Esempio n. 1
0
def deleteComment(id):
    comment = Comment.query.get_or_404(id)
    if not current_user.is_administrator():
        abort(403)
    db.session.delete(comment)
    db.session.commit()
    return redirect(url_for('.post', id=comment.post_id))
Esempio n. 2
0
def delete(id):
    post = Post.query.get_or_404(id)
    if not current_user.is_administrator():
        abort(403)
    db.session.delete(post)
    db.session.commit()
    return redirect(url_for('.index'))
def delete_comment(id):
    comment = Comment.query.get_or_404(id)
    group = comment.group
    if comment.author == current_user or current_user.is_administrator():
        db.session.delete(comment)
        flash('评论已被删除')
    return redirect(url_for('main.carpool', id=group.id))
Esempio n. 4
0
def ban():
    flag=current_user.is_administrator(g.user)
    if flag is True:
        form=BanKeywordForm()
        p = Page()
        jsondata=request.get_json()
        if request.method == 'POST':
            if jsondata:
                keyword = jsondata['keyword']
                p.DelBan(keyword)
                flash('成功删除关键词')
                location=url_for('.ban')
                return jsonify({"status":302,"location":location})
            if form.validate():
                keyword = form.keyword.data
                p.AddBan(keyword)
                flash('成功添加关键词')
                return redirect('ban')
        banlist = p.GetBan()
        keywords = []
        total = len(banlist)
        page = request.args.get('page', 1, type=int)
        per_page = 10
        offset = (page - 1) * per_page
        for i in range(len(banlist)):
            if i < per_page and (offset+i) < len(banlist):
                keywords.append(banlist[offset+i])
            else:
                break
        pagination=Pagination(css_framework='bootstrap3',link_size='sm',show_single_page=False,page=page,per_page=per_page,total=total,format_total=True,format_number=True)
        return render_template('ban.html',keywords=keywords,page=page,per_page=per_page,pagination=pagination,form=form)
    else:
        abort(403)
Esempio n. 5
0
def question(id):
    """
    Shows question description etc, and maybe also creator info.
    Also has answer question form
    Todo: Delete button. Should it be a simple button with a POST and refresh, or should it be a form?
    :param id:
    :return:
    """
    form = CreateAnswerForm()
    question = Question.query.get_or_404(id)  # get gets things based on primary key, otherwise use .filter_by
    if form.validate_on_submit() and current_user.can(Permission.CREATE):
        # Add answer
        answer = Answer(author=current_user._get_current_object(), question=question, content=form.answer.data)
        db.session.add(answer)
        db.session.commit()
        return redirect(url_for('main.question', id=id))
    elif form.validate_on_submit() and current_app.has_answered(id=id):
        # just in case
        flash("Sorry, you can't answer a question more than once")
        return redirect(url_for('main.question', id=id))
    elif not question.visible and not current_user.is_administrator():
        # just in case
        flash("That page isn't ready for the public yet, sorry!")
        return redirect(url_for("main.index"))
    else:
        creator = User.query.filter_by(id=question.creator_id).first()
        if question.solved:
            accepted = Answer.query.get_or_404(question.accepted_id)
        else:
            accepted = None
        # some way to find if a user has already answered the question
        return render_template("question.html", creator=creator, id=id, form=form, Permission=Permission,
                               question=question, a=accepted)
Esempio n. 6
0
def log():
    flag = current_user.is_administrator(g.user)
    if flag is True:
        p = Page()
        record = p.GetRecord()
        records = {}
        records = OrderedDict()
        total = len(record)
        page = request.args.get('page', 1, type=int)
        per_page = 10
        keys = record.keys()
        offset = (page - 1) * per_page
        for i in range(len(keys)):
            if i < per_page and (offset + i) < len(keys):
                records[keys[offset + i]] = record[keys[offset + i]]
            else:
                break
        pagination = Pagination(css_framework='bootstrap3',
                                link_size='sm',
                                show_single_page=False,
                                page=page,
                                per_page=per_page,
                                total=total,
                                format_total=True,
                                format_number=True)
        return render_template('log.html',
                               records=records,
                               page=page,
                               per_page=per_page,
                               pagination=pagination)
    else:
        abort(403)
Esempio n. 7
0
def admin_edit_profile(username):
    u = User()
    form = AdminEditProfileForm()
    flag = current_user.is_administrator(g.user)
    if request.method == 'POST' and form.validate():
        if flag is True:
            pwd = u.GetPassword(g.user)
            if u.verify_password(form.oripassword.data):
                email = form.email.data
                aboutme = form.about_me.data
                role = form.role.data
                if form.password.data is not u'':
                    u.ChangePassword(username, form.password.data)
                u.AdminChangeProfile(username, email, role, aboutme)
                flash('成功更新资料')
                return redirect(url_for('.user', username=username))
            else:
                flash('管理员密码输入错误!')
        else:
            abort(403)
    u.GetUserInfo(username)
    form.email.data = u.email
    form.about_me.data = u.aboutme
    form.role.data = u.role
    return render_template('admin_edit_profile.html', form=form, u=u)
Esempio n. 8
0
def detail(book_id):
    the_book = Book.query.get_or_404(book_id)

    if the_book.hidden and (not current_user.is_authenticated
                            or not current_user.is_administrator()):
        abort(404)

    show = request.args.get('show', 0, type=int)
    page = request.args.get('page', 1, type=int)
    form = CommentForm()

    if show in (1, 2):
        pagination = the_book.logs.filter_by(returned=show - 1) \
            .order_by(Log.borrow_timestamp.desc()).paginate(page, per_page=5)
    else:
        pagination = the_book.comments.filter_by(deleted=0) \
            .order_by(Comment.edit_timestamp.desc()).paginate(page, per_page=5)

    data = pagination.items
    return render_template("book_detail.html",
                           book=the_book,
                           data=data,
                           pagination=pagination,
                           form=form,
                           title=the_book.title)
Esempio n. 9
0
def userlist():
    u = User()
    form = AddUserForm()
    flag = current_user.is_administrator(g.user)
    if flag is True:
        userlist = u.GetUserList()
        jsondata = request.get_json()
        if request.method == 'POST' and jsondata:
            if jsondata['action'] == u'edit':
                username = jsondata['username']
                location = url_for('.admin_edit_profile', username=username)
                return jsonify({"status": 302, "location": location})
            else:
                username = jsondata['username']
                u.RemUser(username)
                return redirect('userlist')
        elif request.method == 'POST' and form.validate():
            pwd = u.GetPassword(g.user)
            if u.verify_password(form.oripassword.data):
                u.AddUser(form.username.data, form.password.data,
                          form.role.data, form.email.data)
                return redirect('userlist')
        else:
            return render_template('userlist.html',
                                   userlist=userlist,
                                   form=form)
    else:
        abort(403)
Esempio n. 10
0
def delete(id):
    post = Post.query.get_or_404(id)
    if not current_user.is_administrator() :
        abort(403)
    db.session.delete(post)
    db.session.commit()
    return redirect(url_for('.index'))
Esempio n. 11
0
def delete_user_profile():
    request_info = json.loads(request.data)
    if current_user.is_administrator():
        user = User.query.filter_by(id=request_info['id']).first()
        if not user:
            json_str = {'status': 'fail', 'message': 'user does not exist!'}
            return jsonify(json_str)
        user.alive = False
        db.session.add(user)
        db.session.commit()
        logout_user()
        json_str = {
            'status': 'success',
            'message': 'Delete the user successfully.'
        }
        return jsonify(json_str)
    else:
        current_user.alive = False
        db.session.add(current_user)
        db.session.commit()
        logout_user()
        json_str = {
            'status': 'success',
            'message': 'Delete your user successfully.'
        }
        return jsonify(json_str)
Esempio n. 12
0
def change_password():
    request_info = json.loads(request.data)
    if current_user.is_administrator():
        user = User.query.filter_by(id=request_info['id']).first()
        if not user:
            json_str = {'status': 'fail', 'message': 'user does not exist!'}
            return jsonify(json_str)
    else:
        user = current_user

    valid, errors = ChangePasswordForm.check(request_info, user)
    if valid:
        user.password = request_info['password']
        db.session.add(user)
        db.session.commit()
        json_str = {
            'status': 'success',
            'message': 'Password has been updated.'
        }
        return jsonify(json_str)
    else:
        json_str = {
            'status': 'fail',
            'message': 'edit password unseccessfully',
            'errors': errors
        }
        return jsonify(json_str)
Esempio n. 13
0
def page_links():
    over = []
    if current_user.is_soker():
        over = [
            {
                "title": u"Mine søknader",
                "path": "/soknader"
            },
            {
                "title": u"Min profil",
                "path": "/profil"
            }
        ]

    if current_user.is_saksbehandler() or current_user.is_godkjenner():
        over.append({
            "title": u"Min arbeidsliste",
            "path": "/soknader"
        })

    if current_user.is_administrator():
        over.append({
            "title": u"Admin",
            "path": "/admin"
        })

    links = {
        "over": over,
        "under": []
    }

    return links
Esempio n. 14
0
def password_reset_request():
    request_info = json.loads(request.data)
    if current_user.is_administrator():
        user = User.query.filter_by(id=request_info['id']).first()
        if not user:
            json_str = {'status': 'fail', 'message': 'user does not exist!'}
            return jsonify(json_str)
    else:
        user = current_user
    valid, errors = PasswordResetForm.check(user, request_info)
    if valid:
        password = hashlib.md5(os.urandom(21)).hexdigest()[10]
        user.password = password
        send_email(user.email,
                   'Reset Your Password',
                   'auth/email/reset_password',
                   user=user,
                   password=password)
        db.session.add(user)
        db.session.commit()
        json_str = {
            'status': 'success',
            'message': 'Password has been updated.'
        }
        return jsonify(json_str)
    else:
        json_str = {
            'status': 'fail',
            'message': 'edit password unseccessfully',
            'errors': errors
        }
        return jsonify(json_str)
Esempio n. 15
0
def deleteComment(id):
    comment = Comment.query.get_or_404(id)
    if not current_user.is_administrator() :
        abort(403)
    db.session.delete(comment)
    db.session.commit()
    return redirect(url_for('.post', id=comment.post_id))
Esempio n. 16
0
def admin_only():
    '''
    Restrict access to this blueprint for admin users only
    If non-admin users try to access it, return 403 forbidden error
    '''
    if not current_user.is_administrator():
        return abort(403)
Esempio n. 17
0
def userlist():
    u=User()
    form=AddUserForm()
    flag=current_user.is_administrator(g.user)
    if flag is True:
        userlist=u.GetUserList()
        jsondata=request.get_json()
        if request.method == 'POST' and jsondata:
            if jsondata['action'] == u'edit':
                username=jsondata['username']
                location=url_for('.admin_edit_profile',username=username)
                return jsonify({"status":302,"location":location})
            else:
                username=jsondata['username']
                u.RemUser(username)
                return redirect('userlist')
        elif request.method == 'POST' and form.validate():
            pwd=u.GetPassword(g.user)
            if u.verify_password(form.oripassword.data):
                u.AddUser(form.username.data,form.password.data,form.role.data,form.email.data)
                return redirect('userlist')
        else:
            return render_template('userlist.html',userlist=userlist,form=form)
    else:
        abort(403)
Esempio n. 18
0
def admin_edit_profile(username):
    u=User()
    form=AdminEditProfileForm()
    flag=current_user.is_administrator(g.user)
    if request.method == 'POST' and form.validate():
        if flag is True:
            pwd=u.GetPassword(g.user)
            if u.verify_password(form.oripassword.data):
                email=form.email.data
                aboutme=form.about_me.data
                role=form.role.data
                if form.password.data is not u'':
                    u.ChangePassword(username,form.password.data)
                u.AdminChangeProfile(username,email,role,aboutme)
                flash('成功更新资料')
                return redirect(url_for('.user',username=username))
            else:
                flash('管理员密码输入错误!')
        else:
            abort(403)
    u.GetUserInfo(username)
    form.email.data=u.email
    form.about_me.data=u.aboutme
    form.role.data=u.role
    return render_template('admin_edit_profile.html',form=form,u=u)
Esempio n. 19
0
def del_comment():
    comment_id = request.args.get('id', type=int)
    comment = Comment.query.get_or_404(comment_id)
    if current_user == comment.post.author or current_user.is_administrator():
        db.session.delete(comment)
        return redirect(url_for('main.post', id = comment.post.id))
    flash('你没有删除权限')
    return redirect(url_for('main.index'))
Esempio n. 20
0
def delete(id):
    post_auther = Post.query.get_or_404(id)
    current_auther = current_user.get_id()
    if post_auther.author_id == int(current_auther) or current_user.is_administrator():
        post_auther.delTag(post_auther.getTagByArry())
        db.session.delete(post_auther)
        flash("删除成功!")
    return redirect(url_for('.post'))
Esempio n. 21
0
def delete_post(id):
    """文章删除视图函数。用request.referrer重定向到来源网页"""
    post = Post.query.get_or_404(id)
    if current_user != post.author and \
            not current_user.is_administrator():
        abort(403)
    db.session.delete(post)
    flash('文章已经删除')
    return redirect(request.referrer)
Esempio n. 22
0
def delete(id):
    post_auther = Post.query.get_or_404(id)
    current_auther = current_user.get_id()
    if post_auther.author_id == int(
            current_auther) or current_user.is_administrator():
        post_auther.delTag(post_auther.getTagByArry())
        db.session.delete(post_auther)
        flash("删除成功!")
    return redirect(url_for('.post'))
Esempio n. 23
0
def delete_post(id):
    """文章删除视图函数。用request.referrer重定向到来源网页"""
    post = Post.query.get_or_404(id)
    if current_user != post.author and \
            not current_user.is_administrator():
        abort(403)
    db.session.delete(post)
    flash('文章已经删除')
    return redirect(request.referrer)
Esempio n. 24
0
def show_quiz_list():
    form = None
    if current_user.is_administrator():
        quiz_list = Quiz.query.all()
    else:
        quiz_list = current_user.quiz_list.all()
    if current_user.can(Permission.MANAGE_QUIZ):
        form = CreateQuizForm()
    return render_template("quiz_list.html", quiz_list=quiz_list, form=form)
Esempio n. 25
0
def home():
    if current_user.is_soker():
        return redirect('soknader')
    elif current_user.is_saksbehandler() or current_user.is_godkjenner():
        return redirect('soknader')
    elif current_user.is_administrator():
        return redirect('admin')

    # Hvis vi ikke finner passende autentiseringstype el rolle.
    abort(401, 'Ugyldig innlogging.')
Esempio n. 26
0
 def get(self, code_id):
     code = CodeModel.query.get_or_404(code_id)
     if current_user.id != code.solution.user_id and not current_user.is_administrator(
     ):
         abort(404)
     SOLUTION_RESULT = current_app.config['SOLUTION_RESULT']
     return render_template(self.template,
                            code=code,
                            solution=code.solution,
                            SOLUTION_RESULT=SOLUTION_RESULT)
Esempio n. 27
0
def user(username):
    u = User()
    adminflag = current_user.is_administrator(g.user)
    if g.user == username or adminflag is True:
        flag = u.CheckUser(username)
        if flag is False:
            abort(404)
        u.GetUserInfo(username)
        return render_template('user.html', u=u, username=username)
    else:
        abort(403)
Esempio n. 28
0
def book_borrow():
    book_id = request.args.get('book_id')
    the_book = Book.query.get_or_404(book_id)
    if the_book.hidden and not current_user.is_administrator():
        abort(404)

    result, message = current_user.borrow_book(the_book)
    flash(message, 'success' if result else 'danger')
    db.session.commit()
    return redirect(
        request.args.get('next') or url_for('book.detail', book_id=book_id))
Esempio n. 29
0
def user(username):
    u=User()
    adminflag=current_user.is_administrator(g.user)
    if g.user == username or adminflag is True:
        flag=u.CheckUser(username)
        if flag is False:
            abort(404)
        u.GetUserInfo(username)
        return render_template('user.html',u=u,username=username)
    else:
        abort(403)
Esempio n. 30
0
def show_applys():
    page = request.args.get('page', 1, type=int)
    if current_user.is_administrator():
        query = Apply.query
    else:
        query = Apply.query.filter_by(author_id=current_user.id)
    pagination = query.order_by(Apply.apply_time.desc()).paginate(
        page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'],
        error_out=False)
    applys = pagination.items
    return render_template('apply/show_applys.html', applys=applys, pagination=pagination)
Esempio n. 31
0
def get_user_mode():
    if current_user.is_soker():
        return 'tilskudd_soker'
    elif current_user.is_saksbehandler():
        return 'tilskudd_saksbehandler'
    elif current_user.is_godkjenner():
        return 'tilskudd_godkjenner'
    elif current_user.is_administrator():
        return 'tilskudd_admin'
    else:
        # Hvis vi ikke finner passende autentiseringstype el rolle.
        abort(401, 'Ugyldig innlogging.')
Esempio n. 32
0
def edit(id):
    post = Post.query.get_or_404(id)
    if not current_user.is_administrator() :
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.body = form.body.data
        post.kind = form.kind.data
        db.session.add(post)
        flash('The post has been updated.')
        return redirect(url_for('.post', id=post.id))
    form.body.data = post.body
    return render_template('edit_post.html', form=form)
Esempio n. 33
0
def edit_article(post_id):
    p = Post.query.get_or_404(post_id)
    if current_user != p.author and not (current_user.is_administrator() or current_user.is_moderator()):
        abort(403)
    edit_article_form = EditArticleForm(prefix='edit_article')
    if edit_article_form.validate_on_submit():
        p.title = edit_article_form.title.data.strip()
        p.body_html = edit_article_form.body_html.data.strip()
        if p.my_author is not p.my_album.my_creator:
            p.confirmed = False
        return redirect(url_for('main.post', post_id=p.id))

    return render_template('auth/articles/edit-article.html', post=p, editArticleForm=edit_article_form)
Esempio n. 34
0
def edit(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and \
            not current_user.is_administrator():
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.body = form.body.data
        db.session.add(post)
        flash('这篇文章已经更新')
        return redirect(url_for('.post', id=post.id))
    form.body.data = post.body
    return render_template('edit_post.html', form=form)
Esempio n. 35
0
def edit(id):
    post = Post.query.get_or_404(id)
    if not current_user.is_administrator():
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.body = form.body.data
        post.kind = form.kind.data
        db.session.add(post)
        flash('The post has been updated.')
        return redirect(url_for('.post', id=post.id))
    form.body.data = post.body
    return render_template('edit_post.html', form=form)
Esempio n. 36
0
def edit(id):
    post = Post.query.get_or_404(id)
    if current_user != post.author and \
            not current_user.is_administrator():
        abort(403)
    form = PostForm()
    if form.validate_on_submit():
        post.body = form.body.data
        db.session.add(post)
        flash('这篇文章已经更新')
        return redirect(url_for('.post', id=post.id))
    form.body.data = post.body
    return render_template('edit_post.html', form=form)
Esempio n. 37
0
def admin():
    if not current_user.is_administrator():
        abort(401)

    if request.method == 'POST':
        messages = do_admin_actions()
        # Redirect so refreshing the page won't redo the action
        return redirect(request.args.get('next') or url_for('admin', **messages))
    else:
        messages = {k.decode('utf8'): v.decode('utf8') for k,v in request.args.items()}
        users = User.getall()
        status = get_daemon_status()
        return render_template('admin.html', users=users, daemon_running=status, **messages)
Esempio n. 38
0
def editpost(id):
	post = Post.query.get_or_404(id)
	form = EditPostForm()
	if post is not None:
		if not current_user.is_administrator() and post.author != current_user._get_current_object():
			flash('you do not have permission to edit this article')
			return redirect(url_for('main.index'))
		if form.validate_on_submit():
			post.body = form.body.data
			db.session.add(post)
			db.session.commit()
			return redirect(url_for('main.post',id=id))
		form.body.data = post.body
		return render_template('main/editpost.html', post=post, form=form)
Esempio n. 39
0
def profile(username):
    user = get_or_404(User, User.username == username)
    forms = {}
    you = user == current_user
    admin = current_user.is_administrator()
    if you:
        forms['name'] = NameForm(user)
        forms['url'] = UrlForm(user)
    if admin and not you:
        forms['role'] = RoleForm(user)
        if user.get_role() == "Guest":
            forms['delete'] = DeleteForm(user)
    return render_template('profile.html',
                           user=user, forms=forms, you=you, admin=admin)
Esempio n. 40
0
def add(book_id):
    form = CommentForm()
    the_book = Book.query.get_or_404(book_id)
    if the_book.hidden and not current_user.is_administrator():
        abort(404)

    if form.validate_on_submit():
        the_comment = Comment(user=current_user,
                              book=the_book,
                              comment=form.comment.data)
        db.session.add(the_comment)
        db.session.commit()
        flash(u'书评已成功发布', 'success')
    return redirect(
        request.args.get('next') or url_for('book.detail', book_id=book_id))
Esempio n. 41
0
def delete_carpool(id):
    group = Group.query.get_or_404(id)
    if group.build_user == current_user or current_user.is_administrator():
        comments = group.comments
        users = group.users
        applications = group.applications
        for comment in comments:
            db.session.delete(comment)
        for user in users:
            group.users.remove(user)
        for application in applications:
            db.session.delete(application)
        db.session.delete(group)
        flash('拼车信息已被删除')
    return redirect(url_for('main.index'))
Esempio n. 42
0
def editpost(id):
    post = Post.query.get_or_404(id)
    form = EditPostForm()
    if post is not None:
        if not current_user.is_administrator(
        ) and post.author != current_user._get_current_object():
            flash('you do not have permission to edit this article')
            return redirect(url_for('main.index'))
        if form.validate_on_submit():
            post.body = form.body.data
            db.session.add(post)
            db.session.commit()
            return redirect(url_for('main.post', id=id))
        form.body.data = post.body
        return render_template('main/editpost.html', post=post, form=form)
Esempio n. 43
0
def edit_user_profile():
    request_info = json.loads(request.data)
    if current_user.is_administrator():
        user = User.query.filter_by(id=request_info['id']).first()
        if not user:
            json_str = {'status': 'fail', 'message': 'user does not exist!'}
            return jsonify(json_str)
        valid, errors = EditProfileAdminForm.check(request_info, user)
        if valid:
            user.email = request_info['email']
            user.username = request_info['username']
            user.confirmed = request_info['confirmed']
            user.about_me = request_info['about_me']
            db.session.add(user)
            db.session.commit()
            user.set_roles(request_info['roles'])
            user.set_permissions(request_info['permissions'])
            json_str = {
                'status': 'success',
                'message': 'The profile has been updated.'
            }
            return jsonify(json_str)
        else:
            json_str = {
                'status': 'fail',
                'message': 'edit profile unseccessfully',
                'errors': errors
            }
            return jsonify(json_str)
    else:
        valid, errors = EditProfileForm.check(request_info)
        if valid:
            current_user.username = request_info['username']
            current_user.about_me = request_info['about_me']
            db.session.add(current_user)
            db.session.commit()
            json_str = {
                'status': 'success',
                'message': 'Your profile has been updated.'
            }
            return jsonify(json_str)
        else:
            json_str = {
                'status': 'fail',
                'message': 'edit profile unseccessfully',
                'errors': errors
            }
            return jsonify(json_str)
Esempio n. 44
0
def profile(username):
    user = get_or_404(User, User.username == username)
    forms = {}
    you = user == current_user
    admin = current_user.is_administrator()
    if you:
        forms['name'] = NameForm(user)
        forms['url'] = UrlForm(user)
    if admin and not you:
        forms['role'] = RoleForm(user)
        if user.get_role() == "Guest":
            forms['delete'] = DeleteForm(user)
    return render_template('profile.html',
                           user=user,
                           forms=forms,
                           you=you,
                           admin=admin)
Esempio n. 45
0
def edit_profile():
    if check_token(request.form['token']):
        if current_user.is_administrator():
            request_info = json.loads(request.data)
            user = User.query.filter_by(request_info['id']).first()
            if not user:
                json_str = {
                    'status': 'fail',
                    'status_code': 1,
                    'message': 'user doesn`t exist!'
                }
                return jsonify(json_str)
            image = request.files['avatar']
            avatar_name = hashlib.md5(os.urandom(21)).hexdigest()
            for size in current_app.config['AVATAR_SIZE']:
                Picture(image, name=avatar_name, type='avatar', size=size)
            user.avatar = avatar_name
            db.session.add(user)
            db.session.commit()
            json_str = {
                'status': 'success',
                'status_code': 0,
                'message': 'the avatar has been updated.'
            }
            return jsonify(json_str)
        image = request.files['avatar']
        avatar_name = hashlib.md5(os.urandom(21)).hexdigest()
        for size in current_app.config['AVATAR_SIZE']:
            Picture(image, name=avatar_name, type='avatar', size=size)
        current_user.avatar = avatar_name
        db.session.add(current_user)
        db.session.commit()
        json_str = {
            'status': 'success',
            'status_code': 0,
            'message': 'Your avatar has been updated.'
        }
        return jsonify(json_str)
    else:
        json_str = {
            'status': 'fail',
            'status_code': 3,
            'message': 'please login again'
        }
        return jsonify(json_str)
Esempio n. 46
0
def ban():
    flag = current_user.is_administrator(g.user)
    if flag is True:
        form = BanKeywordForm()
        p = Page()
        jsondata = request.get_json()
        if request.method == 'POST':
            if jsondata:
                keyword = jsondata['keyword']
                p.DelBan(keyword)
                flash('成功删除关键词')
                location = url_for('.ban')
                return jsonify({"status": 302, "location": location})
            if form.validate():
                keyword = form.keyword.data
                p.AddBan(keyword)
                flash('成功添加关键词')
                return redirect('ban')
        banlist = p.GetBan()
        keywords = []
        total = len(banlist)
        page = request.args.get('page', 1, type=int)
        per_page = 10
        offset = (page - 1) * per_page
        for i in range(len(banlist)):
            if i < per_page and (offset + i) < len(banlist):
                keywords.append(banlist[offset + i])
            else:
                break
        pagination = Pagination(css_framework='bootstrap3',
                                link_size='sm',
                                show_single_page=False,
                                page=page,
                                per_page=per_page,
                                total=total,
                                format_total=True,
                                format_number=True)
        return render_template('ban.html',
                               keywords=keywords,
                               page=page,
                               per_page=per_page,
                               pagination=pagination,
                               form=form)
    else:
        abort(403)
Esempio n. 47
0
def write_article(album_id):
    a = Album.query.get_or_404(album_id)
    if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
        abort(403)
    article_form = ArticleForm(prefix='article')
    if article_form.validate_on_submit():
        if current_user._get_current_object() is a.creator:
            p = Post(title=article_form.title.data.strip(), body_html=article_form.body_html.data.strip(), album=a,
                     author=current_user._get_current_object(), confirmed=True)
        else:
            p = Post(title=article_form.title.data.strip(), body_html=article_form.body_html.data.strip(), album=a,
                     author=current_user._get_current_object())
        db.session.add(p)
        current_user.send_message(user=a.creator, title=u'新文章需经过您的审核',
                                  content=u'<p>《%s》已由%s提交与专辑《%s》发表,</p>' % (p.title, current_user, a.title))
        return redirect(url_for('main.album', album_id=a.id))

    return render_template('auth/articles/write-article.html', articleForm=article_form)
Esempio n. 48
0
def get_user():
    user = User.query.filter_by(username=request.args.get('username')).first()
    if user is None:
        json_str = {'status': 'fail', 'message': 'User doesn`t exist.'}
        return jsonify(json_str)
    if (current_user.is_administrator()
            or current_user.is_authenticated and current_user.id
            == user.id) and request.args.get('lazy') == 'False':
        user_content = user.to_json()
    else:
        user_content = user.to_json(lazy=True)
    json_str = {
        'status': 'success',
        'message': 'get user successfully',
        'result': {
            'user': user_content
        }
    }
    return jsonify(json_str)
Esempio n. 49
0
def edit_album(album_id):
    a = Album.query.get_or_404(album_id)
    if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
        abort(403)
    edit_album_form = EditAlbumForm(obj=a, prefix='edit_album')
    if edit_album_form.validate_on_submit():
        app = current_app._get_current_object()
        if edit_album_form.picture.data.filename is not u'':
            if a.picture_url and \
                    os.path.isfile(os.path.join(app.config['UPLOAD_FOLDER'], 'album', a.picture_url)):
                os.remove(os.path.join(app.config['UPLOAD_FOLDER'], 'album', a.picture_url))
            a.picture_url = upload(f=edit_album_form.picture.data, folder='album')
        a.title = edit_album_form.title.data.strip()
        a.percentage = float(edit_album_form.percentage.data)
        a.introduction = edit_album_form.introduction.data.strip()
        a.confirmed = False
        return redirect(url_for('auth.my_albums'))

    return render_template('auth/albums/edit-album.html', album=a, editAlbumForm=edit_album_form)
Esempio n. 50
0
def get_page_params(view=None):
    is_admin = current_user.is_administrator(private=True)
    is_manager = current_user.is_manager(private=True)
    is_operator = current_user.is_operator(private=True)

    page = 0
    per_page = int(
        get_request_item('per_page') or get_request_item('per-page') or 0)

    default_per_page = view and current_user.get_pagesize(view) or (
        #view in ('admin',) and DEFAULT_ADMIN_PER_PAGE or
        is_manager and DEFAULT_MANAGER_PER_PAGE or
        #is_operator and DEFAULT_OPER_PER_PAGE or
        view in ('cards', ) and DEFAULT_PER_PAGE * 2 or DEFAULT_PER_PAGE)

    try:
        if not per_page:
            per_page = default_per_page
        else:
            current_user.set_pagesize(view, per_page)
        page = int(get_request_item('page') or DEFAULT_PAGE)
    except:
        if IsPrintExceptions:
            print_exception()
        per_page = default_per_page
        page = DEFAULT_PAGE
    finally:
        if per_page <= 0 or per_page > 1000:
            per_page = default_per_page
        if page <= 0:
            page = DEFAULT_PAGE

    next = get_request_item('next') and True or False
    prev = get_request_item('prev') and True or False

    if next:
        page += 1
    if prev and page > 1:
        page -= 1

    return page, per_page
Esempio n. 51
0
def log():
    flag=current_user.is_administrator(g.user)
    if flag is True:
        p=Page()
        record=p.GetRecord()
        records={}
        records=OrderedDict()
        total=len(record)
        page = request.args.get('page',1,type=int)
        per_page=10
        keys=record.keys()
        offset=(page - 1) * per_page
        for i in range(len(keys)):
            if i < per_page and (offset+i) < len(keys):
                records[keys[offset+i]]=record[keys[offset+i]]
            else:
                break
        pagination=Pagination(css_framework='bootstrap3',link_size='sm',show_single_page=False,page=page,per_page=per_page,total=total,format_total=True,format_number=True)
        return render_template('log.html',records=records,page=page,per_page=per_page,pagination=pagination)  
    else:
        abort(403)
Esempio n. 52
0
def edit(id):
    apply = Apply.query.get_or_404(id)
    if current_user.id != apply.author_id and \
            not current_user.is_administrator():
        abort(403)
    form = EditApplyForm()
    if form.close.data:
        return redirect(url_for('apply.show_applys'))
    if form.validate_on_submit():
        apply.id = id
        apply.real_name = form.real_name.data
        apply.gender = form.gender.data
        apply.home_address = form.home_address.data
        apply.middle_school = form.middle_school.data
        apply.mobile = form.mobile.data
        apply.id_card = form.id_card.data
        apply.point = form.point.data
        apply.ticket_number = form.ticket_number.data
        apply.apply_profession = form.apply_profession.data
        apply.apply_time = form.apply_time.data
        db.session.add(apply)
        flash('报名信息修改成功.')
        return redirect(url_for('apply.show_applys'))
    form.apply_id.data = apply.id
    form.real_name.data = apply.real_name
    form.gender.data = apply.gender
    form.home_address.data = apply.home_address
    form.middle_school.data = apply.middle_school
    form.mobile.data = apply.mobile
    form.id_card.data = apply.id_card
    form.point.data = apply.point
    form.ticket_number.data = apply.ticket_number
    form.apply_profession.data = apply.apply_profession
    form.apply_profession_category.data = apply.apply_profession_category
    form.apply_time.data = apply.apply_time
    form.status.data = apply.status
    if form.status.data == u'已处理':
        rr(form.submit)
    rr(form.status)
    return render_template('apply/edit_apply.html', form=form)
Esempio n. 53
0
def album_manage(album_id):
    a = Album.query.get_or_404(album_id)
    if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
        abort(403)
    adopt_album_form = AdoptAlbumForm(prefix='adopt_album')
    if adopt_album_form.validate_on_submit():
        a.confirmed = True
        current_user.send_message(user=a.creator, title=u'《%s》审核成功,已公开发表' % a.title,
                                  content=u'<p>尊敬的<strong>%s</strong></p><p><a href="%s">《%s》</a>经 %s 审核成功,已公开发表。</p>'
                                          % (a.creator.username, url_for('main.album', album_id=a.id), a.title, current_user.username))
        return redirect(request.args.get('next') or url_for('auth.albums'))

    reject_album_form = RejectAlbumForm(prefix='reject_album')
    if reject_album_form.validate_on_submit():
        a.confirmed = False
        current_user.send_message(user=a.creator, title=reject_album_form.title.data.strip(),
                                  content=u'<p>尊敬的<strong>%s</strong></p><p>很遗憾,您的<a href="%s">《%s》</a>经 %s 审核后,发表请求被驳回,原因如下:</p><p>%s</p>'
                                          % (a.creator.username, url_for('main.album', album_id=a.id), a.title, current_user.username, reject_album_form.content.data.strip()))
        return redirect(request.args.get('next') or url_for('auth.albums'))

    return render_template('auth/albums/album-manage.html', album=a, adoptAlbumForm=adopt_album_form,
                           rejectAlbumForm=reject_album_form)
Esempio n. 54
0
def post_manage(post_id):
    p = Post.query.get_or_404(post_id)
    if current_user != p.author and not (current_user.is_administrator() or current_user.is_moderator()):
        abort(403)
    adopt_post_form = AdoptPostForm(prefix='adopt_post')
    if adopt_post_form.validate_on_submit():
        p.confirmed = True
        current_user.send_message(user=p.author, title=u'《%s》审核成功,已公开发表' % p.title,
                                  content=u'<p>尊敬的<strong>%s</strong></p><p><a href="%s">《%s》</a>经 %s 审核成功,已公开发表。</p>'
                                          % (p.author.username, url_for('main.post', post_id=p.id), p.title, current_user.username))
        return redirect(request.args.get('next') or url_for('auth.manage_articles', album_id=p.album.id))

    reject_post_form = RejectPostForm(prefix='reject_post')
    if reject_post_form.validate_on_submit():
        p.confirmed = False
        current_user.send_message(user=p.author, title=reject_post_form.title.data.strip(),
                                  content=u'<p>尊敬的<strong>%s</strong></p><p>很遗憾,您的<a href="%s">《%s》</a>经 %s 审核后,发表请求被驳回,原因如下:</p><p>%s</p>'
                                          % (p.author.username, url_for('main.post', post_id=p.id), p.title, current_user.username, reject_post_form.content.data.strip()))
        return redirect(request.args.get('next') or url_for('auth.manage_articles', album_id=p.album.id))

    return render_template('auth/articles/post-manage.html', post=p, adoptPostForm=adopt_post_form,
                           rejectPostForm=reject_post_form)
Esempio n. 55
0
def edit(id):
    group = Group.query.get_or_404(id)
    if current_user != group.build_user and \
            not current_user.is_administrator():
        abort(403)
    form = EditCarpoolInfoForm()
    if form.validate_on_submit():
        group.description = form.description.data
        group.start_time = form.start_time.data
        group.start_place = form.start_place.data
        group.end_place = form.end_place.data
        group.people_amount = form.people_amount.data

        db.session.add(group)
        flash('信息已修改!')
        return redirect(url_for('main.carpool', id=group.id))

    form.description.data = group.description
    form.start_time.data = group.start_time + timedelta(hours=8)
    form.start_place.data = group.start_place
    form.end_place.data = group.end_place
    form.people_amount.data = group.people_amount

    return render_template('edit_carpool.html', form=form)
Esempio n. 56
0
 def is_accessible(self):
     return current_user.is_authenticated() and current_user.is_administrator()
Esempio n. 57
0
 def is_accessible(self):
     return current_user.is_administrator()
Esempio n. 58
0
def manage_articles(album_id):
    a = Album.query.get_or_404(album_id)
    if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
        abort(403)

    return render_template('auth/articles/album-articles-manage.html', album=a)
Esempio n. 59
0
    def index(self):
        if not current_user.is_administrator():
             abort(403)
#   ##     return self.render('admin/index.html')
        return super(MyAdminIndexView, self).index()