def login(data): if data['username'] == 'root': user = root else: user = User.query.filter_by(username=data['username']).first() if not user: err_msg = _('User not existed.') raise Error(err_msg, 404) if user.disabled: err_msg = _('user was disabled, cannot login') raise Error(err_msg, 400) if user.check_password(data['password']): login_user(user) ret_json = { "status": Status.SUCCESS.status, "message": "login success!", "request": request.base_url, "data": { "token": "", } } token = user.generate_confirmation_token() ret_json.update({"data": {"token": token}}) return jsonify(ret_json) #return jsonify(user) else: err_msg = _('password error') raise Error(err_msg, 400)
def disable_check(self): for rs in self.__mapper__.relationships: if rs.backref and len(getattr(self, rs.key)): err_msg = _( u'%(source)s has relative %(ref)s, can not disable.', source=_(self.__table__.name), ref=_(rs.table.name)) raise Error(err_msg, 400)
def add_user_role_by_id(uid, rid): role = Role.query.filter_by(id=rid).one() perms = [x.name for x in role.perms] if not tusr.has_perms(perms): raise Error('permission disallowed', 401) ins = user_role.insert().values(user_id=uid, role_id=rid) db.session.execute(ins) db.session.commit() return jsonify(ok_rt)
def enable_check(self): for rs in self.__mapper__.relationships: if rs.backref: continue obj = getattr(self, rs.key) if obj and hasattr(obj, 'disabled') and getattr(obj, 'disabled'): err_msg = _(u'%(source)s is disabled, can not enable.', source=_(rs.table.name)) raise Error(err_msg, 400)
def filters_2_sql(filters): exps = [] for x in filters: try: exp = parser.parse(lexer.lex(x)).getstr() except Exception as e: msg = 'Invalid syntax:{}'.format(x) raise Error(msg, 400) exps.append(exp) return ' and '.join(exps)
def orderby_2_sql(order_by): sortings = order_by.split(',') rt = [] for x in sortings: try: prop, *_ = x.strip().partition(' ') prop = prop.strip() order = 'DESC' if _[-1].upper() == 'DESC' else 'ASC' rt.append('`{}` {}'.format(prop, order)) except Exception as e: msg = 'Invalid syntax:{}'.format(x) raise Error(msg, 400) return ','.join(rt)
def post(self): ''' support create one or multi resource ''' data = request.get_json() if isinstance(data, dict): data = [data] elif len(data) > MAX_CREATION: # data is a list of object err_msg = ' '.join(['can not create more than', str(MAX_CREATION)]) raise Error(err_msg, 413) objs = [self.model(**x) for x in data] g.created_objs = objs db.session.add_all(objs) db.session.commit() if len(objs) == 1: rv = objs[0]._asdict() else: rv = [x._asdict() for x in objs] return rv
def delete(self, rid): perm = Permission.query.filter_by(id=rid).one() if perm.system: raise Error('ask your admin for support', 401) return super().delete(rid)
def patch(self, rid): perm = Permission.query.filter_by(id=rid).one() if perm.system: raise Error('system permission is not editable', 401) return super().patch(rid)