def post(self):
args = login_parser.parse_args()
_user = User.get_object(username=args.username)
if not _user.verify_password(args.password):
return http_responses.HTTP_400_BAD_REQUEST(msg={"error": u"密码错误"})
token = _user.generate_auth_token()
g.user = _user
# 设置用户权限到缓存
# if not hasattr(g, "identity"):
_permissions = cache_user_privileges(token)
permissions = set()
for per in _permissions:
permissions.add(".".join([per.name, per.needs.name]))
return http_responses.HTTP_200_OK(
msg={
"message": "Login success",
"username": _user.username,
"nickname": _user.nickname,
"id": _user.id,
"is_superuser": _user.is_superuser,
"permissions": list(permissions),
"token": token
})
def put(self, user_id):
_user = User.get_object(id=user_id)
args = user_modify_parser.parse_args()
_user.username = args.username
if args.nickname is not None:
_user.nickname = args.nickname
if args.email is not None:
_user.email = args.email
g.db.commit()
return http_responses.HTTP_200_OK(msg=u"修改用户信息成功")
def get(self, user_id):
user = User.get_object(id=user_id)
user_roles = UsersRoles.query.filter_by(user_id=user_id).all()
roles = [user_role.role.to_dict() for user_role in user_roles]
return http_responses.HTTP_200_OK(msg={
"user": user.username,
"roles": roles
})
def post(self, user_id):
args = user_roles_parser.parse_args()
user = User.get_object(id=user_id)
for role_id in args.role_ids:
try:
role_id = int(role_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色Id必须为整数"})
if UsersRoles.query.filter_by(user_id=user_id,
role_id=role_id).first():
continue
role = Role.get_object(id=role_id)
user_role = UsersRoles(user, role)
g.db.add(user_role)
if len(args.role_ids):
g.db.commit()
return http_responses.HTTP_200_OK()
def put(self, user_id):
args = user_roles_parser.parse_args()
user = User.get_object(id=user_id)
all_user_roles = UsersRoles.query.filter_by(user_id=user_id).all()
if args.role_ids:
all_role_ids = set(
[user_role.role.id for user_role in all_user_roles])
try:
new_role_ids = set([int(role_id) for role_id in args.role_ids])
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色id必须为整数"})
add_role_ids = new_role_ids - all_role_ids
delete_role_ids = all_role_ids - new_role_ids
# 删除角色
for role_id in delete_role_ids:
g.db.delete(
filter(lambda x: x.role_id == role_id, all_user_roles)[0])
# 新增角色
for role_id in add_role_ids:
role = Role.query.filter_by(id=role_id).first()
if role is None:
continue
user_role = UsersRoles(user=user, role=role)
g.db.add(user_role)
else:
for user_role in all_user_roles:
g.db.delete(user_role)
g.db.commit()
return http_responses.HTTP_200_OK(msg="Update role permission success")
def delete(self, user_id):
_user = User.get_object(id=user_id)
g.db.delete(_user)
g.db.commit()
return http_responses.HTTP_200_OK()