Esempio n. 1
0
	def decorated_function(*args, **kwargs):
		u = current_user()
		model_name = request.path.split('/')[-2]
		# 根据不同请求方法,获取实例的 id
		if request.method == 'POST':
			data = request.json
			id = int(data.get('id'))
		else:
			id = int(request.args.get('id'))
		# 根据 model 的名字,判断从哪里获取实例
		path_dict = dict(
			weibo=Weibo.find_by(id=id),
			comment=Comment.find_by(id=id),
			blog=Blog.find_by(id=id),
			blogComment=BlogComment.find_by(id=id),
		)
		instance = path_dict.get(model_name)
		user_id = instance.user_id
		# 检查登录用户 id 与实例的 user_id 是否一致
		if u.id == user_id:
			return f(*args, **kwargs)
		else:
			log("{} try to access {}'s data\r\n".format(u.username, instance.username))
			return redirect('#')
Esempio n. 2
0
def detail():
    blog_id = int(request.args.get('id'))
    b = Blog.find_by(id=blog_id)
    return jsonify(b.json())