def permissionmanagement(permission): form = form_edit_permission() if current_user.is_authenticated: if current_user.check_permission( 'usercenter_permission_add') and permission == 'add': return render_template('usercenter/add_permission.html', title=_('Add Permission'), form=form) elif current_user.check_permission( 'usercenter_permission_add') and permission != None: permission = permission.replace("%20", "+") print(permission) if Permission.query.filter( Permission.permissionname == permission).count() == 1: permissiontoedit = permission else: flash("No legal permission found") else: flash('You are not allowed to change permission settings') return redirect(url_for('usercenter.lobby')) form = form_edit_permission() permission = Permission.query.filter( Permission.permissionname == permission).first() print(form.permissionname.data, form.permissionaction.data) if form.validate_on_submit(): # Add new one if Permission.query.filter(Permission.permissionname == permission.permissionname).count() == 0: newpermission = Permission( permissionname=form.permissionname.data, action=form.permissionaction.data) db.session.add(newpermission) db.session.commit() flash('Permission ' + form.permissionname.data + ' has been created') elif Permission.query.filter( Permission.permissionname == permission.permissionname).count() == 1: permission = Permission.query.filter( Permission.permissionname == permissiontoedit).first() permission.permissionname = form.permissionname.data permission.action = form.permissionaction.data flash('Permission has been updated') db.session.commit() return render_template('usercenter/edit_permission.html', title=_('Edit Permission'), form=form, permission=permission)
def inner2(*args, **kwargs): # if not g.user.check_permission(permission): # abort(403, status=403, username=g.user.username, msg='authorization failed') if not current_user.check_permission(permission): from flask import abort # abort(403) return redirect(url_for('blue_error.vf_permission')) return func(*args, **kwargs)
def delete_user(userid): if current_user.is_authenticated: if current_user.check_permission('delete_user'): db.session.query(User).filter(user_id == userid).delete() db.session.commit() flash('User has been deleted') return redirect(url_for('usercenter.lobby')) return redirect(url_for('main.index'))
def inner2(*args, **kwargs): # if not g.user.check_permission(permission): # abort(403, status=403, username=g.user.username, msg='authorization failed') if not current_user.check_permission(permission): from flask import abort # resp = Response() # resp.data = 'Permission Required!' # resp.status_code = 403 # abort(resp) abort(403) return func(*args, **kwargs)
def get_user(username): # 访问他人主页时,需要main模块的WRITE权限 if current_user.username != username: if not current_user.check_permission('main', WRITE_PERMISSION): abort(403) user = User.query.filter(User.username == username).first_or_404() return render_template( 'main/user_item.jinja2', title=_l('User Profile'), user=user )
def edit_post(id): post = Post.query.get_or_404(id) if current_user != post.author and not current_user.check_permission(Permission.ADMINISTER): abort(403) form = PostForm() if form.validate_on_submit(): post.content = form.content.data post.title = form.title.data db.session.add(post) db.session.commit() flash('You have changed this article') return redirect(url_for('show_post', id=post.id)) form.content.data = post.content form.title.data = post.title return render_template('/post/edit_post.html', form=form)
def add_role(): form = form_add_role() if current_user.check_permission('usercenter_role_add'): if form.validate_on_submit(): if db.session.query(Role).filter( Role.rolename == form.roletoadd.data).count() == 0: newrole = Role(rolename=form.roletoadd.data) db.session.add(newrole) db.session.commit() flash('Role has been added!') else: flash('Role already exists!') else: print(form.errors) return render_template('usercenter/add_role.html', form=form) else: flash('You have no permission to add new roles') return redirect(url_for('usercenter.list_role'))
def delete_permission(permission): permission = permission.replace("%20", "+") if current_user.is_authenticated: if current_user.check_permission( 'usercenter_permission_edit') and permission != None: if Permission.query.filter( Permission.permissionname == permission).count() == 1: item = Permission.query.filter( Permission.permissionname == permission).first() #Permission.query.filter(Permission.permissionname == permission).delete() db.session.delete(item) db.session.commit() else: flash('You are not allowed to edit permissions') return redirect(url_for('usercenter.permissionmanagement')) else: return redirect(url_for('auth.login')) return redirect(url_for('usercenter.permissionmanagement'))
def usermanagement(username): if current_user.is_authenticated: if current_user.check_permission( 'usercenter_user_edit') and username != None: if User.query.filter(User.username == username).count() == 1: usertoedit = username else: flash("No legal user found") usertoedit = current_user.username else: usertoedit = current_user.username flash('You are not allowed to change other user settings') return redirect('usercenter.usermanagement', username=username) user = User.query.filter(User.username == usertoedit).first() roles = Role.query.all() form = form_edit_profile() form2 = form_edit_role_for_user() form2.role.choices = gamelist = [(g.id, g.rolename) for g in Role.query.all()] if form2.validate_on_submit(): if db.session.query(Usertorole).filter( Usertorole.user_id == current_user.id).filter( Usertorole.role_id == form2.role.data).count() == 0: newrole = Usertorole(role_id=form2.role.data, user_id=user.id) db.session.add(newrole) db.session.commit() if form.validate_on_submit(): if User.query.filter(User.username == form.username.data).count( ) == 0 and form.username.data != user: if form.username.data == "": flash("NO emptry username allowed") else: user.username = form.username.data flash('Username has been updated') user.email = form.email.data user.real_name = form.name.data db.session.commit() flash('User has been updated') return render_template('usercenter/edit_profile.html', title=_('Edit User'), form=form, form2=form2, user=user)
def usermanagement_revoke_permission(role, permission): role = role.replace("%20", " ") if current_user.is_authenticated: if current_user.check_permission( 'usercenter_role_edit') and permission != None: if Role.query.filter(Role.rolename == role).count() == 1: roletoedit = Role.query.filter(Role.rolename == role).first() db.session.query(Roletopermission).filter( Roletopermission.role_id == roletoedit.id).filter( Roletopermission.permission_id == permission).delete() db.session.commit() else: flash("No legal Role found") return redirect(url_for('usercenter.rolemanagement', role=role)) else: flash('You are not allowed to change Role settings') return redirect(url_for('usercenter.rolemanagement', role=role)) return redirect(url_for('usercenter.rolemanagement', role=role))
def usermanagement_revoke_role(username, role): if current_user.is_authenticated: if current_user.check_permission( 'usercenter_user_edit') and username != None: if User.query.filter(User.username == username).count() == 1: usertoedit = username user = User.query.filter(User.username == usertoedit).first() db.session.query(Usertorole).filter( Usertorole.user_id == user.id).filter( Usertorole.role_id == role).delete() db.session.commit() else: flash("No legal user found") usertoedit = current_user.username else: usertoedit = current_user.username flash('You are not allowed to change other user settings') return redirect( url_for('usercenter.usermanagement', username=user.username)) return redirect( url_for('usercenter.usermanagement', username=user.username))
def rolemanagement(role): if current_user.is_authenticated: if current_user.check_permission('usercenter_role_edit'): if role != None: role = role.replace("%20", "+") print(role) if Role.query.filter(Role.rolename == role).count() == 1: roletoedit = role else: flash("No legal role found") return redirect(url_for('usercenter.list_role')) else: return redirect(url_for('usercenter.lobby')) else: flash('You are not allowed to change') return redirect(url_for('usercenter.lobby')) role = Role.query.filter(Role.rolename == roletoedit).first() form = form_edit_role() if form.validate_on_submit(): if form.old_rolename.data != form.rolename.data: if Role.query.filter( Role.rolename == form.old_rolename.data).count() == 1: role.rolename = form.rolename.data db.session.commit() flash('Rolename has been changed to ' + form.rolename.data) print(role.rolename) return redirect( url_for('usercenter.rolemanagement', role=role.rolename)) if Role.query.filter( Role.rolename == form.old_rolename.data).count() == 0: newrole = Role(rolename=form.rolename.data) db.session.add(newrole) db.session.commit() flash('Rolename ' + form.rolename.data + ' has been created ') print(role.rolename) else: flash('Rolename already exists') flash(roletoedit) permissionlist = db.session.query(Permission).all() form2 = form_edit_role_add_perm() form2.permissiontoadd.choices = [(g.id, g.permissionname) for g in Permission.query.all()] if form2.validate_on_submit(): if db.session.query(Roletopermission).filter( Roletopermission.permission_id == form2.permissiontoadd.data).filter( Roletopermission.role_id == role.id).count() == 0: permissionid = db.session.query(Permission).filter( Permission.id == form2.permissiontoadd.data).first() NewRoletopermission = Roletopermission( role_id=role.id, permission_id=permissionid.id) db.session.add(NewRoletopermission) db.session.commit() #choicelist = [(g.id, g.permissionname) for g in db.session.query(Permission).all()] #print(choicelist) # form2.permissiontoadd.choices=choicelist return render_template('usercenter/edit_role.html', title=_('Edit Role'), form=form, form2=form2, role=role, permissionlist=permissionlist)
def decorated_function(*args, **kwargs): if not current_user.check_permission(permission): abort(403) return f(*args, **kwargs)