def edit_userprofile(): if current_user is not None and current_user.is_privileged(UserType.registered): username = request.args.get("username") if not username: abort(404) elif current_user.username.lower() != username.lower(): abort(403) else: return render_template('edit_userprofile.html', username=current_user.username, user=current_user, genderName = GenderType.getName(current_user.gender), typeName=UserType.getName(current_user.type), birthStr = current_user.getBirthStr()) else: abort(403)
def user(): if current_user is not None and current_user.is_privileged(UserType.staff): page = request.args.get("page", 1) if page < 1: page = 1 paginate = Users.query.order_by(Users.uid).paginate(int(page), config.PAGE_ITEMS, False) users = [] for user in paginate.items: user.gender = GenderType.getName(user.gender) user.type = UserType.getName(user.type) users.append(user) return render_template("user.html", username=current_user.username, index=4, pagination=paginate) else: abort(403)
def update_teacher(): if current_user is not None and current_user.is_privileged(UserType.staff): tid = request.args.get("tid") teacher = Teacher.query.filter(Teacher.tid == tid).first() if teacher is None: return render_template("error.html", message="查找不到与之匹配的讲师") else: user = Users.query.filter(Users.username == teacher.username).first() if not user: return render_template("error.html", message="找不到教师的基本用户数据") else: return render_template( "update_teacher.html", username=current_user.username, teacher=teacher, types=GameType.getAll(), genderName=GenderType.getName(user.gender), gname=GameType.getName(teacher.gtype), ) else: abort(403)
def teacher(): if current_user is not None and current_user.is_privileged(UserType.staff): page = request.args.get("page", 1) if page < 1: page = 1 paginate = Teacher.query.order_by(Teacher.tid).paginate(int(page), config.PAGE_ITEMS, False) # 需要将相关的常量替换成可读字符串 # 一种办法是使用ORM进行联合查询,这样的坏处是容易造成SQL复杂且不稳定 # 因此直接使用数据后处理进行替换,效率虽低,但安全性和扩展性更好,对于本应用来说是可以接受的 teachers = [] for teacher in paginate.items: user = Users.query.filter(Users.username == teacher.username).first() if user: teacher.name = user.name teacher.birth = user.birth teacher.gender = GenderType.getName(user.gender) teacher.gtypename = GameType.getName(teacher.gtype) # gtypename teacher.desc = user.desc teacher.extend = user.extend return render_template("teacher.html", username=current_user.username, index=2, pagination=paginate) else: abort(403)
def search_teacher(): if current_user is not None and current_user.is_privileged(UserType.staff): # 由于使用站内搜索功能时结果集一般很少,为简单起见不再支持分页 name = request.args.get("username") if name == "": return render_template("error.html", message="请输入查询的教师用户名") try: pattern = "%" + name + "%" # 支持模糊查询 result = Teacher.query.filter(Teacher.username.like(pattern)).order_by(Teacher.tid).all() teachers = [] for teacher in result: user = Users.query.filter(Users.username == teacher.username).first() teacher.name = user.name teacher.birth = user.birth teacher.gender = GenderType.getName(user.gender) teacher.gtype = GameType.getName(teacher.gtype) teacher.desc = user.desc teacher.extend = user.extend teachers.append(teacher) return render_template("search_teacher.html", username=current_user.username, teachers=teachers) except Exception, e: # app.logger.error(e) return render_template("error.html", message="查询失败")
def search_user(): if current_user is not None and current_user.is_privileged(UserType.staff): # 由于使用站内搜索功能时结果集一般很少,为简单起见不再支持分页 name = request.args.get("username") if name == "": return render_template("error.html", message="请输入查询的用户名") try: pattern = "%" + name + "%" # 支持模糊查询 result = ( Users.query.filter( or_(Users.username.like(pattern), Users.phone.like(pattern), Users.email.like(pattern)) ) .order_by(Users.uid) .all() ) users = [] for user in result: user.gender = GenderType.getName(user.gender) user.type = UserType.getName(user.type) users.append(user) return render_template("search_user.html", username=current_user.username, users=result, index=4) except Exception, e: # app.logger.error(e) return render_template("error.html", message="查询失败")