def admin_auth(user_id):
if get_admin_count() > 0:
admin_redirect()
form = AuthForm()
remove = request.args.get('remove')
if not User.query.get(user_id):
return abort(404)
if form.validate_on_submit():
if remove != 'True':
return redirect_after_verification(
user_id=user_id,
password=form.code.data,
auth_func='admin_auth',
redirect_to='verification.handle_new_admin',
salt='make-auth')
else:
return redirect_after_verification(
user_id=user_id,
password=form.code.data,
auth_func='admin_auth',
redirect_to='verification.handle_admin_removal',
salt='remove-auth')
return render_template('admin-form.html',
form=form,
authorization=True,
user_id=user_id,
category='admin',
remove=remove)
def auth_add():
# 权限添加
form = AuthForm()
is_flag = True
if form.validate_on_submit():
if Auth.query.filter_by(name=form.name.data).first():
is_flag = False
flash(u'您输入的权限已存在', 'err')
if Auth.query.filter_by(url=form.url.data).first():
is_flag = False
flash(u'您输入的路由已存在', 'err')
if is_flag == False:
return render_template('admin/auth_add.html', form=form)
auth = Auth(name=form.name.data,
level=1,
url=form.url.data,
html_id=form.html_id.data)
oplog = Oplog(user_id=session['user_id'],
ip=request.remote_addr,
reason=u'添加权限:%s' % form.name.data)
objects = [auth, oplog]
db.session.add_all(objects)
db.session.commit()
flash(u'权限添加成功', 'ok')
return redirect(url_for('admin.auth_add'))
return render_template('admin/auth_add.html', form=form)
def auth_edit(id=None):
# 权限修改
form = AuthForm()
form.submit.label.text = u'修改'
auth = Auth.query.filter_by(id=id).first_or_404()
is_flag = True
if request.method == 'GET':
form.name.data = auth.name
form.url.data = auth.url
form.html_id.data = auth.html_id
if form.validate_on_submit():
if auth.name != form.name.data and Auth.query.filter_by(
name=form.name.data).first():
is_flag = False
flash(u'您输入的权限已存在', 'err')
if auth.url != form.url.data and Auth.query.filter_by(
url=form.url.data).first():
is_flag = False
flash(u'您输入的路由已存在', 'err')
if is_flag == False:
return render_template('admin/auth_edit.html', form=form)
auth.name = form.name.data
auth.url = form.url.data
auth.html_id = form.html_id.data
db.session.add(auth)
oplog = Oplog(user_id=session['user_id'],
ip=request.remote_addr,
reason=u'修改权限:%s' % form.name.data)
db.session.add(oplog)
db.session.commit()
flash(u'权限修改成功', 'ok')
return redirect(url_for('admin.auth_list'))
return render_template('admin/auth_edit.html', form=form)
def auth():
form = AuthForm()
if not form.validate_on_submit():
return send_json_response(message=form.errors, status_code=400)
if not is_valid_api_key(api_key=form.api_key.data):
return send_json_response(message={'message': 'Ошибка аутентификации'},
status_code=401)
def authorization(user_id):
form = AuthForm()
user = User.query.get(user_id)
if not user:
return abort(400)
if form.validate_on_submit():
return redirect_after_verification(
user_id=user_id,
auth_func='authorization',
redirect_to='user_operations.delete_user',
salt='delete-auth',
password=form.code.data)
return render_template('delete.html',
form=form,
authorization=True,
user_id=user_id)
def auth_add():
form = AuthForm()
if form.validate_on_submit():
data = form.data
auth_num = Auth.query.filter_by(name=data["auth_name"]).count()
if auth_num == 1:
flash("权限名称已经存在!", "err")
return redirect(url_for("admin.auth_add"))
auth_url_num = Auth.query.filter_by(url=data["auth_url"]).count()
if auth_url_num == 1:
flash("权限地址已经存在!", "err")
return redirect(url_for("admin.auth_add"))
auth = Auth(name=data["auth_name"], url=data["auth_url"])
db.session.add(auth)
db.session.commit()
flash("添加权限成功!", "ok")
#return redirect(url_for("admin.auth_add"))
return redirect(url_for("admin.auth_list", page=1))
return render_template("admin/auth_add.html", form=form)
def auth_edit(id=None):
form = AuthForm()
auth = Auth.query.get_or_404(id)
if form.validate_on_submit():
data = form.data
auth_num = Auth.query.filter_by(name=data["auth_name"]).count()
print auth.name
print data["auth_name"]
print auth_num
if auth.name != data["auth_name"] and auth_num == 1:
flash("权限名称已经存在!", "err")
return redirect(url_for("admin.auth_edit", id=id))
auth_url_num = Auth.query.filter_by(url=data["auth_url"]).count()
if auth.url != data["auth_url"] and auth_url_num == 1:
flash("权限地址已经存在!", "err")
return redirect(url_for("admin.auth_edit", id=id))
auth.name = data["auth_name"]
auth.url = data["auth_url"]
db.session.add(auth)
db.session.commit()
flash("修改权限成功!", "ok")
#return redirect(url_for("admin.auth_edit",id=id))
return redirect(url_for("admin.auth_list", page=1))
return render_template("admin/auth_edit.html", form=form, auth=auth)
