def delete_user(username):
user = User.query.filter_by(username=username).first()
if user.is_admin:
flash('不可删除管理员', 'danger')
return redirect_back()
else:
db.session.delete(user)
db.session.commit()
flash('已删除此用户', 'success')
return redirect_back()
def notice(topic_id):
topic = Topic.query.get_or_404(topic_id)
if current_user.is_noticing(topic):
flash('此主题已订阅过', 'info')
return redirect_back()
current_user.notice(topic)
flash('订阅成功', 'success')
if current_user != topic.author and topic.author.receive_notice_notification:
push_notice_notification(topic=topic, user=current_user)
return redirect_back()
def delete_post(post_id):
post = Post.query.get_or_404(post_id)
if current_user == post.author or current_user == post.topic.group.admin:
post.deleted = True
db.session.commit()
flash('删除帖子成功', 'success')
return redirect_back()
elif current_user.can('MODERATE'):
db.session.delete(post)
db.session.commit()
flash('删除帖子成功', 'success')
return redirect_back()
else:
abort(403)
def reset_post(post_id):
post = Post.query.get_or_404(post_id)
post.report_time = 0
post.saved = False
db.session.commit()
flash('帖子的举报次数已清零。', 'success')
return redirect_back()
def delete_all_notification():
notifications = Notification.query.with_parent(current_user).all()
for notification in notifications:
db.session.delete(notification)
db.session.commit()
flash('已成功删除所有通知信息。', 'success')
return redirect_back()
def edit_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
if current_user != topic.author and current_user != topic.group.admin and not current_user.can(
'MODERATE'):
abort(403) #除了主题的author、主题所在组的管理员或者协管员,都不能编辑主题
form = PostForm()
if form.validate_on_submit():
topic.name = form.title.data
topic.body = form.body.data
if form.publish.data:
topic.saved = False
db.session.commit()
if form.notice.data and not current_user.is_noticing(topic):
current_user.notice(topic)
flash('主题已发表', 'success')
return redirect(url_for('main.show_topic', topic_id=topic.id))
elif form.save.data:
if topic.get_last_post():
flash('已有回帖,不允许保存。', 'warning')
return redirect_back()
else:
topic.saved = True
topic.top = False
db.session.commit()
flash('主题已保存', 'success')
return redirect(url_for('user.draft_topic'))
elif form.save1.data:
topic.saved = True
topic.top = False
db.session.commit()
flash('请上传附件', 'info')
return redirect(url_for('.upload_topic', topic_id=topic.id))
form.title.data = topic.name
form.body.data = topic.body
return render_template('main/edit_topic.html', form=form, topic=topic)
def reset_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
topic.report_time = 0
topic.saved = False
db.session.commit()
flash('主题的举报次数已清零。', 'success')
return redirect_back()
def unnotice(topic_id):
topic = Topic.query.get_or_404(topic_id)
if not current_user.is_noticing(topic):
flash('还未订阅此主题', 'info')
current_user.unnotice(topic)
flash('已取消订阅此主题', 'success')
return redirect_back()
def cancel_top_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
if not current_user.can('MODERATE') and current_user != topic.group.admin:
abort(403) #只能主题所在组管理员和协管员才能取消置顶
topic.top = False
db.session.commit()
flash('主题已取消置顶。', 'success')
return redirect_back()
def delete_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
if current_user == topic.author or current_user == topic.group.admin:
topic.deleted = True
if topic.posts:
for post in topic.posts:
post.deleted = True
db.session.commit()
flash('删除主题成功', 'success')
return redirect_back()
elif current_user.can('MODERATE'):
db.session.delete(topic)
db.session.commit()
flash('删除主题成功', 'success')
return redirect_back()
else:
abort(403)
def migrate_group(group_id):
group = Group.query.get_or_404(group_id)
form = MigrateForm()
if form.validate_on_submit():
for topic in group.topics:
topic.group_id = form.group.data
db.session.commit()
flash('组内主题已迁移成功。', 'success')
return redirect_back()
def delete_group(group_id):
if group_id == 6:
flash('不可删除', 'danger')
else:
group = Group.query.get_or_404(group_id)
db.session.delete(group)
db.session.commit()
flash('小组已删除', 'success')
return redirect_back()
def top_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
if not current_user.can('MODERATE') and current_user != topic.group.admin:
abort(403) #只能主题所在组管理员和协管员才能置顶帖子
topic.top = True
topic.top_timestamp = time.time()
db.session.commit()
flash('主题已置顶。', 'success')
return redirect_back()
def delete_notification(notification_id):
notification = Notification.query.get_or_404(notification_id)
if notification.receiver != current_user:
abort(403)
db.session.delete(notification)
db.session.commit()
flash('已成功删除通知。', 'success')
return redirect_back()
def delete_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
if current_user != topic.group.admin and not current_user.can(
'MODERATE') and current_user != topic.author:
abort(403)
db.session.delete(topic)
db.session.commit()
flash('删除主题成功', 'success')
return redirect_back()
def delete_post(post_id):
post = Post.query.get_or_404(post_id)
if current_user != post.author and current_user != post.topic.group.admin and not current_user.can(
'MODERATE'):
abort(403)
db.session.delete(post)
db.session.commit()
flash('成功删除帖子', 'success')
return redirect_back()
def re_authenticate():
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def report_post(post_id):
post = Post.query.get_or_404(post_id)
post.report_time += 1
db.session.commit()
if post.report_time > int(current_app.config['MAX_REPORT_TIME']):
post.saved = True
db.session.commit()
push_max_reported_post_notification(post=post)
flash('帖子的举报次数已达上限, 帖子隐藏', 'info')
else:
flash('帖子已被举报', 'success')
return redirect_back()
def report_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
topic.report_time += 1
db.session.commit()
if topic.report_time > int(current_app.config['MAX_REPORT_TIME']):
topic.saved = True
db.session.commit()
push_max_reported_topic_notification(topic=topic)
flash('主题的举报次数已达上限,主题隐藏', 'info')
else:
flash('主题已被举报', 'success')
return redirect_back()
def search():
q = request.args.get('q', '')
if q == '':
flash('请输入要搜索内容的关键字', 'warning')
return redirect_back()
if len(q) < 2:
flash('输入字符数不能少于2', 'warning')
return redirect_back()
category = request.args.get('category', 'topic')
page = request.args.get('page', 1, type=int)
per_page = current_app.config['SEARCH_RESULT_PER_PAGE']
if category == 'user':
pagination = User.query.whooshee_search(q).paginate(page, per_page)
elif category == 'post':
pagination = Post.query.whooshee_search(q).paginate(page, per_page)
else:
pagination = Topic.query.whooshee_search(q).paginate(page, per_page)
results = pagination.items
return render_template('main/search.html',
q=q,
results=results,
pagination=pagination,
category=category)
def delete_file(file_id):
file = File.query.get_or_404(file_id)
if file.post:
if current_user != file.post.author and not current_user.can('MODERATE') \
and current_user != file.post.topic.group.admin:
abort(403)
if file.topic:
if current_user != file.topic.author and not current_user.can('MODERATE') \
and current_user != file.topic.group.admin:
abort(403)
db.session.delete(file)
db.session.commit()
flash('已删除附件', 'success')
return redirect_back()
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is not None and user.validate_password(form.password.data):
if login_user(user, form.remember_me.data):
flash('登录成功.', 'info')
return redirect_back()
else:
flash('你的账号已被封禁。', 'warning')
return redirect(url_for('main.index'))
flash('无效的邮箱或者密码.', 'warning')
return render_template('auth/login.html', form=form)
def confirm(username):
user = User.query.filter_by(username=username).first()
user.confirmed = True
db.session.commit()
send_notice_email(user)
return redirect_back()
def cancel_deleted_topic(topic_id):
topic = Topic.query.get_or_404(topic_id)
topic.deleted = False
db.session.commit()
return redirect_back()
def cancel_deleted_post(post_id):
post = Post.query.get_or_404(post_id)
post.deleted = False
db.session.commit()
return redirect_back()