def check_admin(request): if request.__user__ is None or not request.__user__.admin: raise APIPermissionError()
def check_admin(): user = ctx.request.user if user and user.admin: return raise APIPermissionError('No permission.')
def check_admin(request): '''检查用户是否具有管理权''' if request.__user__ is None or not request.__user__.admin: raise APIPermissionError()
def check_admin(user): if user is None or not user.admin: raise APIPermissionError()
async def get_comments(*, page='1', size='8', blog_id=None, order_by="created_at", desc=True, user=False, request): ''' To get the comments list. There are three exclusive modes 1. If `user` is true, then return the inner joined comments list including blog title which is related to the the user. 2. If `blog_id` is provided, then return the comments list under the blog 3. If both are not provided, enable adminstrator mode which returns all current comments records. ''' try: page, size = get_page_index(page, size) except APIError as e: raise APIValueError('Comments', 'GET /api/comments ' + e.data) des = ' desc' if desc is True else ' asc' if not blog_id: #use join select #Note: This piece of code is manually coded, need to be improved in the future if not request.__user__: raise APIPermissionError('comments', 'Log in to manage comments') if not (request.__user__.admin == 1 or user): raise APIPermissionError( 'comments', 'Only administrators have access to all comments') field_main = ['c.' + f for f in Comment.__schema__] field_min = ['b.title'] query = "select {},{}".format(','.join(field_main), ','.join(field_min)) query += " from comments c inner join blogs b on c.blog_id=b.id" if user: query += " where c.user_id=?" args = [request.__user__.id] num = await Comment.findNumber('count(id)', 'user_id=?', [request.__user__.id]) else: args = [] num = await Comment.findNumber('count(id)') p = Page(num, page, size) query += " order by " + 'c.' + order_by + des + " limit ?,?" args.extend([p.offset, p.limit]) joined_comments = await select(query, args) schema = Comment.__schema__ + ['title'] comments = list( map(lambda x: {k: v for k, v in zip(schema, x)}, joined_comments)) else: related_blog = await Blog.find(blog_id) if not related_blog: raise APIResourceNotFoundError( 'Comment', 'The related blog: {} is not found'.format(blog_id)) where = 'blog_id=?' args = [blog_id] num = await Comment.findNumber('count(id)', where, args) p = Page(num, page, size) comments = await Comment.findAll(where, args, orderBy=order_by + des, limit=(p.offset, p.limit)) return dict(total=p.page_count, page=page, comments=comments)
def check_admin(request): '''判断用户是否为管理员用户, 不是则抛出异常''' if request.__user__ is None or not request.__user__.admin: raise APIPermissionError()