jsonify(post.to_json())
def edit_post(id):
post = Post.query.get_or_404(id)
if g.current_user != post.quthor and not g.current_user.can(Permission.ADMINISTER):
return forbidden('无权限')
post.body = request.json.get('body', post.body)
post.title = request.json.get('title', post.title)
db.session.add(post)
return jsonify(post.to_json())
def before_request():
if not g.current_user.is_anonymous and \
not g.current_user.confirmed:
return forbidden('未注册用户')
# @api.route('/posts/1')
# def get_post():
# pass
# return jsonify({'post':'post1'})
def edit_article(id):
article = Article.query.get(id)
if not article:
return not_found(_('The article not exists'))
if g.current_user != article.author and \
not g.current_user.can(Permission.MODERATE_ARTICLE):
return forbidden('permission denied')
article = Article.from_dict(request.json)
db.session.add(article)
db.session.commit()
return jsonify(article.to_dict())
def get_user():
try:
token_flag = g.token_used
except AttributeError:
return forbidden('Unconfirmed account')
else:
if token_flag:
user = g.current_user
return jsonify(user.to_json())
else:
return unauthorized('Invalid credentials')
def before_request():
if not g.current_user.is_anonymous and not g.current_user.confirmed:
# confirmation code checking
try:
status = request.json['status']
except (TypeError, KeyError):
status = 'auth'
if status == 'confirmation':
if g.current_user.confirmation_code == request.json['code']:
g.current_user.user_confirmed()
else:
return forbidden('Incorrect Confirmation Code')
def modify_post(id):
if request.json and request.json.get('body'):
post = Post.query.get_or_404(id)
if g.current_user.can(
Permission.MODERATE_COMMENTS) or post.author == g.current_user:
post.body = request.json.get('body')
db.session.add(post)
db.session.commit()
else:
return forbidden("您不具备操作权限")
return jsonify(post.to_json())
else:
raise ValidationError('body 是空的')
def reset_password(current_user):
"""Resets user password"""
if not current_user:
return unauthorized('You are not allowed to perform this action')
username = str(request.data.get('Username', ''))
old_password = str(request.data.get('Previous Password', ''))
new_password = str(request.data.get('New Password', ''))
if username and old_password and new_password:
update_user = User.reset_password(users_list, username, old_password, \
new_password)
if update_user:
response = jsonify({
"Message":"Successfuly changed password"
})
response.status_code = 200
return response
else:
return forbidden(update_user)
else:
return bad_request("Provide all fields")
def login():
"""Log a user into their account"""
username = str(request.data.get('Username', ''))
password = str(request.data.get('Password', ''))
if username and password:
if User.login(users_list, username, password):
# generate token to manage user's session
token = jwt.encode({
'id':username,
'exp': datetime.utcnow() + timedelta(minutes=30)},
current_app.config.get('SECRET_KEY')
)
if token:
response = jsonify({
'token': token.decode('UTF-8'),
"Message":"{} has successfuly logged in"\
.format(username)
})
response.status_code = 200
return response
else:
return forbidden("Invalid username/password combination")
else:
return bad_request("Please provide all the fields")
def befor_request():
if (not g.current_user.is_anonymous) and not g.current_user.confirmed:
return forbidden("un confirmed account")
def auth_error():
return forbidden('Invalid credentials')
def before_request():
if not g.current_user.is_anonymous and \
not g.current_user.confirmed:
return forbidden('Unconfirmed account')
def before_request():
if not g.current_user.is_anonymous and not g.current_user.confirmed:
return forbidden('未激活账号')
def before_request():
if not g.current_user.is_anonymous and not g.current_user.confirmed:
return forbidden('Unconfirmed account')
def decorated_function(*args, **kwargs):
if not g.current_user.can(permission):
return forbidden('Insufficient permissions')
return f(*args, **kwargs)
def forbidden_error(e):
if request.accept_mimetypes.accept_json and \
not request.accept_mimetypes.accept_html:
return forbidden('forbidden')
return render_template('403.html'), 403
def get_token():
if g.current_user.is_anonymous or g.token_used:
return forbidden('Invalid credentials when you get token')
return jsonify(token=g.current_user.generate_auth_token(),
expiration=3600 * 24)
def before_request():
print('before_request')
#如果当前的账户不是匿名的并且还未认证过
if not g.current_user.is_anonymous and \
not g.current_user.confirmed:
return forbidden('暂未认证的账户')
def decorated_function(*args, **kwargs):
if not g.current_user.can(permission):
return forbidden('Insufficient permissions')
return f(*args, **kwargs)
def decorate_function(*args, **kwargs):
if not g.current_user.can(permission):
return forbidden("您无此操作权限")
return f(*args, **kwargs)
def wrapper(*argc, **kwargs):
if not g.current_user.can(permissions):
return forbidden('permission denied')
return func(*argc, **kwargs)
