def init_global_vars():
g.user = None
if 'id' in session:
g.user = User.get(session['id'])
g.redir = request.args.get('redirect', '')
g.start = request.args.get('start', type=int, default=0)
g.limit = request.args.get('limit', type=int, default=20)
def sudo():
user_id = request.form['user_id']
user = User.get(user_id)
if not user:
return jsonify({'message': 'not found'}), 404
user.sudo()
return jsonify({'message': 'ok'}), 200
def get_user(user_id):
u = User.get(user_id)
if not u:
return {}, 404
user = request.oauth.user
private = bool(user.privilege) or user.id == user_id
return u.to_dict(private=private), 200
def delete_user():
user_id = request.form['user_id']
user = User.get(user_id)
if not user:
return jsonify({'message': 'not found'}), 404
pubkey = RSAKey.get_by_user_id(user_id)
if pubkey:
pubkey.delete()
user.delete()
return jsonify({'message': 'ok'}), 200
def edit(uid):
u = User.get(uid)
if not u:
abort(403)
if request.method == 'GET':
return render_template('/admin_edit.html', user=u)
name = request.form['name']
email = request.form['email']
password = request.form['password']
real_name = request.form['real_name']
if not (name and email and real_name):
flash(u'你有些忘记填了', 'error')
return render_template('/admin_edit.html', user=u.id)
u.edit(name, email, password, real_name)
return redirect(url_for('admin.index'))