コード例 #1
0
def admin_auth(user_id):
    if get_admin_count() > 0:
        admin_redirect()
    form = AuthForm()
    remove = request.args.get('remove')
    if not User.query.get(user_id):
        return abort(404)
    if form.validate_on_submit():
        if remove != 'True':
            return redirect_after_verification(
                user_id=user_id,
                password=form.code.data,
                auth_func='admin_auth',
                redirect_to='verification.handle_new_admin',
                salt='make-auth')
        else:
            return redirect_after_verification(
                user_id=user_id,
                password=form.code.data,
                auth_func='admin_auth',
                redirect_to='verification.handle_admin_removal',
                salt='remove-auth')
    return render_template('admin-form.html',
                           form=form,
                           authorization=True,
                           user_id=user_id,
                           category='admin',
                           remove=remove)
コード例 #2
0
def auth_add():
    # 权限添加
    form = AuthForm()
    is_flag = True
    if form.validate_on_submit():
        if Auth.query.filter_by(name=form.name.data).first():
            is_flag = False
            flash(u'您输入的权限已存在', 'err')
        if Auth.query.filter_by(url=form.url.data).first():
            is_flag = False
            flash(u'您输入的路由已存在', 'err')
        if is_flag == False:
            return render_template('admin/auth_add.html', form=form)
        auth = Auth(name=form.name.data,
                    level=1,
                    url=form.url.data,
                    html_id=form.html_id.data)
        oplog = Oplog(user_id=session['user_id'],
                      ip=request.remote_addr,
                      reason=u'添加权限:%s' % form.name.data)
        objects = [auth, oplog]
        db.session.add_all(objects)
        db.session.commit()
        flash(u'权限添加成功', 'ok')
        return redirect(url_for('admin.auth_add'))
    return render_template('admin/auth_add.html', form=form)
コード例 #3
0
def auth_edit(id=None):
    # 权限修改
    form = AuthForm()
    form.submit.label.text = u'修改'
    auth = Auth.query.filter_by(id=id).first_or_404()
    is_flag = True
    if request.method == 'GET':
        form.name.data = auth.name
        form.url.data = auth.url
        form.html_id.data = auth.html_id
    if form.validate_on_submit():
        if auth.name != form.name.data and Auth.query.filter_by(
                name=form.name.data).first():
            is_flag = False
            flash(u'您输入的权限已存在', 'err')
        if auth.url != form.url.data and Auth.query.filter_by(
                url=form.url.data).first():
            is_flag = False
            flash(u'您输入的路由已存在', 'err')
        if is_flag == False:
            return render_template('admin/auth_edit.html', form=form)

        auth.name = form.name.data
        auth.url = form.url.data
        auth.html_id = form.html_id.data
        db.session.add(auth)
        oplog = Oplog(user_id=session['user_id'],
                      ip=request.remote_addr,
                      reason=u'修改权限:%s' % form.name.data)
        db.session.add(oplog)
        db.session.commit()
        flash(u'权限修改成功', 'ok')
        return redirect(url_for('admin.auth_list'))
    return render_template('admin/auth_edit.html', form=form)
コード例 #4
0
def auth():
    form = AuthForm()

    if not form.validate_on_submit():
        return send_json_response(message=form.errors, status_code=400)

    if not is_valid_api_key(api_key=form.api_key.data):
        return send_json_response(message={'message': 'Ошибка аутентификации'},
                                  status_code=401)
コード例 #5
0
def authorization(user_id):
    form = AuthForm()
    user = User.query.get(user_id)
    if not user:
        return abort(400)
    if form.validate_on_submit():
        return redirect_after_verification(
            user_id=user_id,
            auth_func='authorization',
            redirect_to='user_operations.delete_user',
            salt='delete-auth',
            password=form.code.data)
    return render_template('delete.html',
                           form=form,
                           authorization=True,
                           user_id=user_id)
コード例 #6
0
def auth_add():
    form = AuthForm()
    if form.validate_on_submit():
        data = form.data
        auth_num = Auth.query.filter_by(name=data["auth_name"]).count()
        if auth_num == 1:
            flash("权限名称已经存在!", "err")
            return redirect(url_for("admin.auth_add"))
        auth_url_num = Auth.query.filter_by(url=data["auth_url"]).count()
        if auth_url_num == 1:
            flash("权限地址已经存在!", "err")
            return redirect(url_for("admin.auth_add"))
        auth = Auth(name=data["auth_name"], url=data["auth_url"])
        db.session.add(auth)
        db.session.commit()
        flash("添加权限成功!", "ok")
        #return redirect(url_for("admin.auth_add"))
        return redirect(url_for("admin.auth_list", page=1))
    return render_template("admin/auth_add.html", form=form)
コード例 #7
0
def auth_edit(id=None):
    form = AuthForm()
    auth = Auth.query.get_or_404(id)
    if form.validate_on_submit():
        data = form.data
        auth_num = Auth.query.filter_by(name=data["auth_name"]).count()
        print auth.name
        print data["auth_name"]
        print auth_num
        if auth.name != data["auth_name"] and auth_num == 1:
            flash("权限名称已经存在!", "err")
            return redirect(url_for("admin.auth_edit", id=id))
        auth_url_num = Auth.query.filter_by(url=data["auth_url"]).count()
        if auth.url != data["auth_url"] and auth_url_num == 1:
            flash("权限地址已经存在!", "err")
            return redirect(url_for("admin.auth_edit", id=id))
        auth.name = data["auth_name"]
        auth.url = data["auth_url"]
        db.session.add(auth)
        db.session.commit()
        flash("修改权限成功!", "ok")
        #return redirect(url_for("admin.auth_edit",id=id))
        return redirect(url_for("admin.auth_list", page=1))
    return render_template("admin/auth_edit.html", form=form, auth=auth)