def user_role_add(username, role_name):
"""Add role to user."""
if username is None or role_name is None:
abort(HTTPStatus.BAD_REQUEST)
user = get(User, name=username)
if user is None:
abort(HTTPStatus.NOT_FOUND)
role = get(Role, name=role_name)
if role is None:
abort(HTTPStatus.NOT_FOUND)
user.roles.append(role)
db.session.add(user)
db.session.commit()
return make_response('Role added to user', HTTPStatus.OK)
def get_user_id_from_token(cls, token):
'''
Returns the user ID associated to the given token, if any.
:param token: The auth token to check.
:return: Integer user ID if it is a correct token; None otherwise.
'''
return users.get(USER_TOKEN_FORMAT.format(token))
def login():
data = request.get_json()
if not data or not data.get('username') or not data.get('password'):
raise ApiException("请求格式错误")
user = users.get(data['username'])
if not user or user.get('password') != data.get('password'):
raise ApiException("账号或密码错误")
session['username'] = data['username']
session['role'] = user.get('role')
return jsonify(Resp(Resp.SUCCESS))
def new_role():
"""Create new role."""
name = request.json.get('name')
if name is None:
abort(HTTPStatus.BAD_REQUEST) # missing arguments
if get(Role, name=name) is not None:
abort(HTTPStatus.CONFLICT) # existing role
role = Role(name=name)
db.session.add(role)
db.session.commit()
return make_response('Role created', HTTPStatus.CREATED)
def delete_user(name):
"""Delete user."""
if name is None:
abort(HTTPStatus.BAD_REQUEST)
user = get(User, name=name)
if user is None:
abort(HTTPStatus.NOT_FOUND)
db.session.delete(user)
db.session.commit()
return make_response('User deleted', HTTPStatus.OK)
def make_super(name):
"""Add all roles to user."""
if name is None:
abort(HTTPStatus.BAD_REQUEST)
user = get(User, name=name)
if user is None:
abort(HTTPStatus.NOT_FOUND)
for role in Role.query.all():
user.roles.append(role)
db.session.add(user)
db.session.commit()
return make_response('SuperUser born', HTTPStatus.OK)
def new_user():
"""Create user."""
name = request.json.get('username')
password = request.json.get('password')
if name is None or password is None:
abort(HTTPStatus.BAD_REQUEST) # missing arguments
if get(User, name=name) is not None:
abort(HTTPStatus.CONFLICT) # existing user
user = User(name=name)
user.hash_password(password)
user.roles.append(Role.query.filter_by(name='default').first())
db.session.add(user)
db.session.commit()
return make_response('User created', HTTPStatus.CREATED)
def get_pw(username):
if username in users:
return users.get(username)
return None