class UserView(Resource):
method_decorators = {
'get': [
permission_required(Permission.COMMENT, Unauthorized),
token_auth.login_required
],
'patch':
[permission_required(Permission.COMMENT), token_auth.login_required]
}
def get(self):
return g.current_user.to_json()
def post(self):
# register user
args = user_reqparse.parse_args()
try:
role = Role.query.filter_by(permissions=2).first()
user = User.create(email=args['email'],
username=args['username'],
password=args['password'],
location=args.get('location'),
about_me=args.get('about'),
role=role)
except (IntegrityError, InvalidRequestError, DataError):
raise UserAlreadyExistsError()
token = user.generate_confirm_token(expiration=86400)
email_token = user.generate_email_token()
send_email.delay(to=user.email,
subject='Confirm Your Account',
template='mail/confirm',
user=user.username,
url=url_for('auth.email_auth',
token=email_token,
_external=True))
current_app.logger.info('New User Exist: {}, {}'.format(
user.id, user.email))
return {'token': token, 'permission': user.role.permissions},
def patch(self):
args = reqparse_patch.parse_args()
if args.get('password'):
if args.get('old_password') and g.current_user.verify_password(
args.get('old_password')):
pass
else:
raise Forbidden('Password error')
g.current_user.update(**args)
return g.current_user.to_json(), 200
class PostsView(Resource):
method_decorators = {
'post': [
permission_required(Permission.ADMINISTER),
token_auth.login_required
],
'get': [token_auth.login_required]
}
def get(self):
args = posts_parser.parse_args()
if args.draft:
if not g.current_user.can(Permission.ADMINISTER):
raise Forbidden()
prev = None
next_ = None
per_page = current_app.config['BLOG_POST_PER_PAGE']
post_query = Post.query.filter_by(draft=args.draft).order_by(
db.desc('timestamp'))
pagination = post_query.paginate(args.page,
per_page=per_page,
error_out=False)
posts = pagination.items
if pagination.has_prev:
prev = url_for('post.postsview',
page=args.page - 1,
_external=True)
if pagination.has_next:
next_ = url_for('post.postsview',
page=args.page + 1,
_external=True)
return {
'posts': [post.to_json(500) for post in posts],
'prev': prev,
'next': next_,
'count': pagination.total,
'pages': pagination.pages,
}
def post(self):
# 新建文章
args = post_parser.parse_args(strict=True)
author = g.current_user
post = Post.create(title=args.title,
body=args.content,
tags=args.tags,
author=author,
draft=args.draft)
return {
'url': url_for('post.postview', post_id=post.id),
'id': post.id
}, 201
class PostView(Resource):
method_decorators = {
'patch': [
permission_required(Permission.ADMINISTER, Unauthorized),
token_auth.login_required
],
'delete': [
permission_required(Permission.ADMINISTER),
token_auth.login_required
]
}
def get(self, post_id):
post = Post.get_or_404(post_id).update(view=Post.view + 1)
return {"post": post.to_json()}
def patch(self, post_id):
# 修改文章
args = post_parser.parse_args()
post = Post.get_or_404(post_id)
if g.current_user != post.author and not g.current_user.can(
Permission.ADMINISTER):
raise Forbidden(description="Insufficient permissions")
post.update(title=args.title,
body=args.content,
tags=args.tags,
draft=args.draft)
return {
'url': url_for('post.postview', post_id=post.id),
'post_id': post.id
}
def delete(self, post_id):
post = Post.get_or_404(post_id)
if g.current_user != post.author and not g.current_user.can(
Permission.ADMINISTER):
raise Forbidden(description='Insufficient permissions')
post.delete()
return {}
class AvatarStroage(Resource):
method_decorators = [
permission_required(Permission.COMMENT), token_auth.login_required
]
def put(self):
args = photo_reqparse.parse_args()
file_format = args.image.filename.split('.')[-1]
name = '%d-avatar.%s' % (g.current_user.id, file_format)
path = Path(os.path.join(photos.config.destination, 'avatar', name))
if path.exists():
path.unlink()
filename = photos.save(args.image, folder='avatar', name=name)
file_url = photos.url(filename)
g.current_user.avatar = file_url
g.current_user.save()
return {'url': file_url}
class CommentView(Resource):
method_decorators = {
'post':
[permission_required(Permission.COMMENT), token_auth.login_required]
}
def post(self):
args = comment_parse.parse_args()
post = Post.get(args.post_id)
comment = Comment.create(body=args.body,
author=g.current_user,
post=post)
if args.comment_id:
reply = Comment.query.get(args.comment_id)
comment.reply(reply)
return {}, 201
def get(self):
# 评论增加Email验证权限
# 获取评论
prev = None
next_ = None
args = comment_parse.parse_args()
post = Post.query.get(args['post_id'])
pagination = post.comments.order_by(db.desc('timestamp')).paginate(
args.page,
per_page=current_app.config['BLOG_COMMENT_PAGE'],
error_out=False)
comments = pagination.items
if pagination.has_prev:
prev = url_for('comment.commentview',
page=args.page - 1,
post=post.id)
if pagination.has_next:
next_ = url_for('comment.commentview',
page=args.page + 1,
post=post.id)
return {
'comments': [i.to_json() for i in comments],
'prev': prev,
'next': next_,
'count': pagination.total
}
class PhotoStorage(Resource):
method_decorators = [
permission_required(Permission.ADMINISTER), token_auth.login_required
]
def put(self):
args = photo_reqparse.parse_args()
path = Path(
os.path.join(photos.config.destination, str(g.current_user.id),
args.image.filename))
if path.exists():
file_url = photos.url(
os.path.join(str(g.current_user.id), args.image.filename))
else:
filename = photos.save(args.image, str(g.current_user.id))
file_url = photos.url(filename)
return {'url': file_url}
class SendEmailAuth(Resource):
decorators = [
permission_required(Permission.COMMENT), token_auth.login_required
]
def get(self):
# 发送验证邮件
user = g.current_user
if not user.is_anonymous:
email_token = g.current_user.generate_email_token()
send_email.delay(to=user.email,
subject='Confirm Your Account',
template='mail/confirm',
user=user.username,
url=url_for('auth.email_auth',
token=email_token,
_external=True))
return {}