def adminLogin():
if request.method == 'POST':
u = Admins()
email = request.form.get('email')
pwd = request.form.get('pwd')
u = Admins.objects(email=email, pwd=pwd).first()
if u != None:
adminbean = {'id': str(u._id), 'email': u.email, 'role': u.role}
# print(loginbean)
session['adminbean'] = adminbean
return redirect('/adminhome') #重定向
else:
return ('<script>alert("账号/密码错误");location.href="/";</script>')
def create_tables():
database.connect()
database.create_tables([Goods, Admins, Orders_Info, Orders_Content],
safe=True)
Goods.create(name='.BASE_CAT', amount=0)
Goods.create(name='Браслеты', amount=100, parent_id=1)
Goods.create(name='Значки', amount=75, parent_id=1)
Goods.create(name='Кружки', amount=150, price=100, parent_id=1)
Goods.create(name='Синие', amount=50, price=10, parent_id=2)
Goods.create(name='Красные', amount=36, price=15, parent_id=2)
Goods.create(name='Желтые', amount=14, price=20, parent_id=2)
Goods.create(name='Жестяные', amount=30, price=17, parent_id=3)
Goods.create(name='Деревянные', amount=45, price=13, parent_id=3)
Admins.create(chat_id='1234')
database.close()
def get_admin():
admins = Admins.select().where(Admins.id != 1)
if (not admins.exists()):
raise OverflowError('Магазин закрыт!')
chat_ids = [admin.chat_id for admin in admins]
chat_id = choice(chat_ids)
return chat_id
def instatiate_admin(privileg):
admin = Admins(update_company=privileg,
update_privilegs=privileg,
update_colleague=privileg,
update_box=privileg)
return admin
def adminLogin():
if request.method == 'POST':
email=request.form.get('email')
pwd = request.form.get('pwd')
u = Admins.objects(email=email,pwd=pwd).first()
if u!=None:
adminbean = {'id':str(u._id),'email':u.email,'role':u.role}
session['adminbean']=adminbean
return redirect('/applyList')
else:
return '账号/密码错误'
def signup_post():
email = request.form.get('email')
password = request.form.get('password')
user = Admins.query.filter_by(User=email).first() # if this returns a user, then the email already exists in database
if user: # if a user is found, we want to redirect back to signup page so user can try again
flash('Email address already exists')
return redirect(url_for('auth.signup'))
# create a new user with the form data. Hash the password so the plaintext version isn't saved.
new_user = Admins(User=email, Password=generate_password_hash(password, method='sha256'))
# add the new user to the database
db.session.add(new_user)
db.session.commit()
return redirect(url_for('auth.login'))
def check_id(chat_id):
admins = Admins.select()
chat_ids = [admin.chat_id for admin in admins]
return chat_id in chat_ids
def demote_admin(chat_id):
query = Admins.delete().where(Admins.chat_id == chat_id)
query.execute()
def reg_admin(chat_id):
admin = Admins.select().where(Admins.chat_id == chat_id)
if (not admin.exists()):
Admins.create(chat_id=chat_id)
def get_password():
password = Admins.select().where(Admins.id == 1)[0]
return password.chat_id
def check_fair():
admins = Admins.select().where(Admins.id != 1)
if (admins.exists()):
return True
return False
def update_privilegs(id):
colleague = Colleagues.query.get(id)
# authenticate colleague:
if not is_auth_privilegs(current_user, colleague):
return unathorized("You are not authorized to modify privilegs.",
"error")
form = UpdatePrivilegsForm()
admin_privilegs = get_admin(colleague)
if form.validate_on_submit():
if not current_user.check_password(form.password.data):
flash("Invalid password. Please log in again.", "warning")
logout_user()
return redirect(url_for("login"))
admin = Admins.query.filter(
Admins.colleague_id == colleague.id).first()
success = ""
error = ""
if not admin:
# add new admin:
admin = Admins(update_company=form.update_company.data,
update_privilegs=form.update_privilegs.data,
update_colleague=form.update_colleague.data,
update_box=form.update_box.data,
colleague_id=colleague.id)
db.session.add(admin)
success += f"{colleague.fullname()} added successfully to the Admin Team.\n "
error += f"Any error occured. Please try again.\n "
else:
# update privilegs:
if admin_privilegs.update_company != form.update_company.data:
admin.update_company = form.update_company.data
success += f"{colleague.fullname()} 'Update Company' privileg successfully changed to {form.update_company.data}.\n "
error += f"Any error occured. Please try again.\n "
if admin_privilegs.update_privilegs != form.update_privilegs.data:
# get all admins of company with update_company privileg:
privileg_admins = db.session.query(Colleagues, Admins).filter(
Colleagues.id == Admins.colleague_id,
Colleagues.company_id == current_user.company_id,
Admins.update_privilegs == True).all()
# check if the colleague is the last admin with update_privileg:
if len(privileg_admins) < 2:
# refuse the deletion of last privileg admin:
flash(
f"Deletion refused because You are the last admin with update_privileg.",
"warning")
return redirect(url_for("privilegs"))
admin.update_privilegs = form.update_privilegs.data
success = f"{colleague.fullname()} 'Update Privilegs' privileg successfully changed to {form.update_privilegs.data}.\n "
error = f"Any error occured. Please try again.\n "
if admin_privilegs.update_colleague != form.update_colleague.data:
admin.update_colleague = form.update_colleague.data
success += f"{colleague.fullname()} 'Update Colleague' privileg successfully changed to {form.update_colleague.data}.\n "
error += f"Any error occured. Please try again.\n "
if admin_privilegs.update_box != form.update_box.data:
admin.update_box = form.update_box.data
success += f"{colleague.fullname()} 'Update Idea Box' privileg successfully changed to {form.update_box.data}.\n "
error += f"Any error occured. Please try again.\n "
try:
db.session.commit()
flash(success, "inform")
except:
db.session.rollback()
flash(error, "error")
# delete admin from the table if there is no privilegs:
admin = Admins.query.filter(
Admins.colleague_id == colleague.id).first()
is_any_privileg = admin.update_company or admin.update_privilegs or admin.update_colleague or admin.update_box
if not is_any_privileg:
# delete admin:
try:
db.session.delete(admin)
db.session.commit()
flash(
f"{colleague.fullname()} successfully deleted from the Admin team.",
"inform")
except:
db.session.rollback()
flash(
f"Any error occured by deleting {colleague.fullname()} from the Adnin team. Please try again.",
"error")
return redirect(url_for("privilegs"))
return render_template("update_privilegs.html",
form=form,
colleague=colleague,
admin=admin_privilegs,
avatar=get_avatar(colleague),
nav=get_nav(current_user))