def user_mod(appname, uid, data):
"""
this api is used to modify one user
Request URL: /auth/user/{uid}
HTTP Method:POST
Parameters: None
Return :
{
"status":0
"data":{
"perm_list":[1,2,3,4],
"disable_list":[1,2,3,4],
"id": 1
}
"msg":""
}
"""
cond = {"_id": uid}
user = User.find_one_user(appname, cond, None)
if not user:
return json_response_error(PARAM_ERROR, msg="id:%s is invalid" % uid)
user_name = data["user_name"]
old_user = Group.find_one_group(appname, {"user_name": user_name})
if old_user and old_user["_id"] != uid:
return json_response_error(PARAM_ERROR, msg="the user name exist")
group_id = [int(gid) for gid in data["group_id"]]
user_data = {"user_name": user_name, "mark": data["mark"], "group_id": group_id}
User.update_user(appname, cond, user_data)
return json_response_ok({})
def user_chpasswd(appname, uid, old_pwd, new_pwd):
usr = User.find_one_user(appname, {"_id": int(uid)}, None)
if usr:
if usr.get("password") == old_pwd:
User.update_user(appname, {"_id": int(uid)}, {"password": new_pwd})
return json_response_ok()
else:
_LOGGER.error("old_pwd err")
return json_response_error(AUTH_ERROR)
else:
return json_response_error(AUTH_ERROR)
def user_login(appname, user_name, password, session):
user_cond = {"user_name": user_name, "password": password}
user_check = User.find_one_user(appname, user_cond, None)
if not user_check:
return json_response_error(AUTH_ERROR, {}, msg="username or password err")
elif not user_check["is_active"]:
return json_response_error(AUTH_ERROR, {}, msg="user is not active")
else:
session["uid"] = int(user_check["_id"])
uid = user_check["_id"]
upt_dict = {"last_login": now_timestamp(), "total_login": user_check.get("total_login") + 1}
User.update_user(appname, {"_id": uid}, upt_dict)
# 业务相关拆分
# permissions = Permission.init_menu(uid)
return json_response_ok({"uid": uid})
def user_right_mod(appname, projectname, uid, data):
"""
this api is used to modify one group
Request URL: /auth/user/{gid}
HTTP Method:POST
Parameters:
{
"perm_list":[1,2,3,4]
"disable_list":[1,2,3,4]
}
Return :
{
"status":0
"data":{}
}
"""
# check if user id in db
cond = {"_id": uid}
fields = {"_id": 0}
user_info = User.find_one_user(appname, cond, fields)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user not exist")
# check if right id in db
right_list = [int(rid) for rid in data["perm_list"]]
right_list = list(set(right_list))
for rid in right_list:
if not Right.find_one_right(appname, {"_id": rid}):
return json_response_error(PARAM_ERROR, msg="the right id:%s not exist" % rid)
group_perm_ids = []
gids = user_info.get("group_id")
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
perm_ids = group_info.get("permission_list")
group_perm_ids += perm_ids.get(projectname, [])
if group_perm_ids:
group_perm_ids = list(set(group_perm_ids))
# update user right info
user_right_list = []
for rid in right_list:
if rid not in group_perm_ids:
user_right_list.append(rid)
user_info["permission_list"][projectname] = user_right_list
User.update_user(appname, cond, user_info)
return json_response_ok({}, msg="update user right success")
def user_active(appname, data):
"""
this api is used to active one user
Request URL: /auth/active/user/
HTTP Method:POST
Parameters: None
Return :
{
"status":0
"data":{
"is_active":False,
"id": 1
}
"msg":""
}
"""
user_id = int(data["id"])
cond = {"_id": user_id}
user_info = User.find_one_user(appname, cond)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user id not exist")
user_data = {"is_active": data["is_active"]}
User.update_user(appname, cond, user_data)
return json_response_ok(data)