def login(data):
if data['username'] == 'root':
user = root
else:
user = User.query.filter_by(username=data['username']).first()
if not user:
err_msg = _('User not existed.')
raise Error(err_msg, 404)
if user.disabled:
err_msg = _('user was disabled, cannot login')
raise Error(err_msg, 400)
if user.check_password(data['password']):
login_user(user)
ret_json = {
"status": Status.SUCCESS.status,
"message": "login success!",
"request": request.base_url,
"data": {
"token": "",
}
}
token = user.generate_confirmation_token()
ret_json.update({"data": {"token": token}})
return jsonify(ret_json)
#return jsonify(user)
else:
err_msg = _('password error')
raise Error(err_msg, 400)
def disable_check(self):
for rs in self.__mapper__.relationships:
if rs.backref and len(getattr(self, rs.key)):
err_msg = _(
u'%(source)s has relative %(ref)s, can not disable.',
source=_(self.__table__.name), ref=_(rs.table.name))
raise Error(err_msg, 400)
def add_user_role_by_id(uid, rid):
role = Role.query.filter_by(id=rid).one()
perms = [x.name for x in role.perms]
if not tusr.has_perms(perms):
raise Error('permission disallowed', 401)
ins = user_role.insert().values(user_id=uid, role_id=rid)
db.session.execute(ins)
db.session.commit()
return jsonify(ok_rt)
def enable_check(self):
for rs in self.__mapper__.relationships:
if rs.backref:
continue
obj = getattr(self, rs.key)
if obj and hasattr(obj, 'disabled') and getattr(obj, 'disabled'):
err_msg = _(u'%(source)s is disabled, can not enable.',
source=_(rs.table.name))
raise Error(err_msg, 400)
def filters_2_sql(filters):
exps = []
for x in filters:
try:
exp = parser.parse(lexer.lex(x)).getstr()
except Exception as e:
msg = 'Invalid syntax:{}'.format(x)
raise Error(msg, 400)
exps.append(exp)
return ' and '.join(exps)
def orderby_2_sql(order_by):
sortings = order_by.split(',')
rt = []
for x in sortings:
try:
prop, *_ = x.strip().partition(' ')
prop = prop.strip()
order = 'DESC' if _[-1].upper() == 'DESC' else 'ASC'
rt.append('`{}` {}'.format(prop, order))
except Exception as e:
msg = 'Invalid syntax:{}'.format(x)
raise Error(msg, 400)
return ','.join(rt)
def post(self):
'''
support create one or multi resource
'''
data = request.get_json()
if isinstance(data, dict):
data = [data]
elif len(data) > MAX_CREATION: # data is a list of object
err_msg = ' '.join(['can not create more than', str(MAX_CREATION)])
raise Error(err_msg, 413)
objs = [self.model(**x) for x in data]
g.created_objs = objs
db.session.add_all(objs)
db.session.commit()
if len(objs) == 1:
rv = objs[0]._asdict()
else:
rv = [x._asdict() for x in objs]
return rv
def delete(self, rid):
perm = Permission.query.filter_by(id=rid).one()
if perm.system:
raise Error('ask your admin for support', 401)
return super().delete(rid)
def patch(self, rid):
perm = Permission.query.filter_by(id=rid).one()
if perm.system:
raise Error('system permission is not editable', 401)
return super().patch(rid)