def get_current_user(): if 'id' not in session or 'token' not in session: return visitor u = db.query(User, lambda x: x['id'] == session['id']) if u and u[0]['token'] == session['token']: return u[0] return visitor
def delete_comment(id): comment = db.query(Comment, condition=lambda x: x['id'] == id, count=1) if not comment: abort(404) else: db.remove(comment[0]) db.commit() return redirect(url_for('.view_comment'))
def user_login(): if request.method == 'GET': return render_template('login.html') elif request.method == 'POST': name = request.form.get('name', None) password = encrypt(request.form.get('password', '')) u = db.query(User, condition=lambda x: x['name'] == name) if not u: #: TODO flash message return redirect(url_for('.user_login')) else: u = u[0] if u['password'] == password: u.generate_token() login(u) next = request.args.get('next', None) if next: return redirect(next) else: return redirect(url_for('.users_view')) else: #: TODO flash message return redirect(url_for('.user_login')) return redirect(url_for('.user_login'))
def view_comment(): comments = db.query(Comment) find_author(comments) find_reference(comments) return render_template('comments.html', comments=comments)
def find_author(comments): for comment in comments: u = db.query(User, lambda x: x['id'] == comment['author_id']) comment['author'] = u[0] if u else None
def find_reference(comments): for comment in comments: u = db.query(Comment, lambda x: x['id'] == comment['refer_id']) comment['refer'] = u[0] if u else None
#coding: utf-8 from flask import g, abort, session import functools from coffee.config import role from coffee.db import db from coffee.models import User visitor = db.query(User, lambda x: x['role'] == role['visitor'])[0] class require_role(object): '''Create a function decorator which requires user's role higher than given role. ''' def __init__(self, role): self.role = role def __call__(self, func): @functools.wraps(func) def wrapper(*args, **kwargs): if g.user['role'] > self.role: return func(*args, **kwargs) else: #: raise redirect rather than abort with 403 abort(403) return wrapper
def users_view(): users = db.query(User) return render_template('users.html', users=users)