def deleteComment(id):
comment = Comment.query.get_or_404(id)
if not current_user.is_administrator():
abort(403)
db.session.delete(comment)
db.session.commit()
return redirect(url_for('.post', id=comment.post_id))
def delete(id):
post = Post.query.get_or_404(id)
if not current_user.is_administrator():
abort(403)
db.session.delete(post)
db.session.commit()
return redirect(url_for('.index'))
def delete_comment(id):
comment = Comment.query.get_or_404(id)
group = comment.group
if comment.author == current_user or current_user.is_administrator():
db.session.delete(comment)
flash('评论已被删除')
return redirect(url_for('main.carpool', id=group.id))
def ban():
flag=current_user.is_administrator(g.user)
if flag is True:
form=BanKeywordForm()
p = Page()
jsondata=request.get_json()
if request.method == 'POST':
if jsondata:
keyword = jsondata['keyword']
p.DelBan(keyword)
flash('成功删除关键词')
location=url_for('.ban')
return jsonify({"status":302,"location":location})
if form.validate():
keyword = form.keyword.data
p.AddBan(keyword)
flash('成功添加关键词')
return redirect('ban')
banlist = p.GetBan()
keywords = []
total = len(banlist)
page = request.args.get('page', 1, type=int)
per_page = 10
offset = (page - 1) * per_page
for i in range(len(banlist)):
if i < per_page and (offset+i) < len(banlist):
keywords.append(banlist[offset+i])
else:
break
pagination=Pagination(css_framework='bootstrap3',link_size='sm',show_single_page=False,page=page,per_page=per_page,total=total,format_total=True,format_number=True)
return render_template('ban.html',keywords=keywords,page=page,per_page=per_page,pagination=pagination,form=form)
else:
abort(403)
def question(id):
"""
Shows question description etc, and maybe also creator info.
Also has answer question form
Todo: Delete button. Should it be a simple button with a POST and refresh, or should it be a form?
:param id:
:return:
"""
form = CreateAnswerForm()
question = Question.query.get_or_404(id) # get gets things based on primary key, otherwise use .filter_by
if form.validate_on_submit() and current_user.can(Permission.CREATE):
# Add answer
answer = Answer(author=current_user._get_current_object(), question=question, content=form.answer.data)
db.session.add(answer)
db.session.commit()
return redirect(url_for('main.question', id=id))
elif form.validate_on_submit() and current_app.has_answered(id=id):
# just in case
flash("Sorry, you can't answer a question more than once")
return redirect(url_for('main.question', id=id))
elif not question.visible and not current_user.is_administrator():
# just in case
flash("That page isn't ready for the public yet, sorry!")
return redirect(url_for("main.index"))
else:
creator = User.query.filter_by(id=question.creator_id).first()
if question.solved:
accepted = Answer.query.get_or_404(question.accepted_id)
else:
accepted = None
# some way to find if a user has already answered the question
return render_template("question.html", creator=creator, id=id, form=form, Permission=Permission,
question=question, a=accepted)
def log():
flag = current_user.is_administrator(g.user)
if flag is True:
p = Page()
record = p.GetRecord()
records = {}
records = OrderedDict()
total = len(record)
page = request.args.get('page', 1, type=int)
per_page = 10
keys = record.keys()
offset = (page - 1) * per_page
for i in range(len(keys)):
if i < per_page and (offset + i) < len(keys):
records[keys[offset + i]] = record[keys[offset + i]]
else:
break
pagination = Pagination(css_framework='bootstrap3',
link_size='sm',
show_single_page=False,
page=page,
per_page=per_page,
total=total,
format_total=True,
format_number=True)
return render_template('log.html',
records=records,
page=page,
per_page=per_page,
pagination=pagination)
else:
abort(403)
def admin_edit_profile(username):
u = User()
form = AdminEditProfileForm()
flag = current_user.is_administrator(g.user)
if request.method == 'POST' and form.validate():
if flag is True:
pwd = u.GetPassword(g.user)
if u.verify_password(form.oripassword.data):
email = form.email.data
aboutme = form.about_me.data
role = form.role.data
if form.password.data is not u'':
u.ChangePassword(username, form.password.data)
u.AdminChangeProfile(username, email, role, aboutme)
flash('成功更新资料')
return redirect(url_for('.user', username=username))
else:
flash('管理员密码输入错误!')
else:
abort(403)
u.GetUserInfo(username)
form.email.data = u.email
form.about_me.data = u.aboutme
form.role.data = u.role
return render_template('admin_edit_profile.html', form=form, u=u)
def detail(book_id):
the_book = Book.query.get_or_404(book_id)
if the_book.hidden and (not current_user.is_authenticated
or not current_user.is_administrator()):
abort(404)
show = request.args.get('show', 0, type=int)
page = request.args.get('page', 1, type=int)
form = CommentForm()
if show in (1, 2):
pagination = the_book.logs.filter_by(returned=show - 1) \
.order_by(Log.borrow_timestamp.desc()).paginate(page, per_page=5)
else:
pagination = the_book.comments.filter_by(deleted=0) \
.order_by(Comment.edit_timestamp.desc()).paginate(page, per_page=5)
data = pagination.items
return render_template("book_detail.html",
book=the_book,
data=data,
pagination=pagination,
form=form,
title=the_book.title)
def userlist():
u = User()
form = AddUserForm()
flag = current_user.is_administrator(g.user)
if flag is True:
userlist = u.GetUserList()
jsondata = request.get_json()
if request.method == 'POST' and jsondata:
if jsondata['action'] == u'edit':
username = jsondata['username']
location = url_for('.admin_edit_profile', username=username)
return jsonify({"status": 302, "location": location})
else:
username = jsondata['username']
u.RemUser(username)
return redirect('userlist')
elif request.method == 'POST' and form.validate():
pwd = u.GetPassword(g.user)
if u.verify_password(form.oripassword.data):
u.AddUser(form.username.data, form.password.data,
form.role.data, form.email.data)
return redirect('userlist')
else:
return render_template('userlist.html',
userlist=userlist,
form=form)
else:
abort(403)
def delete(id):
post = Post.query.get_or_404(id)
if not current_user.is_administrator() :
abort(403)
db.session.delete(post)
db.session.commit()
return redirect(url_for('.index'))
def delete_user_profile():
request_info = json.loads(request.data)
if current_user.is_administrator():
user = User.query.filter_by(id=request_info['id']).first()
if not user:
json_str = {'status': 'fail', 'message': 'user does not exist!'}
return jsonify(json_str)
user.alive = False
db.session.add(user)
db.session.commit()
logout_user()
json_str = {
'status': 'success',
'message': 'Delete the user successfully.'
}
return jsonify(json_str)
else:
current_user.alive = False
db.session.add(current_user)
db.session.commit()
logout_user()
json_str = {
'status': 'success',
'message': 'Delete your user successfully.'
}
return jsonify(json_str)
def change_password():
request_info = json.loads(request.data)
if current_user.is_administrator():
user = User.query.filter_by(id=request_info['id']).first()
if not user:
json_str = {'status': 'fail', 'message': 'user does not exist!'}
return jsonify(json_str)
else:
user = current_user
valid, errors = ChangePasswordForm.check(request_info, user)
if valid:
user.password = request_info['password']
db.session.add(user)
db.session.commit()
json_str = {
'status': 'success',
'message': 'Password has been updated.'
}
return jsonify(json_str)
else:
json_str = {
'status': 'fail',
'message': 'edit password unseccessfully',
'errors': errors
}
return jsonify(json_str)
def page_links():
over = []
if current_user.is_soker():
over = [
{
"title": u"Mine søknader",
"path": "/soknader"
},
{
"title": u"Min profil",
"path": "/profil"
}
]
if current_user.is_saksbehandler() or current_user.is_godkjenner():
over.append({
"title": u"Min arbeidsliste",
"path": "/soknader"
})
if current_user.is_administrator():
over.append({
"title": u"Admin",
"path": "/admin"
})
links = {
"over": over,
"under": []
}
return links
def password_reset_request():
request_info = json.loads(request.data)
if current_user.is_administrator():
user = User.query.filter_by(id=request_info['id']).first()
if not user:
json_str = {'status': 'fail', 'message': 'user does not exist!'}
return jsonify(json_str)
else:
user = current_user
valid, errors = PasswordResetForm.check(user, request_info)
if valid:
password = hashlib.md5(os.urandom(21)).hexdigest()[10]
user.password = password
send_email(user.email,
'Reset Your Password',
'auth/email/reset_password',
user=user,
password=password)
db.session.add(user)
db.session.commit()
json_str = {
'status': 'success',
'message': 'Password has been updated.'
}
return jsonify(json_str)
else:
json_str = {
'status': 'fail',
'message': 'edit password unseccessfully',
'errors': errors
}
return jsonify(json_str)
def deleteComment(id):
comment = Comment.query.get_or_404(id)
if not current_user.is_administrator() :
abort(403)
db.session.delete(comment)
db.session.commit()
return redirect(url_for('.post', id=comment.post_id))
def admin_only():
'''
Restrict access to this blueprint for admin users only
If non-admin users try to access it, return 403 forbidden error
'''
if not current_user.is_administrator():
return abort(403)
def userlist():
u=User()
form=AddUserForm()
flag=current_user.is_administrator(g.user)
if flag is True:
userlist=u.GetUserList()
jsondata=request.get_json()
if request.method == 'POST' and jsondata:
if jsondata['action'] == u'edit':
username=jsondata['username']
location=url_for('.admin_edit_profile',username=username)
return jsonify({"status":302,"location":location})
else:
username=jsondata['username']
u.RemUser(username)
return redirect('userlist')
elif request.method == 'POST' and form.validate():
pwd=u.GetPassword(g.user)
if u.verify_password(form.oripassword.data):
u.AddUser(form.username.data,form.password.data,form.role.data,form.email.data)
return redirect('userlist')
else:
return render_template('userlist.html',userlist=userlist,form=form)
else:
abort(403)
def admin_edit_profile(username):
u=User()
form=AdminEditProfileForm()
flag=current_user.is_administrator(g.user)
if request.method == 'POST' and form.validate():
if flag is True:
pwd=u.GetPassword(g.user)
if u.verify_password(form.oripassword.data):
email=form.email.data
aboutme=form.about_me.data
role=form.role.data
if form.password.data is not u'':
u.ChangePassword(username,form.password.data)
u.AdminChangeProfile(username,email,role,aboutme)
flash('成功更新资料')
return redirect(url_for('.user',username=username))
else:
flash('管理员密码输入错误!')
else:
abort(403)
u.GetUserInfo(username)
form.email.data=u.email
form.about_me.data=u.aboutme
form.role.data=u.role
return render_template('admin_edit_profile.html',form=form,u=u)
def del_comment():
comment_id = request.args.get('id', type=int)
comment = Comment.query.get_or_404(comment_id)
if current_user == comment.post.author or current_user.is_administrator():
db.session.delete(comment)
return redirect(url_for('main.post', id = comment.post.id))
flash('你没有删除权限')
return redirect(url_for('main.index'))
def delete(id):
post_auther = Post.query.get_or_404(id)
current_auther = current_user.get_id()
if post_auther.author_id == int(current_auther) or current_user.is_administrator():
post_auther.delTag(post_auther.getTagByArry())
db.session.delete(post_auther)
flash("删除成功!")
return redirect(url_for('.post'))
def delete_post(id):
"""文章删除视图函数。用request.referrer重定向到来源网页"""
post = Post.query.get_or_404(id)
if current_user != post.author and \
not current_user.is_administrator():
abort(403)
db.session.delete(post)
flash('文章已经删除')
return redirect(request.referrer)
def delete(id):
post_auther = Post.query.get_or_404(id)
current_auther = current_user.get_id()
if post_auther.author_id == int(
current_auther) or current_user.is_administrator():
post_auther.delTag(post_auther.getTagByArry())
db.session.delete(post_auther)
flash("删除成功!")
return redirect(url_for('.post'))
def delete_post(id):
"""文章删除视图函数。用request.referrer重定向到来源网页"""
post = Post.query.get_or_404(id)
if current_user != post.author and \
not current_user.is_administrator():
abort(403)
db.session.delete(post)
flash('文章已经删除')
return redirect(request.referrer)
def show_quiz_list():
form = None
if current_user.is_administrator():
quiz_list = Quiz.query.all()
else:
quiz_list = current_user.quiz_list.all()
if current_user.can(Permission.MANAGE_QUIZ):
form = CreateQuizForm()
return render_template("quiz_list.html", quiz_list=quiz_list, form=form)
def home():
if current_user.is_soker():
return redirect('soknader')
elif current_user.is_saksbehandler() or current_user.is_godkjenner():
return redirect('soknader')
elif current_user.is_administrator():
return redirect('admin')
# Hvis vi ikke finner passende autentiseringstype el rolle.
abort(401, 'Ugyldig innlogging.')
def get(self, code_id):
code = CodeModel.query.get_or_404(code_id)
if current_user.id != code.solution.user_id and not current_user.is_administrator(
):
abort(404)
SOLUTION_RESULT = current_app.config['SOLUTION_RESULT']
return render_template(self.template,
code=code,
solution=code.solution,
SOLUTION_RESULT=SOLUTION_RESULT)
def user(username):
u = User()
adminflag = current_user.is_administrator(g.user)
if g.user == username or adminflag is True:
flag = u.CheckUser(username)
if flag is False:
abort(404)
u.GetUserInfo(username)
return render_template('user.html', u=u, username=username)
else:
abort(403)
def book_borrow():
book_id = request.args.get('book_id')
the_book = Book.query.get_or_404(book_id)
if the_book.hidden and not current_user.is_administrator():
abort(404)
result, message = current_user.borrow_book(the_book)
flash(message, 'success' if result else 'danger')
db.session.commit()
return redirect(
request.args.get('next') or url_for('book.detail', book_id=book_id))
def user(username):
u=User()
adminflag=current_user.is_administrator(g.user)
if g.user == username or adminflag is True:
flag=u.CheckUser(username)
if flag is False:
abort(404)
u.GetUserInfo(username)
return render_template('user.html',u=u,username=username)
else:
abort(403)
def show_applys():
page = request.args.get('page', 1, type=int)
if current_user.is_administrator():
query = Apply.query
else:
query = Apply.query.filter_by(author_id=current_user.id)
pagination = query.order_by(Apply.apply_time.desc()).paginate(
page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'],
error_out=False)
applys = pagination.items
return render_template('apply/show_applys.html', applys=applys, pagination=pagination)
def get_user_mode():
if current_user.is_soker():
return 'tilskudd_soker'
elif current_user.is_saksbehandler():
return 'tilskudd_saksbehandler'
elif current_user.is_godkjenner():
return 'tilskudd_godkjenner'
elif current_user.is_administrator():
return 'tilskudd_admin'
else:
# Hvis vi ikke finner passende autentiseringstype el rolle.
abort(401, 'Ugyldig innlogging.')
def edit(id):
post = Post.query.get_or_404(id)
if not current_user.is_administrator() :
abort(403)
form = PostForm()
if form.validate_on_submit():
post.body = form.body.data
post.kind = form.kind.data
db.session.add(post)
flash('The post has been updated.')
return redirect(url_for('.post', id=post.id))
form.body.data = post.body
return render_template('edit_post.html', form=form)
def edit_article(post_id):
p = Post.query.get_or_404(post_id)
if current_user != p.author and not (current_user.is_administrator() or current_user.is_moderator()):
abort(403)
edit_article_form = EditArticleForm(prefix='edit_article')
if edit_article_form.validate_on_submit():
p.title = edit_article_form.title.data.strip()
p.body_html = edit_article_form.body_html.data.strip()
if p.my_author is not p.my_album.my_creator:
p.confirmed = False
return redirect(url_for('main.post', post_id=p.id))
return render_template('auth/articles/edit-article.html', post=p, editArticleForm=edit_article_form)
def edit(id):
post = Post.query.get_or_404(id)
if current_user != post.author and \
not current_user.is_administrator():
abort(403)
form = PostForm()
if form.validate_on_submit():
post.body = form.body.data
db.session.add(post)
flash('这篇文章已经更新')
return redirect(url_for('.post', id=post.id))
form.body.data = post.body
return render_template('edit_post.html', form=form)
def edit(id):
post = Post.query.get_or_404(id)
if not current_user.is_administrator():
abort(403)
form = PostForm()
if form.validate_on_submit():
post.body = form.body.data
post.kind = form.kind.data
db.session.add(post)
flash('The post has been updated.')
return redirect(url_for('.post', id=post.id))
form.body.data = post.body
return render_template('edit_post.html', form=form)
def edit(id):
post = Post.query.get_or_404(id)
if current_user != post.author and \
not current_user.is_administrator():
abort(403)
form = PostForm()
if form.validate_on_submit():
post.body = form.body.data
db.session.add(post)
flash('这篇文章已经更新')
return redirect(url_for('.post', id=post.id))
form.body.data = post.body
return render_template('edit_post.html', form=form)
def admin():
if not current_user.is_administrator():
abort(401)
if request.method == 'POST':
messages = do_admin_actions()
# Redirect so refreshing the page won't redo the action
return redirect(request.args.get('next') or url_for('admin', **messages))
else:
messages = {k.decode('utf8'): v.decode('utf8') for k,v in request.args.items()}
users = User.getall()
status = get_daemon_status()
return render_template('admin.html', users=users, daemon_running=status, **messages)
def editpost(id):
post = Post.query.get_or_404(id)
form = EditPostForm()
if post is not None:
if not current_user.is_administrator() and post.author != current_user._get_current_object():
flash('you do not have permission to edit this article')
return redirect(url_for('main.index'))
if form.validate_on_submit():
post.body = form.body.data
db.session.add(post)
db.session.commit()
return redirect(url_for('main.post',id=id))
form.body.data = post.body
return render_template('main/editpost.html', post=post, form=form)
def profile(username):
user = get_or_404(User, User.username == username)
forms = {}
you = user == current_user
admin = current_user.is_administrator()
if you:
forms['name'] = NameForm(user)
forms['url'] = UrlForm(user)
if admin and not you:
forms['role'] = RoleForm(user)
if user.get_role() == "Guest":
forms['delete'] = DeleteForm(user)
return render_template('profile.html',
user=user, forms=forms, you=you, admin=admin)
def add(book_id):
form = CommentForm()
the_book = Book.query.get_or_404(book_id)
if the_book.hidden and not current_user.is_administrator():
abort(404)
if form.validate_on_submit():
the_comment = Comment(user=current_user,
book=the_book,
comment=form.comment.data)
db.session.add(the_comment)
db.session.commit()
flash(u'书评已成功发布', 'success')
return redirect(
request.args.get('next') or url_for('book.detail', book_id=book_id))
def delete_carpool(id):
group = Group.query.get_or_404(id)
if group.build_user == current_user or current_user.is_administrator():
comments = group.comments
users = group.users
applications = group.applications
for comment in comments:
db.session.delete(comment)
for user in users:
group.users.remove(user)
for application in applications:
db.session.delete(application)
db.session.delete(group)
flash('拼车信息已被删除')
return redirect(url_for('main.index'))
def editpost(id):
post = Post.query.get_or_404(id)
form = EditPostForm()
if post is not None:
if not current_user.is_administrator(
) and post.author != current_user._get_current_object():
flash('you do not have permission to edit this article')
return redirect(url_for('main.index'))
if form.validate_on_submit():
post.body = form.body.data
db.session.add(post)
db.session.commit()
return redirect(url_for('main.post', id=id))
form.body.data = post.body
return render_template('main/editpost.html', post=post, form=form)
def edit_user_profile():
request_info = json.loads(request.data)
if current_user.is_administrator():
user = User.query.filter_by(id=request_info['id']).first()
if not user:
json_str = {'status': 'fail', 'message': 'user does not exist!'}
return jsonify(json_str)
valid, errors = EditProfileAdminForm.check(request_info, user)
if valid:
user.email = request_info['email']
user.username = request_info['username']
user.confirmed = request_info['confirmed']
user.about_me = request_info['about_me']
db.session.add(user)
db.session.commit()
user.set_roles(request_info['roles'])
user.set_permissions(request_info['permissions'])
json_str = {
'status': 'success',
'message': 'The profile has been updated.'
}
return jsonify(json_str)
else:
json_str = {
'status': 'fail',
'message': 'edit profile unseccessfully',
'errors': errors
}
return jsonify(json_str)
else:
valid, errors = EditProfileForm.check(request_info)
if valid:
current_user.username = request_info['username']
current_user.about_me = request_info['about_me']
db.session.add(current_user)
db.session.commit()
json_str = {
'status': 'success',
'message': 'Your profile has been updated.'
}
return jsonify(json_str)
else:
json_str = {
'status': 'fail',
'message': 'edit profile unseccessfully',
'errors': errors
}
return jsonify(json_str)
def profile(username):
user = get_or_404(User, User.username == username)
forms = {}
you = user == current_user
admin = current_user.is_administrator()
if you:
forms['name'] = NameForm(user)
forms['url'] = UrlForm(user)
if admin and not you:
forms['role'] = RoleForm(user)
if user.get_role() == "Guest":
forms['delete'] = DeleteForm(user)
return render_template('profile.html',
user=user,
forms=forms,
you=you,
admin=admin)
def edit_profile():
if check_token(request.form['token']):
if current_user.is_administrator():
request_info = json.loads(request.data)
user = User.query.filter_by(request_info['id']).first()
if not user:
json_str = {
'status': 'fail',
'status_code': 1,
'message': 'user doesn`t exist!'
}
return jsonify(json_str)
image = request.files['avatar']
avatar_name = hashlib.md5(os.urandom(21)).hexdigest()
for size in current_app.config['AVATAR_SIZE']:
Picture(image, name=avatar_name, type='avatar', size=size)
user.avatar = avatar_name
db.session.add(user)
db.session.commit()
json_str = {
'status': 'success',
'status_code': 0,
'message': 'the avatar has been updated.'
}
return jsonify(json_str)
image = request.files['avatar']
avatar_name = hashlib.md5(os.urandom(21)).hexdigest()
for size in current_app.config['AVATAR_SIZE']:
Picture(image, name=avatar_name, type='avatar', size=size)
current_user.avatar = avatar_name
db.session.add(current_user)
db.session.commit()
json_str = {
'status': 'success',
'status_code': 0,
'message': 'Your avatar has been updated.'
}
return jsonify(json_str)
else:
json_str = {
'status': 'fail',
'status_code': 3,
'message': 'please login again'
}
return jsonify(json_str)
def ban():
flag = current_user.is_administrator(g.user)
if flag is True:
form = BanKeywordForm()
p = Page()
jsondata = request.get_json()
if request.method == 'POST':
if jsondata:
keyword = jsondata['keyword']
p.DelBan(keyword)
flash('成功删除关键词')
location = url_for('.ban')
return jsonify({"status": 302, "location": location})
if form.validate():
keyword = form.keyword.data
p.AddBan(keyword)
flash('成功添加关键词')
return redirect('ban')
banlist = p.GetBan()
keywords = []
total = len(banlist)
page = request.args.get('page', 1, type=int)
per_page = 10
offset = (page - 1) * per_page
for i in range(len(banlist)):
if i < per_page and (offset + i) < len(banlist):
keywords.append(banlist[offset + i])
else:
break
pagination = Pagination(css_framework='bootstrap3',
link_size='sm',
show_single_page=False,
page=page,
per_page=per_page,
total=total,
format_total=True,
format_number=True)
return render_template('ban.html',
keywords=keywords,
page=page,
per_page=per_page,
pagination=pagination,
form=form)
else:
abort(403)
def write_article(album_id):
a = Album.query.get_or_404(album_id)
if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
abort(403)
article_form = ArticleForm(prefix='article')
if article_form.validate_on_submit():
if current_user._get_current_object() is a.creator:
p = Post(title=article_form.title.data.strip(), body_html=article_form.body_html.data.strip(), album=a,
author=current_user._get_current_object(), confirmed=True)
else:
p = Post(title=article_form.title.data.strip(), body_html=article_form.body_html.data.strip(), album=a,
author=current_user._get_current_object())
db.session.add(p)
current_user.send_message(user=a.creator, title=u'新文章需经过您的审核',
content=u'<p>《%s》已由%s提交与专辑《%s》发表,</p>' % (p.title, current_user, a.title))
return redirect(url_for('main.album', album_id=a.id))
return render_template('auth/articles/write-article.html', articleForm=article_form)
def get_user():
user = User.query.filter_by(username=request.args.get('username')).first()
if user is None:
json_str = {'status': 'fail', 'message': 'User doesn`t exist.'}
return jsonify(json_str)
if (current_user.is_administrator()
or current_user.is_authenticated and current_user.id
== user.id) and request.args.get('lazy') == 'False':
user_content = user.to_json()
else:
user_content = user.to_json(lazy=True)
json_str = {
'status': 'success',
'message': 'get user successfully',
'result': {
'user': user_content
}
}
return jsonify(json_str)
def edit_album(album_id):
a = Album.query.get_or_404(album_id)
if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
abort(403)
edit_album_form = EditAlbumForm(obj=a, prefix='edit_album')
if edit_album_form.validate_on_submit():
app = current_app._get_current_object()
if edit_album_form.picture.data.filename is not u'':
if a.picture_url and \
os.path.isfile(os.path.join(app.config['UPLOAD_FOLDER'], 'album', a.picture_url)):
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], 'album', a.picture_url))
a.picture_url = upload(f=edit_album_form.picture.data, folder='album')
a.title = edit_album_form.title.data.strip()
a.percentage = float(edit_album_form.percentage.data)
a.introduction = edit_album_form.introduction.data.strip()
a.confirmed = False
return redirect(url_for('auth.my_albums'))
return render_template('auth/albums/edit-album.html', album=a, editAlbumForm=edit_album_form)
def get_page_params(view=None):
is_admin = current_user.is_administrator(private=True)
is_manager = current_user.is_manager(private=True)
is_operator = current_user.is_operator(private=True)
page = 0
per_page = int(
get_request_item('per_page') or get_request_item('per-page') or 0)
default_per_page = view and current_user.get_pagesize(view) or (
#view in ('admin',) and DEFAULT_ADMIN_PER_PAGE or
is_manager and DEFAULT_MANAGER_PER_PAGE or
#is_operator and DEFAULT_OPER_PER_PAGE or
view in ('cards', ) and DEFAULT_PER_PAGE * 2 or DEFAULT_PER_PAGE)
try:
if not per_page:
per_page = default_per_page
else:
current_user.set_pagesize(view, per_page)
page = int(get_request_item('page') or DEFAULT_PAGE)
except:
if IsPrintExceptions:
print_exception()
per_page = default_per_page
page = DEFAULT_PAGE
finally:
if per_page <= 0 or per_page > 1000:
per_page = default_per_page
if page <= 0:
page = DEFAULT_PAGE
next = get_request_item('next') and True or False
prev = get_request_item('prev') and True or False
if next:
page += 1
if prev and page > 1:
page -= 1
return page, per_page
def log():
flag=current_user.is_administrator(g.user)
if flag is True:
p=Page()
record=p.GetRecord()
records={}
records=OrderedDict()
total=len(record)
page = request.args.get('page',1,type=int)
per_page=10
keys=record.keys()
offset=(page - 1) * per_page
for i in range(len(keys)):
if i < per_page and (offset+i) < len(keys):
records[keys[offset+i]]=record[keys[offset+i]]
else:
break
pagination=Pagination(css_framework='bootstrap3',link_size='sm',show_single_page=False,page=page,per_page=per_page,total=total,format_total=True,format_number=True)
return render_template('log.html',records=records,page=page,per_page=per_page,pagination=pagination)
else:
abort(403)
def edit(id):
apply = Apply.query.get_or_404(id)
if current_user.id != apply.author_id and \
not current_user.is_administrator():
abort(403)
form = EditApplyForm()
if form.close.data:
return redirect(url_for('apply.show_applys'))
if form.validate_on_submit():
apply.id = id
apply.real_name = form.real_name.data
apply.gender = form.gender.data
apply.home_address = form.home_address.data
apply.middle_school = form.middle_school.data
apply.mobile = form.mobile.data
apply.id_card = form.id_card.data
apply.point = form.point.data
apply.ticket_number = form.ticket_number.data
apply.apply_profession = form.apply_profession.data
apply.apply_time = form.apply_time.data
db.session.add(apply)
flash('报名信息修改成功.')
return redirect(url_for('apply.show_applys'))
form.apply_id.data = apply.id
form.real_name.data = apply.real_name
form.gender.data = apply.gender
form.home_address.data = apply.home_address
form.middle_school.data = apply.middle_school
form.mobile.data = apply.mobile
form.id_card.data = apply.id_card
form.point.data = apply.point
form.ticket_number.data = apply.ticket_number
form.apply_profession.data = apply.apply_profession
form.apply_profession_category.data = apply.apply_profession_category
form.apply_time.data = apply.apply_time
form.status.data = apply.status
if form.status.data == u'已处理':
rr(form.submit)
rr(form.status)
return render_template('apply/edit_apply.html', form=form)
def album_manage(album_id):
a = Album.query.get_or_404(album_id)
if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
abort(403)
adopt_album_form = AdoptAlbumForm(prefix='adopt_album')
if adopt_album_form.validate_on_submit():
a.confirmed = True
current_user.send_message(user=a.creator, title=u'《%s》审核成功,已公开发表' % a.title,
content=u'<p>尊敬的<strong>%s</strong></p><p><a href="%s">《%s》</a>经 %s 审核成功,已公开发表。</p>'
% (a.creator.username, url_for('main.album', album_id=a.id), a.title, current_user.username))
return redirect(request.args.get('next') or url_for('auth.albums'))
reject_album_form = RejectAlbumForm(prefix='reject_album')
if reject_album_form.validate_on_submit():
a.confirmed = False
current_user.send_message(user=a.creator, title=reject_album_form.title.data.strip(),
content=u'<p>尊敬的<strong>%s</strong></p><p>很遗憾,您的<a href="%s">《%s》</a>经 %s 审核后,发表请求被驳回,原因如下:</p><p>%s</p>'
% (a.creator.username, url_for('main.album', album_id=a.id), a.title, current_user.username, reject_album_form.content.data.strip()))
return redirect(request.args.get('next') or url_for('auth.albums'))
return render_template('auth/albums/album-manage.html', album=a, adoptAlbumForm=adopt_album_form,
rejectAlbumForm=reject_album_form)
def post_manage(post_id):
p = Post.query.get_or_404(post_id)
if current_user != p.author and not (current_user.is_administrator() or current_user.is_moderator()):
abort(403)
adopt_post_form = AdoptPostForm(prefix='adopt_post')
if adopt_post_form.validate_on_submit():
p.confirmed = True
current_user.send_message(user=p.author, title=u'《%s》审核成功,已公开发表' % p.title,
content=u'<p>尊敬的<strong>%s</strong></p><p><a href="%s">《%s》</a>经 %s 审核成功,已公开发表。</p>'
% (p.author.username, url_for('main.post', post_id=p.id), p.title, current_user.username))
return redirect(request.args.get('next') or url_for('auth.manage_articles', album_id=p.album.id))
reject_post_form = RejectPostForm(prefix='reject_post')
if reject_post_form.validate_on_submit():
p.confirmed = False
current_user.send_message(user=p.author, title=reject_post_form.title.data.strip(),
content=u'<p>尊敬的<strong>%s</strong></p><p>很遗憾,您的<a href="%s">《%s》</a>经 %s 审核后,发表请求被驳回,原因如下:</p><p>%s</p>'
% (p.author.username, url_for('main.post', post_id=p.id), p.title, current_user.username, reject_post_form.content.data.strip()))
return redirect(request.args.get('next') or url_for('auth.manage_articles', album_id=p.album.id))
return render_template('auth/articles/post-manage.html', post=p, adoptPostForm=adopt_post_form,
rejectPostForm=reject_post_form)
def edit(id):
group = Group.query.get_or_404(id)
if current_user != group.build_user and \
not current_user.is_administrator():
abort(403)
form = EditCarpoolInfoForm()
if form.validate_on_submit():
group.description = form.description.data
group.start_time = form.start_time.data
group.start_place = form.start_place.data
group.end_place = form.end_place.data
group.people_amount = form.people_amount.data
db.session.add(group)
flash('信息已修改!')
return redirect(url_for('main.carpool', id=group.id))
form.description.data = group.description
form.start_time.data = group.start_time + timedelta(hours=8)
form.start_place.data = group.start_place
form.end_place.data = group.end_place
form.people_amount.data = group.people_amount
return render_template('edit_carpool.html', form=form)
def is_accessible(self):
return current_user.is_authenticated() and current_user.is_administrator()
def is_accessible(self):
return current_user.is_administrator()
def manage_articles(album_id):
a = Album.query.get_or_404(album_id)
if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()):
abort(403)
return render_template('auth/articles/album-articles-manage.html', album=a)
def index(self):
if not current_user.is_administrator():
abort(403)
# ## return self.render('admin/index.html')
return super(MyAdminIndexView, self).index()