Esempi in Python per Permission

Esempio n. 1

File: news.py Progetto: umeshkv2/aunet-flask

 def post(self):
     request_arg = RequestMethod_parser.parse_args()
     requestMethod = request_arg['requestMethod']
     if requestMethod == "POST":
         permission = Permission(ActionNeed('添加新闻'))
         if permission.can()is not True:
             abort_if_unauthorized("添加新闻")
         args = News_parser.parse_args()
         category = args['category']
         detail = args['detail']
         title = args['title']
         tags = args['tags']
         try:
             tags = list(eval(tags[0]))
         except:
             pass
         soup, imgUrlFirst = handle_html(detail)
         outline = soup.get_text()[:80]
         news = News(soup.prettify(), title, outline, imgUrlFirst)
         db.session.add(news)
         db.session.commit()
         news.addCategory(category)
         for tag in tags:
             t = Tag.query.filter_by(name=tag).first()
             abort_if_not_exist(t, "tag")
             news.tags.append(t)
         db.session.add(news)
         db.session.commit()
     else:
         abort(404, message="api not found")

Esempio n. 2

File: news.py Progetto: SicunStudio/aunet-flask

 def get(self, id):
     permission = Permission(ActionNeed(('查看新闻')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻")
     news = News.query.filter(News.id == id).first()
     abort_if_not_exist(news, "news")
     return news

Esempio n. 3

File: news.py Progetto: SicunStudio/aunet-flask

 def get(self, id):
     permission = Permission(ActionNeed(('查看新闻')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻")
     silder_show = SilderShow.query.filter(SilderShow.id == id).first()
     abort_if_not_exist(silder_show, "silder_show")
     return silder_show

Esempio n. 4

def before_request():
    q_per = AuthManager.query.filter(
        AuthManager.route_name == request.path).all()
    if q_per:
        role = set()
        for p in q_per:
            permission = p.permission
            if permission:
                roles = permission.split(',')
                role.update(roles)

        if role:
            per = Permission()
            for r in role:
                if r:
                    per = per.union(Permission(RoleNeed(r)))

            # print(per.can())
            if current_user.username == 'god':
                return
            if not per.can():
                abort(403)

    else:
        # print(request.path, "is not set auth.")
        pass

Esempio n. 5

File: blog.py Progetto: tzuser/flask_blog

def post(post_id):
    form = CommentForm()
    if form.validate_on_submit():
        new_comment = Comment()
        new_comment.name = form.name.data
        new_comment.text = form.text.data
        new_comment.post_id = post_id
        new_comment.date = datetime.now()
        db.session.add(new_comment)
        db.session.commit()
        return redirect(url_for('.post', post_id=post_id))
    post = Post.query.get_or_404(post_id)
    # 添加阅读量
    post.read = post.read + 1
    db.session.add(post)
    db.session.commit()

    tags = post.tags
    comments = post.comments.order_by(Comment.date.desc()).all()
    # 是否有编辑权限
    permission = Permission(UserNeed(post.user.id))
    is_edit = permission.can() or admin_permission.can()
    if g.is_login:
        form.name.data = current_user.username
    return render_template('post.html',
                           post=post,
                           tags=tags,
                           is_edit=is_edit,
                           comments=comments,
                           form=form)

Esempio n. 6

 def decorator(*args, **kwargs):
     perm = Permission(*[RoleNeed(role) for role in roles])
     if not current_user.is_authenticated:
         return abort(401)
     if perm.can():
         return f(*args, **kwargs)
     return abort(403)

Esempio n. 7

File: joey_view.py Progetto: sysu-badass/BackEndServer

    def post(self, restaurant_id, user_id):
        identityPermission = Permission(UserNeed(user_id))
        if not identityPermission.can():
            abort(403)

        #data = parser.parse_args()
        data = request.get_json(force=True)
        order = data['orders'][0]
        order['status'] = "new"
        order_items = data['order_items']
        today = datetime.datetime.now()
        #将request里面的json key转化为数据库model的key
        '''
        for i in order_items:
            temp_item['id'] = i['order_history_item_id']
            temp_item['number'] = i['number']
            temp_item['name'] = i['name']
            temp_item['description'] = i['description']
            temp_item['image'] = i['image']
            temp_item['price'] = i['price']
            temp_item['order_history_id'] = i['order_history_id']
            items.append(temp_item.copy())
        order_items = items
        '''
        #用户自身的订单记录
        OrderHistoryDao.add_order_history(today, order['desk_number'],
                                          order['total_price'],
                                          order['restaurant_id'],
                                          order['user_id'], order_items)
        #同时要发送到餐厅的订单记录
        OrderDao.add_order(today, order['desk_number'], order['total_price'],
                           order['status'], order['restaurant_id'],
                           order_items)
        DaoHelper.commit(db)
        return 204

Esempio n. 8

File: news.py Progetto: SicunStudio/aunet-flask

 def post(self, id):
     request_arg = RequestMethod_parser.parse_args()
     requestMethod = request_arg['requestMethod']
     if requestMethod == "PUT":
         permission = Permission(ActionNeed('修改新闻标签'))
         if permission.can()is not True:
             abort_if_unauthorized("修改新闻标签")
         tag = Tag.query.filter(Tag.id == id).first()
         abort_if_not_exist(tag, "tag")
         args = parser_spec.parse_args()
         name = args['name']
         if name != None and name != tag.name:
             t = Tag.query.filter(Tag.name == name).first()
             abort_if_exist(t, "tag")
             tag.name = name
         db.session.add(tag)
         db.session.commit()
     elif requestMethod == "DELETE":
         permission = Permission(ActionNeed('删除新闻标签'))
         if permission.can()is not True:
             abort_if_unauthorized("删除新闻标签")
         tag = Tag.query.filter(Tag.id == id).first()
         abort_if_not_exist(tag, "tag")
         db.session.delete(tag)
         db.session.commit()
     else:
         abort(404, message="api not found")

Esempio n. 9

def records_filter(experiments_needs, admin_needs=None):
    """Filter list of deposits.
    """
    if current_user.is_authenticated:
        user_experiments = []
        if admin_needs and Permission(*admin_needs).can():
            return Q()

        for exp in experiments_needs:
            if Permission(*experiments_needs[exp]).can():
                user_experiments.append(exp.lower())

        q = {
            "bool": {
                "should": [{
                    "terms": {
                        "_experiment": user_experiments
                    }
                }]
            }
        }

        return Q(q)
    else:
        abort(403)

Esempio n. 10

File: permission.py Progetto: mynameischaos/flask-maple-BBS

 def decorator(*args, **kwargs):
     topicId = kwargs.get('topicId')
     permission = Permission(EditTopicNeed(topicId))
     if not permission.can():
         flash(_('You have no permission'), 'warning')
         return redirect(url_for('topic.topic', topicId=topicId))
     return func(*args, **kwargs)

Esempio n. 11

 def get(self, id):
     permission = Permission(ActionNeed(('查看新闻')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻")
     silder_show = SilderShow.query.filter(SilderShow.id == id).first()
     abort_if_not_exist(silder_show, "silder_show")
     return silder_show

Esempio n. 12

File: users.py Progetto: SicunStudio/aunet-flask

 def get(self, id):
     permission = Permission(ActionNeed(('查看权限节点')))
     if permission.can() is not True:
         abort_if_unauthorized("查看权限节点")
     node = Node.query.filter(Node.id == id).first()
     abort_if_not_exist(node, "node")
     return node

Esempio n. 13

def edit_post(id):

    post = Post.query.get_or_404(id)

    # Ensure the user logged in.
    if not current_user:
        return redirect(url_for('main.login'))

    # Only the post onwer can be edit this post.
    if current_user != post.user:
        return redirect(url_for('blog.post', post_id=id))

    # Admin can be edit the post.
    permission = Permission(UserNeed(post.user.id))
    if permission.can() or admin_permission.can():
        form = PostForm()

        if form.validate_on_submit():
            post.title = form.title.data
            post.text = form.text.data
            post.publish_date = datetime.now()

            # Update the post
            db.session.add(post)
            db.session.commit()

            return redirect(url_for('blog.post', post_id=post.id))
    else:
        abort(403)

    form.title.data = post.title
    form.text.data = post.text
    return render_template('edit_post.html', form=form, post=post)

Esempio n. 14

File: blog.py Progetto: assqingt/Flaskblog

def edit_post(id):
    if not current_user:
        return redirect(url_for('main.login'))

    post = Post.query.get_or_404(id)

    if current_user != post.user:
        abort(403)

    permission = Permission(UserNeed(post.user.id))

    if permission.can() or admin_permission.can():
        form = PostForm()

        if form.validate_on_submit():
            post.title = form.title.data
            post.text = form.text.data
            post.publish_date = datetime.datetime.now()

            db.session.add(post)
            db.session.commit()

            return redirect(url_for('.post', post_id=post.id))

        form.text.data = post.text

        return render_template('edit.html', form=form, post=post)

    abort(403)

Esempio n. 15

File: blog.py Progetto: ZakBiubiubiu/master_flask

def edit_post(id):

    post = Post.query.get_or_404(id)
    permission = Permission(UserNeed(post.author.id))
    # 设置访问本视图的权限

    if permission.can() or admin_permission.can():
        # 判断Identity是否有要求的permission
        form = PostForm()

        if form.validate_on_submit():
            post.title = form.title.data
            post.text = form.text.data
            post.publish_date = datetime.datetime.now()

            db.session.add(post)
            db.session.commit()

            return redirect(url_for('blog.post', post_id=post.id))

        form.text.data = post.text

        return render_template('blog/edit.html', form=form, post=post)

    abort(403)

Esempio n. 16

def edit_post(id):
    post = Post.query.get_or_404(id)

    #保证用户市登录的
    if not current_user:
        return redirect(url_for('main.login'))

    if current_user != post.users:
        return redirect(url_for('blog.post', post_id=id))

    #当user是poster或者admin，才可以编辑文章
    permission = Permission(UserNeed(post.users.id))
    if permission.can() or admin_permission.can():
        form = PostForm()

        if form.validate_on_submit():
            post.title = form.title.data
            post.text = form.text.data
            post.published_date = datetime.now()

            db.session.add(post)
            db.session.commit()
            return redirect(url_for('blog.post', post_id=post.id))
        else:
            abort(403)

        form.title.data = post.title
        form.text.data = post.text
        return render_template('edit_post.html', form=form, post=post)

Esempio n. 17

File: users.py Progetto: SicunStudio/aunet-flask

 def post(self):
     request_arg = RequestMethod_parser.parse_args()
     requestMethod = request_arg['requestMethod']
     if requestMethod == "POST":
         permission = Permission(ActionNeed('添加用户'))
         if permission.can()is not True:
             abort_if_unauthorized("添加用户")
         args = User_parser.parse_args()
         try:
             args['roleName'] = list(eval(args['roleName'][0]))
         except:
             pass
         userName = args['userName']
         passWord = args['passWord']
         email = args['email']
         roleName = args['roleName']
         phone = args['phone']
         user1 = User.query.filter(User.userName == userName).first()
         abort_if_exist(user1, "userName")
         try:
             html = render_template(
                 "Admin/user_info.html", user_name=userName, password=passWord, flag="创建账号")
             send_email("社团网账号信息", [email], html)
             user = User(userName, passWord, email, phone)
             for name in roleName:
                 role = Role.query.filter(Role.roleName == name).first()
                 abort_if_not_exist(role, "role")
                 user.roles.append(role)
             db.session.add(user)
             db.session.commit()
         except:
             pass
     else:
         abort(404, message="api not found")

Esempio n. 18

File: hail.py Progetto: odtvince/APITaxi_models

 def status(self, value):
     old_status = self._status
     assert value in status_enum_list
     if value == self._status:
         return True
     roles_accepted = self.roles_accepted.get(value, None)
     if roles_accepted:
         perm = Permission(*[RoleNeed(role) for role in roles_accepted])
         if not perm.can():
             raise RuntimeError("You're not authorized to set this status")
     status_required = self.status_required.get(value, None)
     if status_required and self._status != status_required:
         raise ValueError("You cannot set status from {} to {}".format(self._status, value))
     self._status = value
     self.status_changed()
     taxi = TaxiM.cache.get(self.taxi_id)
     taxi.synchronize_status_with_hail(self)
     client = influx_db.get_client(current_app.config['INFLUXDB_TAXIS_DB'])
     try:
         client.write_points([{
             "measurement": "hails_status_changed",
             "tags": {
                 "added_by": User.query.get(self.added_by).email,
                 "operator": self.operateur.email,
                 "zupc": taxi.ads.zupc.insee,
                 "previous_status": old_status,
                 "status": self._status
                 },
             "time": datetime.utcnow().strftime('%Y%m%dT%H:%M:%SZ'),
             "fields": {
                 "value": 1
             }
             }])
     except Exception as e:
         current_app.logger.error('Influxdb Error: {}'.format(e))

Esempio n. 19

def edit_post(id):

    post = Post.query.get_or_404(id)

    if not current_user:
        return redirect(url_for('main.login'))

    if current_user != post.users:
        return redirect(url_for('blog.post', post_id=id))

    # 当 user 是 poster 或者 admin 时, 才能够编辑文章
    permission = Permission(UserNeed(post.users.id))

    if permission.can() or admin_permission.can():
        form = PostForm()

        if form.validate_on_submit():
            post.title = form.title.data
            post.text = form.text.data
            post.publish_date = datetime.datetime.now()

            # Update the post
            db.session.add(post)
            db.session.commit()
            return redirect(url_for('blog.post', post_id=post.id))

        # Still retain the original content, if validate is false.
        form.title.data = post.title
        form.text.data = post.text
        return render_template('edit_post.html', form=form, post=post)
    else:
        abort(403)

Esempio n. 20

File: users.py Progetto: TammyAndBenjamin/tabapp

def _contact_handler(user_id, endpoint):
    contact = Contact.query.get(user_id) if user_id else Contact()
    contact_form = ContactForm(obj=contact)

    admin_permisssion = Permission(RoleNeed('admin'))
    if not admin_permisssion.can():
        del contact_form.roles

    credentials_form = CredentialsForm(obj=contact)
    forms = {
        'contact_details': contact_form,
        'contact_credentials': credentials_form,
    }
    current_form = forms.get(request.form.get('action'))
    if current_form and current_form.validate_on_submit():
        contact = Contact.query.get(user_id) if user_id else Contact()
        current_form.populate_obj(contact)
        if not contact.id:
            db.session.add(contact)
        db.session.commit()
        flash(_('User updated.'), 'success')
        kwargs = {
            'user_id': contact.id,
        }
        return redirect(url_for(endpoint, **kwargs))
    context = {
        'user_id': contact.id,
        'contact': contact,
        'contact_form': contact_form,
        'credentials_form': credentials_form,
    }
    return render_template('admin/users/form.html', **context)

Esempio n. 21

File: users.py Progetto: SicunStudio/aunet-flask

    def post(self):
        request_arg = RequestMethod_parser.parse_args()
        requestMethod = request_arg['requestMethod']
        print(requestMethod)
        if requestMethod == "POST":
            permission = Permission(ActionNeed('添加角色'))
            if permission.can()is not True:
                abort_if_unauthorized("添加角色")
            args = Role_parser.parse_args()
            roleName = args['roleName']
            try:
                nodeName = list(eval(args['nodeName'][0]))
            except:
                nodeName = args['nodeName']

            role1 = Role.query.filter(Role.roleName == roleName).first()
            abort_if_exist(role1, "roleName")
            role = Role(roleName)
            db.session.add(role)
            db.session.commit()
            for name in nodeName:
                node = Node.query.filter(Node.nodeName == name).first()
                abort_if_not_exist(node, "node")
                role.nodes.append(node)
            db.session.add(role)
            db.session.commit()
        else:
            abort(404, message="api not found")

Esempio n. 22

def update_user():
    """Update current logged user
    """
    user = current_user
    form = UserForm(request.form, obj=user)
    del form.role
    del form.is_active

    perm = Permission(UserNeed(user.id), RoleNeed('admin'))
    perm.test()

    if form.validate_on_submit():
        if form.username.data != user.username and User.username_is_in_use(
                form.username.data):
            flash(
                "This username is already been used. Please choose another one!",
                "alert-danger")
            form.username.errors.append('Please correct this field')
        elif form.email.data != user.email and User.email_is_in_use(
                form.email.data):
            flash(
                "This email is already been used. Please choose another one!",
                "alert-danger")
            form.email.errors.append('Please correct this field')
        else:
            form.populate_obj(user)
            db.session.commit()
            flash("Informations updated", "alert-info")
            return redirect(url_for('dashboard.index'))

    return render_template("user/update.html", form=form, user=current_user)

Esempio n. 23

	def post(self):
		request_arg=RequestMethod_parser.parse_args()
		requestMethod=request_arg['requestMethod']
		print(requestMethod)
		if requestMethod=="POST":
			permission=Permission(ActionNeed('添加角色'))
			if permission.can()is not True:
				abort_if_unauthorized("添加角色")
			args=Role_parser.parse_args()
			roleName=args['roleName']
			try:
				nodeName=list(eval(args['nodeName'][0]))
			except:
				nodeName=args['nodeName']
			
			role1=Role.query.filter(Role.roleName==roleName).first()
			abort_if_exist(role1,"roleName")
			role=Role(roleName)
			db.session.add(role)
			db.session.commit()
			for name in nodeName:
				node=Node.query.filter(Node.nodeName==name).first()
				abort_if_not_exist(node,"node")
				role.nodes.append(node)
			db.session.add(role)
			db.session.commit()
		else:
			abort(404,message="api not found")

Esempio n. 24

File: news.py Progetto: SicunStudio/aunet-flask

    def post(self, id):
        request_arg = RequestMethod_parser.parse_args()
        requestMethod = request_arg['requestMethod']
        if requestMethod == "PUT":
            permission = Permission(ActionNeed('修改新闻属性'))
            if permission.can()is not True:
                abort_if_unauthorized("修改新闻属性")

            category = Category.query.filter(Category.id == id).first()
            abort_if_not_exist(category, "category")
            args = parser_spec.parse_args()
            name = args['name']
            if name != None and name != category.name:
                c = Category.query.filter(Category.name == name).first()
                abort_if_exist(c, "category")
                category.name = name
            db.session.add(category)
            db.session.commit()
        elif requestMethod == "DELETE":
            permission = Permission(ActionNeed('删除新闻属性'))
            if permission.can()is not True:
                abort_if_unauthorized("删除新闻属性")
            id = int(id)
            category = Category.query.filter(Category.id == id).first()
            abort_if_not_exist(category, "category")
            db.session.delete(category)
            db.session.commit()
        else:
            abort(404, message="api not found")

Esempio n. 25

 def blogger_permission(self):
     if self._blogger_permission is None:
         if self.config.get("BLOGGING_PERMISSIONS", False):
             self._blogger_permission = Permission(RoleNeed("blogger"))
         else:
             self._blogger_permission = Permission()
     return self._blogger_permission

Esempio n. 26

	def post(self):
		request_arg=RequestMethod_parser.parse_args()
		requestMethod=request_arg['requestMethod']
		if requestMethod=="POST":
			permission=Permission(ActionNeed('添加用户'))
			if permission.can()is not True:
				abort_if_unauthorized("添加用户")
			args=User_parser.parse_args()
			try:
				args['roleName']=list(eval(args['roleName'][0]))
			except:
				pass
			userName=args['userName']
			passWord=args['passWord']
			email=args['email']
			roleName=args['roleName']
			phone=args['phone']
			user1=User.query.filter(User.userName==userName).first()
			abort_if_exist(user1,"userName")
			user=User(userName,passWord,email,phone)
			for name in roleName:
				role=Role.query.filter(Role.roleName==name).first()
				abort_if_not_exist(role,"role")
				user.roles.append(role)
			db.session.add(user)
			db.session.commit()
		else:
			abort(404,message="api not found")

Esempio n. 27

	def get(self,id):
		permission=Permission(ActionNeed(('查看权限节点')))
		if permission.can() is not True:
			abort_if_unauthorized("查看权限节点")	
		node=Node.query.filter(Node.id==id).first()
		abort_if_not_exist(node,"node")
		return node

Esempio n. 28

File: blog.py Progetto: wsui/hello-world

def edit_post(id):
    # 此处验证用login_required装饰器代替
    """
    if not g.current_user:
        return redirect(url_for('main.login'))
    """
    post = Post.query.get_or_404(id)
    # 此处使用用户权限进行限制访问
    """
    if current_user != post.user:
        abort(403)
    """
    permission = Permission(UserNeed(post.user.id))
    if permission.can() or admin_permission.can():
        form = PostForm()
        if form.validate_on_submit():
            if form.title.data == post.title and form.text.data == post.text:
                flash('no changes detected!', category='message')
            else:
                post.title = form.title.data
                post.text = form.text.data
                post.publish_date = datetime.datetime.now()

                db.session.add(post)
                db.session.commit()

                return redirect(url_for('.post', post_id=post.id))
        form.text.data = post.text
        return render_template('edit.html', form=form, post=post)
    abort(403)

Esempio n. 29

File: views.py Progetto: Onekki/OnekkiSite

def article_edit(id):
    article = BlogArticle.query.get_or_404(id)

    if not current_user:
        return redirect(url_for('site.login'))

    if current_user != article.user:
        return redirect(url_for('blog.article_one', id=id))

    permission = Permission(UserNeed(article.user.id))
    if permission.can() or permission_admin.can():
        form = ArticleForm()
        if form.validate_on_submit():
            article.title = form.title.data
            article.content = form.content.data
            article.publish_time = datetime.datetime.now()

            db.session.add(article)
            db.session.commit()
            return redirect(url_for('blog.article_one', id=article.id))
    else:
        abort(403)

    form.title.data = article.title
    form.content.data = article.content
    return render_template('blog/article/edit.html',
                           obj_form=form,
                           article_one=article)

Esempio n. 30

File: main.py Progetto: TammyAndBenjamin/tabapp

def contact(retailer_id, contact_id):
    permisssion = Permission(RoleNeed('normal'))
    need = ItemNeed('access', 'retailer', retailer_id)
    if not permisssion.union(Permission(need)).can():
        return abort(403)
    retailer = Retailer.query.get(retailer_id)
    contact = Contact.query.get(contact_id) if contact_id else Contact()
    contact_form = ContactForm(obj=contact)
    del contact_form.roles
    if contact_form.validate_on_submit():
        contact_form.populate_obj(contact)
        contact.phone = contact_form.phone.data
        if not contact.id:
            retailer.contacts.append(contact)
        db.session.commit()
        flash(_('User updated.'), 'success')
        kwargs = {
            'retailer_id': retailer.id,
            'contact_id': contact.id,
        }
        return redirect(url_for('retailers_bp.contact', **kwargs))
    context = {
        'user_id': contact.id,
        'retailer': retailer,
        'tab_counts': tab_counts(retailer),
        'contact': contact,
        'contact_form': contact_form,
    }
    return render_template('retailers/contact.html', **context)

Esempio n. 31

File: allPythonContent.py Progetto: Mondego/pyreco

 def test_permission_difference(self):
     p1 = Permission(('a', 'b'), ('a', 'c'))
     p2 = Permission(('a', 'c'), ('d', 'e'))
     p3 = p1.difference(p2)
     assert p3.needs == set([('a', 'b')])
     p4 = p2.difference(p1)
     assert p4.needs == set([('d', 'e')])

Esempio n. 32

File: permission.py Progetto: liweicheng00/MesDemo

    def wrapper():

        route = func.__name__
        q_per = AuthManager.query.filter(AuthManager.route_name == '/' +
                                         route).all()
        if q_per:
            role = set()
            for p in q_per:
                permission = p.permission
                if permission:
                    roles = permission.split(',')
                    role.update(roles)

            if role:
                per = Permission()
                for r in role:
                    if r:
                        per = per.union(Permission(RoleNeed(r)))

                @per.require(http_exception=403)
                def f():
                    return func()

                return f()
            else:
                return func()
        else:
            return func()

Esempio n. 33

 def get(self, id):
     permission = Permission(ActionNeed(('查看新闻')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻")
     news = News.query.filter(News.id == id).first()
     abort_if_not_exist(news, "news")
     return news

Esempio n. 34

 def post(self):
     request_arg = RequestMethod_parser.parse_args()
     requestMethod = request_arg['requestMethod']
     if requestMethod == "POST":
         permission = Permission(ActionNeed('添加新闻'))
         if permission.can() is not True:
             abort_if_unauthorized("添加新闻")
         args = News_parser.parse_args()
         category = args['category']
         detail = args['detail']
         title = args['title']
         tags = args['tags']
         try:
             tags = list(eval(tags[0]))
         except:
             pass
         soup = BeautifulSoup(detail, "html.parser")
         k = 0
         for img in soup.find_all('img'):
             imgurl = img.get('src')
             r = request.urlopen(imgurl)
             data = r.read()
             imgBuf = BytesIO(data)
             i = Image.open(imgBuf)
             filename = str(
                 int(random.uniform(1, 1000) + time.time())) + ".png"
             path = os.path.join(app.config['BASEDIR'],
                                 'aunet/static/Uploads/News', filename)
             # return path;
             i.save(path, quality="96")
             f = open(path, "rb")
             data = f.read()
             data = base64.b64encode(data)
             data = str(data)
             data = data[2:-1]
             data = "data:image/jpg;base64," + data
             img['src'] = data
             # return img
             k = k + 1
             if k > 1:
                 os.remove(path)
             else:
                 imgUrlFirst = "static/Uploads/News/" + filename
         if k == 0:
             imgUrlFirst = "static/Uploads/News/1.jpg"  #默认的新闻展示图片
         # return imgUrlFirst
         outline = soup.get_text()[:100]
         news = News(soup.prettify(), title, outline, imgUrlFirst)
         db.session.add(news)
         db.session.commit()
         news.addCategory(category)
         for tag in tags:
             t = Tag.query.filter_by(name=tag).first()
             abort_if_not_exist(t, "tag")
             news.tags.append(t)
         db.session.add(news)
         db.session.commit()
     else:
         abort(404, message="api not found")

Esempio n. 35

File: users.py Progetto: SicunStudio/aunet-flask

 def get(self, id):
     permission = Permission(ActionNeed(('查看角色')))
     if permission.can() is not True:
         abort_if_unauthorized("查看角色")
     role = Role.query.filter(Role.id == id).first()
     abort_if_not_exist(role, "role")
     data = build_role_data(role)
     return data

Esempio n. 36

File: permission.py Progetto: luis-allan/maple-bbs

 def decorator(*args, **kwargs):
     permission = Permission(RoleNeed('confirmed'))
     if not permission.can():
         flash(_("You haven't confirm your account,Please confirmed"),
               'warning')
         return redirect(
             url_for('user.user', user_url=current_user.username))
     return func(*args, **kwargs)

Esempio n. 37

File: test_principal.py Progetto: bpedman/flask-principal

    def test_permission_or(self):
        p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
        p2 = Permission(RoleNeed('lackey'), RoleNeed('underling'))

        p3 = p1 | p2
        p4 = p1.difference(p2)

        assert p3.needs == p4.needs

Esempio n. 38

 def decorated_view(*args, **kwargs):
     perm = Permission(*[RoleNeed(role) for role in roles])
     if perm.can():
         return fn(*args, **kwargs)
     if _security._unauthorized_callback:
         return _security._unauthorized_callback()
     else:
         return _get_unauthorized_view()

Esempio n. 39

File: security.py Progetto: TammyAndBenjamin/tabapp

 def decorated_function(*args, **kwargs):
     if not current_user.is_authenticated():
         return redirect(url_for('login_bp.login', next=request.path))
     for key in role_keys:
         permisssion = Permission(RoleNeed(key))
         if permisssion.can():
             return f(*args, **kwargs)
     return abort(403)

Esempio n. 40

 def decorated_view(*args, **kwargs):
     perm = Permission(*[RoleNeed(role) for role in roles])
     if perm.can():
         return fn(*args, **kwargs)
     if _security._unauthorized_callback:
         # Backwards compat - deprecated
         return _security._unauthorized_callback()
     return _security._unauthz_handler(roles_accepted, list(roles))

Esempio n. 41

File: decorators.py Progetto: ArioShaman/flask-site

 def decorated_view(*args, **kwargs):
     perm = Permission(*[RoleNeed(role) for role in roles])
     if perm.can():
         return fn(*args, **kwargs)
     if _security._unauthorized_callback:
         return _security._unauthorized_callback()
     else:
         return _get_unauthorized_view()

Esempio n. 42

File: permission.py Progetto: mynameischaos/flask-maple-BBS

    def put(self, topicId):
        def callback():
            return jsonify(judge=False, error=_('You have no permission'))

        permission = Permission(EditTopicNeed(topicId))
        if not permission.can():
            self.callback = callback
            return True

Esempio n. 43

File: allPythonContent.py Progetto: Mondego/pyreco

    def test_permission_or(self):
        p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
        p2 = Permission(RoleNeed('lackey'), RoleNeed('underling'))

        p3 = p1 | p2
        p4 = p1.difference(p2)

        assert p3.needs == p4.needs

Esempio n. 44

File: allPythonContent.py Progetto: Mondego/pyreco

    def test_permission_and(self):
        p1 = Permission(RoleNeed('boss'))
        p2 = Permission(RoleNeed('lackey'))

        p3 = p1 & p2
        p4 = p1.union(p2)

        assert p3.needs == p4.needs

Esempio n. 45

File: decorators.py Progetto: zxjlm/flask-security

 def decorated_view(*args, **kwargs):
     perm = Permission(*[FsPermNeed(fsperm) for fsperm in fsperms])
     if perm.can():
         return fn(*args, **kwargs)
     if _security._unauthorized_callback:
         # Backwards compat - deprecated
         return _security._unauthorized_callback()
     return _security._unauthz_handler(permissions_accepted, list(fsperms))

Esempio n. 46

File: test_principal.py Progetto: bpedman/flask-principal

    def test_permission_and(self):
        p1 = Permission(RoleNeed('boss'))
        p2 = Permission(RoleNeed('lackey'))

        p3 = p1 & p2
        p4 = p1.union(p2)

        assert p3.needs == p4.needs

Esempio n. 47

File: permission.py Progetto: 0xsKu/maple-bbs

 def decorator(*args, **kwargs):
     permission = Permission(RoleNeed('confirmed'))
     if not permission.can():
         flash(
             _("You haven't confirm your account,Please confirmed"),
             'warning')
         return redirect(url_for('user.user',
                                 user_url=current_user.username))
     return func(*args, **kwargs)

Esempio n. 48

File: permission.py Progetto: 0xsKu/maple-bbs

    def put(self, topicId):
        def callback():
            flash(_("You have no permission"), 'warning')
            return redirect(url_for('topic.topic', topicId=topicId))

        permission = Permission(EditTopicNeed(topicId))
        if not permission.can():
            self.callback = callback
            return True

Esempio n. 49

File: news.py Progetto: SicunStudio/aunet-flask

 def get(self, id):
     permission = Permission(ActionNeed(('查看新闻标签')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻标签")
     tag = Tag.query.filter_by(id=id).first()
     abort_if_not_exist(tag, "tag")
     data = dict()
     data['name'] = tag.name
     data['id'] = tag.id
     return data

Esempio n. 50

File: permission.py Progetto: 0xsKu/maple-bbs

 def post(self):
     form = request.form.getlist('add-to-collect')
     for collectId in form:
         try:
             collectId = int(collectId)
             permission = Permission(PostCollect(collectId))
             if not permission.can():
                 return True
         except ValueError:
             abort(403)

Esempio n. 51

File: users.py Progetto: SicunStudio/aunet-flask

 def get(self):
     permission = Permission(ActionNeed(('查看角色')))
     if permission.can() is not True:
         abort_if_unauthorized("查看角色")
     roles = Role.query.all()
     datas = list()
     for role in roles:
         data = build_role_data(role)
         datas.append(data)
     return datas

Esempio n. 52

File: security.py Progetto: TammyAndBenjamin/tabapp

def can_access(endpoint):
    """ Method used in templates only, it helps to validate endpoint access """
    f = current_app.view_functions[endpoint]
    if not hasattr(f, 'role_keys'):
        return True
    for role_key in f.role_keys:
        permisssion = Permission(RoleNeed(role_key))
        if permisssion.can():
            return True
    return False

Esempio n. 53

File: users.py Progetto: SicunStudio/aunet-flask

 def get(self):
     permission = Permission(ActionNeed(('查看用户')))
     if permission.can() is not True:
         abort_if_unauthorized("查看用户")
     datas = list()
     users = User.query.all()
     for user in users:
         data = build_user_data(user)
         datas.append(data)
     return datas

Esempio n. 54

File: news.py Progetto: SicunStudio/aunet-flask

 def get(self, id):
     permission = Permission(ActionNeed(('查看新闻栏目')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻栏目")
     category = Category.query.filter_by(id=id).first()
     abort_if_not_exist(category, "category")
     data = dict()
     data['name'] = category.name
     data['id'] = category.id
     return data

Esempio n. 55

File: main.py Progetto: TammyAndBenjamin/tabapp

def index():
    permisssion = Permission(RoleNeed('normal'))
    retailers = Retailer.query.all()
    for retailer in retailers[:]:
        need = ItemNeed('access', 'retailer', retailer.id)
        if not permisssion.union(Permission(need)).can():
            retailers.remove(retailer)
    context = {
        'retailers': retailers,
    }
    return render_template('retailers/index.html', **context)

Esempio n. 56

File: stocks.py Progetto: TammyAndBenjamin/tabapp

def index(retailer_id):
    permisssion = Permission(RoleNeed('normal'))
    need = ItemNeed('access', 'retailer', retailer_id)
    if not permisssion.union(Permission(need)).can():
        return abort(403)
    retailer = Retailer.query.get(retailer_id)
    context = {
        'retailer': retailer,
        'stocks': retailer.stocks.filter(RetailerProduct.sold_date.is_(None)),
        'tab_counts': tab_counts(retailer),
    }
    return render_template('retailers/stocks.html', **context)

Esempio n. 57

File: permission.py Progetto: 0xsKu/maple-bbs

    def post(self):
        def callback():
            flash(
                _("You haven't confirm your account,Please confirmed"),
                'warning')
            return redirect(url_for('user.user',
                                    user_url=current_user.username))

        permission = Permission(RoleNeed('confirmed'))
        if not permission.can():
            self.callback = callback
            return True

Esempio n. 58

File: main.py Progetto: TammyAndBenjamin/tabapp

def contacts(retailer_id):
    permisssion = Permission(RoleNeed('normal'))
    need = ItemNeed('access', 'retailer', retailer_id)
    if not permisssion.union(Permission(need)).can():
        return abort(403)
    retailer = Retailer.query.get(retailer_id)
    context = {
        'retailer': retailer,
        'contacts': retailer.contacts,
        'tab_counts': tab_counts(retailer),
    }
    return render_template('retailers/contacts.html', **context)

Esempio n. 59

File: news.py Progetto: SicunStudio/aunet-flask

 def get(self):
     permission = Permission(ActionNeed(('查看新闻标签')))
     if permission.can() is not True:
         abort_if_unauthorized("查看新闻标签")
     tags = Tag.query.all()
     datas = list()
     for tag in tags:
         data = dict()
         data['name'] = tag.name
         data['id'] = tag.id
         datas.append(data)
     return datas