Exemple #1
0
def new_post():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
        post = Post(title=form.title.data, body=form.body.data, author=current_user._get_current_object())
        db.session.add(post)
        print('hello')
        return redirect(url_for('.index'))
    else:
        print('permission', current_user.can(Permission.WRITE_ARTICLES))
    return render_template('new_post.html', form=form)
Exemple #2
0
def topic(topic_id):
    if request.method == 'POST':
        if current_user.can(Permission.STICK):
            post_id = request.form.get('post_id', type=int)
            if request.form.get('sticky') == 'False':
                Post.query.filter_by(id=post_id).update({'sticky': True})
            else:
                Post.query.filter_by(id=post_id).update({'sticky': False})
            return jsonify(msg='success')
        else:
            abort(404)
    page = request.args.get('page', 1, type=int)
    topic_title = Topic.query.filter_by(id=topic_id).first_or_404().title
    type = request.args.get('type')
    if not type:
        pagination = Post.query.filter_by(topic_id=topic_id).\
            order_by(Post.sticky.desc(), Post.date_created.desc()).paginate(
            page=page, per_page=20, error_out=False
        )
        posts = pagination.items
    elif type == 'essence':
        Post.rank_hot(topic_id)
        pagination = Post.query.order_by(Post.sticky.desc(), Post.hot_index.desc()).paginate(
            page=page, per_page=20, error_out=False
        )
        posts = pagination.items
    else:
        abort(404)
    return render_template('topic.html', posts=posts, title=topic_title, pagination=pagination)
Exemple #3
0
def home():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and \
            form.validate_on_submit():
        post = Post(
            body=form.body.data, 
            author=current_user._get_current_object()
            )
        db.session.add(post)
        return redirect(url_for('.index'))
    page = request.args.get('page', 1, type=int)
    pagination = Post.query.order_by(
        Post.timestamp.desc()
        ).paginate(
            page, 
            per_page=current_app.config['FLASKY_POSTS_PER_PAGE'] or 20,
            error_out=False
        )
    posts = pagination.items
    # posts = Post.query.order_by(Post.timestamp.desc()).all()
    return render_template(
            'index/index.html', 
            form=form, 
            posts=posts,
            pagination=pagination,
            )
Exemple #4
0
def index():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and \
            form.validate_on_submit():
        # current_user仅仅时一个包含真正用户对象的封装
        # 使用_get_current_objects获取真正的对象传给DB
        post = Post(body=form.body.data,
                    author=current_user._get_current_object())
        db.session.add(post)
        return redirect(url_for('.index'))
    # 渲染的当前页数,默认为1
    page = request.args.get('page', 1, type=int)
    # 显示关注者文章
    show_followed = False
    if current_user.is_authenticated:
        show_followed = bool(request.cookies.get('show_followed', ''))
    if show_followed:
        query = current_user.followed_posts
    else:
        query = Post.query
    # 利用该对象query进行分页导航
    pagination = query.order_by(Post.timestamp.desc()).paginate(
        page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'],
        error_out=False)
    posts = pagination.items
    return render_template('index.html', form=form, posts=posts,
                           show_followed=show_followed, pagination=pagination)
Exemple #5
0
def tags():
    search_tags = request.args.get('search', None)
    page = request.args.get('page', 1, type=int)
    the_tags = Tag.query.outerjoin(book_tag).group_by(book_tag.c.tag_id).order_by(
        db.func.count(book_tag.c.book_id).desc()).limit(30).all()
    search_form = SearchForm()
    search_form.search.data = search_tags

    data = None
    pagination = None

    if search_tags:
        tags_list = [s.strip() for s in search_tags.split(',') if len(s.strip()) > 0]
        if len(tags_list) > 0:
            the_books = Book.query
            if not current_user.can(Permission.UPDATE_BOOK_INFORMATION):
                the_books = Book.query.filter_by(hidden=0)
            the_books = the_books.filter(
                db.and_(*[Book.tags.any(Tag.name.ilike(word)) for word in tags_list])).outerjoin(Log).group_by(
                Book.id).order_by(db.func.count(Log.id).desc())
            pagination = the_books.paginate(page, per_page=8)
            data = pagination.items

    return render_template('book_tag.html', tags=the_tags, title='Tags', search_form=search_form, books=data,
                           pagination=pagination)
Exemple #6
0
def edit(id):
    book = Book.query.get_or_404(id)
    if not current_user.can(Permission.EDIT):
        abort('403')
    form = AddBookForm()
    if form.validate_on_submit():
        book.front_cover=form.front_cover.data
        book.bookname=form.bookname.data
        book.introduction=form.introduction.data
        book.press=form.press.data
        book.author=form.author.data
        book.book_type=form.book_type.data
        book.published_date=form.published_date.data
        book.amount_all=form.amount_all.data
        db.session.add(book)
        flash('The book has been updated.')
        return redirect(url_for('.book', id=book.id))
    form.front_cover.data=book.front_cover
    form.bookname.data=book.bookname
    form.introduction.data=book.introduction
    form.press.data=book.press
    form.author.data=book.author
    form.book_type.data=book.book_type
    form.published_date.data=book.published_date
    form.amount_all.data=book.amount_all
    return render_template('edit_book.html', form=form)
Exemple #7
0
def delete_post(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and not current_user.can(Permission.ADMINISTER):
        abort(403)
    db.session.delete(post)
    flash(u'博客已删除')
    return redirect(url_for('.index'))
Exemple #8
0
def delete(id):
    post = Post.query.get_or_404(id)
    if not current_user.can(Permission.ADMINISTER):
        abort(403)
    db.session.delete(post)
    flash('The post has been deleted.')
    return redirect(url_for('.index'))
Exemple #9
0
def index():
    form = PostForm()
    if form.validate_on_submit():
        if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
            post = Post(body=form.body.data, author=current_user._get_current_object())
            db.session.add(post)
            return redirect(url_for('main.index'))

    page = request.args.get('page', 1, type=int)
    show_followed =False
    if current_user.is_authenticated:
        show_followed = bool(request.cookies.get('show_followed', ''))
    if show_followed:
        query = current_user.followed_posts
    else:
        query = Post.query
    pagination = query.order_by(Post.timestamp.desc()).paginate(page, per_page=current_app.config['POSTS_PER_PAGE'], error_out=False)
    posts = pagination.items

    res = {
        'form': form,
        'pagination': pagination,
        'posts': posts,
        'show_followed': show_followed,
    }

    return render_template('index.html', **res)
Exemple #10
0
def index():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and \
            form.validate_on_submit():
        post = Post(body=form.body.data, author=current_user._get_current_object())
        db.session.add(post)
        return redirect(url_for('.index'))

    show_followed = False
    User.is_authenticated
    if current_user.is_authenticated:
        show_followed = bool(request.cookies.get('show_followed', ''))
    if show_followed:
        query = current_user.followed_posts
    else:
        query = Post.query

    # 分页处理
    page = request.args.get('page', 1, type=int)
    pagination = query.order_by(Post.timestamp.desc()).paginate(
            page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], 
            error_out=False)
    posts= pagination.items
    cfgtag=current_app.config['SQLALCHEMY_DATABASE_URI']
    return render_template('index.html', form=form, posts=posts, 
            show_followed=show_followed, pagination=pagination, cfgtag=cfgtag)
Exemple #11
0
def index():
    """
    首页
    :return: 首页模版
    """
    form = PostForm()  # 发布新文章
    if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
        post = Post(body=form.body.data, author=current_user._get_current_object())
        db.session.add(post)
        return redirect(url_for('.index'))
    # 显示分页的全部posts或者关注用户的posts
    show_followed = False
    if current_user.is_authenticated:
        show_followed = bool(request.cookies.get('show_followed', ''))  # show-followed以字典形式存储在cookies中
    if show_followed:
        query = current_user.followed_posts
    else:
        query = Post.query
    page = request.args.get('page', 1, type=int)
    pagination = query.order_by(Post.timestamp.desc()).paginate(
        page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False)
    posts = pagination.items
    return render_template('index.html',
                           posts=posts,
                           form=form,
                           show_followed=show_followed,
                           pagination=pagination,
                           current_time=datetime.utcnow(),
                           user_agent=request.headers.get('User-Agent'))
Exemple #12
0
 def decorated_function(bug_id):
     bugs = Bugs.get_by_bug_id(bug_id)
     if not (current_user == bugs.author and \
             bugs.status_equal(Bug_Now_Status.CREATED)) and \
             not current_user.can(Permission.ADMINISTER):
         abort(403)
     return f(bug_id)
Exemple #13
0
def home():
    '''main.home()'''
    if current_user.is_authenticated:
        if current_user.can('管理'):
            return redirect(request.args.get('next') or url_for('status.home'))
        return redirect(request.args.get('next') or url_for('profile.overview', id=current_user.id))
    return minify(render_template('home.html'))
Exemple #14
0
def new_post():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():

        allowed_tags = ['a', 'abbr', 'acronym', 'b', 'blockquote', 'code',
                        'em', 'i', 'li', 'ol', 'pre', 'strong', 'ul',
                        'h1', 'h2', 'h3', 'p', 'img',  'br', 'font']
        bleach.ALLOWED_ATTRIBUTES[u'img'] = [u'src']
        bleach.ALLOWED_ATTRIBUTES[u'font'] = [u'face']
        body = bleach.linkify(bleach.clean(form.body.data, tags=allowed_tags, strip=True))
        post = Post(title=form.title.data,
                    slug=slugify(form.title.data),
                    body=body,
                    author=User.objects(username=current_user.username).first())
        post.save()

        _old_tags = set()
        for x in form.tags.data.split():
            old_tag = Tag.objects(name=x).first()
            if old_tag:
                old_tag.posts.append(post)
                old_tag.save()
                _old_tags.add(x)

        new_tags = [Tag(name=x) for x in form.tags.data.split() if x not in _old_tags]
        for t in new_tags:
            t.posts.append(post)
            t.save()

        return redirect(url_for('.index'))
    return render_template('new_post.html', form=form)
Exemple #15
0
def index():
   form = PostForm()
   if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
       post = Post(body=form.body.data, author=current_user._get_current_object())
       db.session.add(post)
       return redirect(url_for('.index'))
   posts = Post.query.order_by(Post.timestamp.desc().all())
   return render_template('index.html', form=form, posts=posts)
Exemple #16
0
def delete(slug):
    post = Post.objects.get_or_404(slug=slug)
    if current_user != post.author and not current_user.can(Permission.ADMINISTER):
        abort(403)
    for tag in Tag.objects(posts__contains=post).all():
        tag.update(pull__posts=post)
    post.delete()
    flash('Post has been deleted.')
    return redirect(url_for('.index'))
Exemple #17
0
def delete(id):
    post = Post.query.get_or_404(id)
    if not current_user.can(Permission.ADMINISTER):
        abort(403)
    else:
        post.tag.clear()
        db.session.commit()
        db.session.delete(post)
        flash('文章已删除')
        return redirect(url_for('.index'))
Exemple #18
0
def postArticle():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and \
            form.validate_on_submit():
        post = Post(title=form.title.data,
                    body=form.body.data,
                    author=current_user._get_current_object())
        db.session.add(post)
        return redirect(url_for('article.postArticle'))
    return render_template('article/post_article.html', form=form)
Exemple #19
0
def writing():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and \
            form.validate_on_submit():
        post = Post(body=form.body.data,
                    author=current_user._get_current_object())
        db.session.add(post)
        flash(u'已完成发帖')
        return redirect(url_for('blog.index'))
    return render_template('blog/writing.html', form=form)
Exemple #20
0
def index():
    search_form = SearchForm()
    the_books = Book.query
    if not current_user.can(Permission.UPDATE_BOOK_INFORMATION):
        the_books = the_books.filter_by(hidden=0)
    popular_books = the_books.outerjoin(Log).group_by(Book.id).order_by(db.func.count(Log.id).desc()).limit(5)
    popular_users = User.query.outerjoin(Log).group_by(User.id).order_by(db.func.count(Log.id).desc()).limit(5)
    recently_comments = Comment.query.filter_by(deleted=0).order_by(Comment.edit_timestamp.desc()).limit(5)
    return render_template("index.html", books=popular_books, users=popular_users, recently_comments=recently_comments,
                           search_form=search_form)
Exemple #21
0
def user(username):
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and \
            form.validate_on_submit():
        post = Post(body=form.body.data,
                    author=current_user._get_current_object())
        db.session.add(post)
    user = User.query.filter_by(username=username).first_or_404()
    postss = user.posts.order_by(Post.timestamp.desc()).all()
    return render_template('user.html', user=user,form=form, posts=postss)
Exemple #22
0
def delete(comment_id):
    the_comment = Comment.query.get_or_404(comment_id)
    if current_user.id == the_comment.user_id or current_user.can(Permission.DELETE_OTHERS_COMMENT):
        the_comment.deleted = 1
        book_id = the_comment.book_id
        db.session.add(the_comment)
        db.session.commit()
        flash(u'成功删除一条评论.', 'info')
        return redirect(request.args.get('next') or url_for('book.detail', book_id=book_id))
    else:
        abort(403)
Exemple #23
0
def post(id):
    post = Post.query.get_or_404(id)
    form = CommentForm()
    if current_user.can(Permission.COMMENT) and form.validate_on_submit():
        comment = Comment(body=form.body.data,
                          post=post,
                          author=current_user._get_current_object())
        db.session.add(comment)
        return redirect(url_for('.post', id=post.id))
    comments = post.comments.order_by(Comment.timestamp.desc()).all()
    return render_template('blog/post.html', posts=[post], form=form, comments=comments)
Exemple #24
0
def edit_post(id):
    form = EditPostForm()
    posts = Post.query.get_or_404(id)
    if current_user != posts.author and not current_user.can(Permission.ADMINISTER):
        abort(404)
    if form.validate_on_submit():
        posts.body = form.body.data
        db.session.add(posts)
        return redirect(url_for('main.post', id=posts.id))
    form.body.data = posts.body
    return render_template('edit_post.html', form=form)
Exemple #25
0
def write():
    form = PostForm()
    if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
        post = Post(title=form.title.data, summary=form.summary.data,
                    body=form.body.data, private=form.private.data,
                    author=current_user._get_current_object())
        db.session.add(post)
        return redirect(url_for('.individual_homepage',
                                id=current_user.id))
    form.private = False
    return render_template('write.html', form=form)
Exemple #26
0
def edit_post(post_id):
    p = Post.query.get_or_404(post_id)
    if current_user != p.author and not current_user.can(Permission.ADMINISTER):
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        p.body = form.body.data
        db.session.add(p)
        flash("The post has been updated.")
        return redirect("/post/" + str(p.id))
    form.body.data = p.body
    return render_template("edit_post.html", form=form)
Exemple #27
0
def delete(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and \
            not current_user.can(Permission.ADMINISTER):
        abort(403)

    currentCat = Category.query.get(post.category_id)
    currentCat.count -= 1

    Post.delete_post(post)
    flash('The post has been deleted.')
    return index()
Exemple #28
0
def edit(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and not current_user.can(Permission.ADMINISTER):
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.body = form.body.data
        db.session.add(post)
        flash('The post has been updated.')
        return redirect(url_for('.post', id=post.id))
    form.body.data = post.body
    return render_template('main/edit_post.html', form=form)
Exemple #29
0
def editArticle(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and not current_user.can(Permission.ADMINISTER):
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.title = form.title.data
        post.body = form.body.data
        db.session.add(post)
        flash("The post has been updated.")
    form.title.data = post.title
    form.body.data = post.body
    return render_template('edit_post.html', form=form, posts=[post])
Exemple #30
0
def edit_post(id):
    single_post = Post.query.get_or_404(id)
    if current_user != single_post.author and \
            not current_user.can(Permission.ADMINSTER):
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        single_post.body = form.body.data
        db.session.add(single_post)
        flash(u'修改成功')
        return redirect(url_for('.post', id=id))
    form.body.data = single_post.body
    return render_template('main/edit_post.html', form=form)
Exemple #31
0
 def decorated_function(*args, **kwargs):  #function definition
     if not current_user.can(permission):
         abort(403)
     return f(*args, **kwargs)
Exemple #32
0
 def decorated_func(*args, **kwargs):
     if current_user.can(permission_name):
         return func(*args, **kwargs)
     abort(403)
Exemple #33
0
def index():
    games = Game.query.all()
    can_create = current_user.can(Permission.GAME_ADMIN)
    return render_template('main/index.html',
                           games=games,
                           can_create=can_create)
Exemple #34
0
 def decorated_function(*args, **kwargs):
     # 调用User模型中的can方法进行权限验证
     # TODO:如何获取role属性
     if not current_user.can(permission):
         abort(403)
     return f(*args, **kwargs)
Exemple #35
0
 def wrapper(*args, **kwargs):
     if not current_user.can(permission):
         abort(403)
     return func(*args, **kwargs)
Exemple #36
0
 def decorated_function(*args, **kwargs):
     # 如何不能高这个权重,则返回404
     if not current_user.can(permission):
         abort(404)
     return f(*args, **kwargs)
Exemple #37
0
 def check_permissions(*args, **kwargs):
     if not current_user.can(permissions):
         abort(403)
     return f(*args, **kwargs)
Exemple #38
0
 def decorated_function(*args, **kwargs):
     if not current_user.can(permission):
         #abort(403)
         return render_template('403.html'), 403
     return f(*args, **kwargs)
Exemple #39
0
 def can_edit_files():
     from app.models import Permission
     return current_user.can(Permission.WRITE)
Exemple #40
0
 def decorated_function(*args, **kwargs):  # pylint: disable=C0111
     if not current_user.can(permission):
         abort(403)
     return func(*args, **kwargs)
Exemple #41
0
 def decorated_function(*args, **kwargs):
     if not current_user.can(resource, permission):
         abort(403)
     return f(*args, **kwargs)
Exemple #42
0
def user_edit_profile(uploaded_files, username, sex, addr, info):
    _data = {}
    domain = None
    if 'u-domain' in request.value.all and request.value.all['u-domain'].strip():
        names = mdb_sys.db.audit_rules.find_one({'type':'username'})
        domain = request.value.all['u-domain'].strip().replace(' ','')
        if len(domain)<3 or len(domain)>30:
            flash({'msg':'个性域名:需要3至30个字符!', 'type':'w'})
            return jsonify(_data)
        if not re.search(r"^[a-z0-9]+$",domain):
            flash({'msg':'个性域名:只能是数字, 小写字母!', 'type':'w'})
            return jsonify(_data)

        elif mdb_user.db.user_profile.find_one({'domain':domain}) or domain==str(current_user.id):
            flash({'msg':'此个性域名已被使用!', 'type':'w'})
            return jsonify(_data)
        elif domain in names and not current_user.can(Permission.ADMINISTER) and not current_user.is_role(Permission.ECP):
            flash({'msg':'此个性域名已被使用!', 'type':'w'})
            return jsonify(_data)

    if not username:
        flash({'msg':'名号不能为空!', 'type':'w'})
        return jsonify(_data)

    user = mdb_user.db.user.find_one({"username":username})
    if user and user["_id"] != current_user.id:
        flash({'msg':'此名号已被使用!', 'type':'w'})
        return jsonify(_data)

    names = mdb_sys.db.audit_rules.find_one({'type':'username'})
    try:
        t_username = username.upper()
    except:
        t_username = username
    if t_username in names['rule'] and not current_user.can(Permission.ADMINISTER) and not current_user.is_role(Permission.ECP):
        flash({'msg':'此名号已被使用!', 'type':'w'})
        return jsonify(_data)

    if len(username.encode("gbk").decode("gbk")) > 150:
        flash({'msg':u'最多150字哦!','type':'w'})
        return jsonify(_data)

    # ---------------------------------------------------------------
    tel = ""

    # 地址
    _provinces = ''
    _city = ''
    _area = ''
    addrs = addr_f()
    if addr['p'].strip("string:"):
        for lv in addrs:
            if lv['id'] == addr['p'].strip("string:"):
                lv1 = lv
                _provinces = lv['text']
                break
    if addr['c'].strip("string:"):
        for lv in lv1['children']:
            if lv['id'] == addr['c'].strip("string:"):
                lv2 = lv
                _city = lv['text']
                break
    if addr['a'].strip("string:"):
        for lv in lv2['children']:
            if lv['id'] == addr['a'].strip("string:"):
                _area = lv['text']
                break
    addr = {"provinces":_provinces}
    addr['city'] = _city
    addr['area'] = _area
    #性别
    if sex:
        sex = int(sex)
    # 头像
    bucket_name = {'b':config['upload'].AVA_B, 'domain':'avatar', 'project':'avatar'}
    r = img_up(uploaded_files, bucket_name)
    if r['url'] != -1:
        if r['url'] == 1:
            user_profile = {
            'username':username,
            'addr':addr,
            'info':info,
            'tel_num':tel,
            'sex':sex
            }
        else:
            user_profile = {
                'username':username,
                'addr':addr,
                'info':info,
                'tel_num':tel,
                'sex':sex,
                'avatar_url':r['url']
            }
            u_p = mdb_user.db.user_profile.find_one({'user_id':current_user.id})
            if u_p:
                if not 'default' in u_p['avatar_url']['key']:
                    img_del(u_p['avatar_url'])
        flash({'msg':'头像更改成功,2秒后更新!.','type':'s'})
    else:
        user_profile = {
            'username':username,
            'addr':addr,
            'info':info,
            'tel_num':tel,
            'sex':sex
            }

    mdb_user.db.user.update({"_id":current_user.id}, {"$set":{"username":username}})
    if domain:
        user_profile['user_domain'] = domain
        user.domain = domain
    mdb_user.db.user_profile.update({'user_id':current_user.id}, {'$set':user_profile})
    flash({'msg':'信息修改成功哦.','type':'s'})

    return _data
Exemple #43
0
def delete_comment(comment_id):
    comment = Comment.query.get_or_404(comment_id)
    if current_user != comment.author and current_user != comment.photo.author and not current_user.can(
            'MODERATE'):
        abort(403)

    page = request.args.get('page', 1, type=int)
    db.session.delete(comment)
    db.session.commit()
    flash('Comment deleted.', 'success')
    return redirect(
        url_for('main.show_photo', photo_id=comment.photo.id, page=page))
Exemple #44
0
 def query_for_requests_to_publish():
     if current_user.can(Permission.PUBLISH):
         return Article.query.filter_by(request_to_publish=True)
     else:
         abort(403, description="You don't have permission to publish.")
Exemple #45
0
 def decorator_function(*args, **kwargs):
     if not current_user.can(permissions):
         abort(403)
     return f(*args, **kwargs)
Exemple #46
0
 def query_for_all_unpublished():
     if current_user.can(Permission.PUBLISH):
         return Article.query.filter_by(is_published=False)
Exemple #47
0
 def decorated_function(*args, **kwargs):
     if not current_user.can(permission_name):
         abort(403)
     return func(*args, **kwargs)
Exemple #48
0
 def decorated_function(*args, **kwargs):
     if current_user.is_administrator():
         return f(*args, **kwargs)
     if (not current_user.can(permission)):
         abort(403)
     return f(*args, **kwargs)
Exemple #49
0
 def can_admin(permission):
     return current_user.can(permission)
Exemple #50
0
 def decorated_function(*args, **kwargs):
     if not current_user.can(permission):
         return jsonify(status='fail', data=[], reason='no permission')
     return f(*args, **kwargs)
Exemple #51
0
def follow(id):
    user = User.query.get_or_404(id)
    if current_user.can(Permission.FOLLOW) and current_user.following(user):
        flash('关注成功!')
    return redirect(url_for('user.user_center', id=user.id))
Exemple #52
0
 def decorated_function(*args, **kwargs):
     if not current_user.can(permission):
         abort(Constants.FORBIDDEN_PAGE_ERROR_PAGE)
     return f(*args, **kwargs)
 def decorated_function(*args, **kwargs):
     if not current_user.can(permission):
         abort(403)  # forbidden HTTP Error
     return f(*args, **kwargs)
Exemple #54
0
 def wrapper(*args, **kwargs):
     if current_user.can(permission):
         return f(*args, **kwargs)
     abort(403)
Exemple #55
0
 def decorated_funtion(*args, **kwargs):
     if not current_user.can(permission):
         return redirect(url_for('admin.admin_login'))
     return f(*args, **kwargs)
Exemple #56
0
def delete_comment(comment_id):
    comment = Comment.query.get_or_404(comment_id)
    if current_user != comment.author and current_user != comment.photo.author and not current_user.can(
            'MODERATE'):
        abort(403)
    db.session.delete(comment)
    db.session.commit()
    flash('Comment deleted', 'info')
    return redirect(url_for('main.show_photo', photo_id=comment.photo_id))
Exemple #57
0
 def wrap(*args, **kwargs):
     if current_user.can(permission):
         return func(*args, **kwargs)
     else:
         abort(501)
Exemple #58
0
 def decorated_function(*args, **kwargs):
     if not current_user.can(permission):
         flash(u'您没有权限访问。')
         abort(401)
     return f(*args, **kwargs)
Exemple #59
0
def board(boardname):
    form=PostForm()
    board = Board.query.filter_by(name=boardname).first_or_404()
    print('board')
    if current_user.can(Permission.WRITE) and form.validate_on_submit():
        post = Post.new_post(form.title.data, form.body.data, current_user._get_current_object(), board)
        return redirect(url_for('.post', id=post.id))

    board_show_all=bool(request.cookies.get('board_show_all', ''))
    board_popular=bool(request.cookies.get('board_popular', ''))
    board_click_above_avg=bool(request.cookies.get('board_click_above_avg', ''))
    board_comment_above_avg=bool(request.cookies.get('board_comment_above_avg', ''))
    board_user_comment=bool(request.cookies.get('board_user_comment', ''))
    board_user_post=bool(request.cookies.get('board_user_post', ''))

    page = request.args.get('page', 1, type=int)

    pagination = None
    avg = None
    most_popular_post=None
    if board_popular:
        query = board.posts
        most_popular_post = query.order_by(Post.duration.desc()).limit(1).first()
        comments = Comment.query.join(Post, Comment.post_id == Post.id).filter(Post.id == most_popular_post.id).subquery().c
        tmp = db.session.query(User, comments.author_id).filter(User.id==comments.author_id)
        pagination = tmp.paginate(
            page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
            error_out=False
        )
        users = pagination.items


    elif board_click_above_avg:
        avg_click = board.post_mean_view()
        print('平均阅读', avg_click)
        query = board.posts.filter(Post.view_count > avg_click)
        pagination = query.order_by(Post.view_count.desc()).paginate(
            page, per_page=current_app.config['BBS_POSTS_PER_PAGE'],
            error_out=False
        )

    elif board_comment_above_avg:
        # 在该版块的所有回帖
        comments = Comment.query.join(Post, Comment.post_id == Post.id).filter(Post.board_id == board.id).subquery().c
        comment_cnt = db.session.query(comments.id).count()
        author_cnt = db.session.query(comments.author_id).group_by(comments.author_id).count()
        avg = comment_cnt/author_cnt
        # 按在该版块发帖数降序排列的所有用户
        counts = func.count('comments.id').label('cnt')
        tmp = db.session.query(User, comments.author_id, counts).\
            group_by(comments.author_id).filter(User.id==comments.author_id).order_by(counts.desc()).\
            having(counts > avg)
        pagination = tmp.paginate(
            page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
            error_out=False
        )

    elif board_user_comment:
        # 在该版块的所有回帖
        comments = Comment.query.join(Post, Comment.post_id == Post.id).filter(Post.board_id == board.id).subquery().c
        # 按在该版块发帖数降序排列的所有用户
        tmp = db.session.query(User, comments.author_id, func.count(comments.id).label('cnt')).\
            group_by(comments.author_id).filter(User.id==comments.author_id).order_by(desc('cnt'))

        pagination = tmp.paginate(
            page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
            error_out=False
        )

    elif board_user_post:
        # 在该版块的所有post
        posts = Post.query.filter(Post.board_id == board.id).subquery().c
        # 按在该版块发帖数降序排列的所有用户
        tmp = db.session.query(User, posts.author_id, func.count(posts.id).label('cnt')).\
            group_by(posts.author_id).filter(User.id==posts.author_id).order_by(desc('cnt'))
        pagination = tmp.paginate(
            page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
            error_out=False
        )

    else:
        board_show_all = True
        pagination = board.posts.order_by(Post.timestamp.desc()).paginate(
            page, per_page=current_app.config['BBS_POSTS_PER_PAGE'],
            error_out=False
        )

    posts = pagination.items
    users = pagination.items


    print(len(posts), len(users))
    print(board_show_all, board_popular, board_click_above_avg, board_comment_above_avg,
          board_user_comment)

    return render_template('board.html', form=form, board=board, posts=posts, users=users, pagination=pagination,
                           board_show_all = board_show_all, board_popular=board_popular,
                           board_click_above_avg=board_click_above_avg, board_comment_above_avg=board_comment_above_avg,
                           board_user_comment=board_user_comment,board_user_post=board_user_post, avg_comment = avg, post=most_popular_post)
Exemple #60
0
 def wrap(*args, **kwargs):
     if not current_user.can(p):
         abort(403)  # 没权限p返回403错误码
     return f(*args, **kwargs)