def edit_user(): """编辑用户信息""" form = UserEditForm().validate_for_api() baseuser = form.obj user = User.query.filter(User.id == baseuser.id).first() with db.auto_commit(): if form.name.data: baseuser.name = form.name.data if form.email.data: user.email = form.email.data if form.phone.data: user.phone = form.phone.data if form.info.data: user.info = form.info.data try: a = request.files file = request.files[form.face.name] if not allowed_image_file(file.filename): return ReturnObj.get_response( ReturnEnum.IMAGE_TYPE_ERROR.value, "只允许上传png jpg jpeg gif格式") file_face = secure_filename(file.filename) face = change_filename(file_face) file.save(os.path.join(current_app.config["FACE_DIR"], face)) user.face = urljoin(current_app.config["FACE_PATH"], face) except: pass db.session.add(baseuser) db.session.add(user) return ReturnObj.get_response(ReturnEnum.SUCCESS.value, "success")
def update(self): if str(self.params['user_id']) != str(self.current_user.id): return abort(403) self.form = UserEditForm() if self.form.validate_on_submit(): ext = os.path.splitext(self.form.avatar.data.filename)[1] filename = sha1(os.urandom(50)).hexdigest() + ext avatar = request.files['avatar'].read() path = os.path.join(app.config.root_path, 'static', 'img', filename) open(path, 'wb').write(avatar) self.current_user.update(avatar=filename) return redirect(url_for('users.show', user_id=self.current_user.id)) else: return self.edit()
class UsersController(BaseController): @render def show(self): self.user = User.query.get_or_404(self.params['user_id']) @login_required @render def edit(self): if str(self.params['user_id']) != str(self.current_user.id): return abort(403) self.form = getattr(self, 'form', None) or UserEditForm() @login_required def update(self): if str(self.params['user_id']) != str(self.current_user.id): return abort(403) self.form = UserEditForm() if self.form.validate_on_submit(): ext = os.path.splitext(self.form.avatar.data.filename)[1] filename = sha1(os.urandom(50)).hexdigest() + ext avatar = request.files['avatar'].read() path = os.path.join(app.config.root_path, 'static', 'img', filename) open(path, 'wb').write(avatar) self.current_user.update(avatar=filename) return redirect(url_for('users.show', user_id=self.current_user.id)) else: return self.edit() def sign_up(self): if 'user' in session: return redirect(url_for('root')) error = None form = UserSignUpForm() if request.method == 'POST' and form.validate_on_submit(): if User.query.filter_by(username=request.form['username']).first(): error = 'Пользователь с таким именем уже существует' else: is_admin = not User.query.first() username = request.form['username'] password = request.form['password'] user = User.create(username=username, is_admin=is_admin, **User.create_password(password)) session['user'] = user.to_dict() return redirect(url_for('root')) return render_template('users/sign_up.html', current_user=self.current_user, error=error, form=form) def sign_in(self): if 'user' in session: return redirect(url_for('root')) error = None form = UserSignInForm() if request.method == 'POST' and form.validate_on_submit(): user = User.query.filter_by(username=request.form['username']).first() if user and user.check_password(password=request.form['password']): session['user'] = user.to_dict() return redirect(url_for('root')) else: error = 'Неверный логин или пароль' return render_template('users/sign_in.html', current_user=self.current_user, error=error, form=form) def sign_out(self): session.pop('user', None) return redirect(url_for('root'))