def todo_edit(request):
"""
编辑页面显示
"""
headers = {
'Content-Type': 'text/html',
}
username = current_user(request)
u = User.find_by(username=username)
# 得到当前编辑的 todo 的 id
# 此时页面的 url 含有 query ?id=1, request.query 解析为了一个字典
todo_id = request.query.get('id', -1)
if todo_id == -1:
# 没找到, 反正错误页面
return error(request)
t = Todo.find_by(id=int(todo_id))
if t.user_id != u.id:
# 如果 todo 的 user_id 不是 对应的 user 的 id, 无法修改该 todo
return redirect('/login')
body = template('todo_edit.html')
body = body.replace('{{todo_id}}', str(t.id))
body = body.replace('{{todo_title}}', str(t.title))
header = response_with_headers(headers)
response = header + '\r\n' + body
return response.encode('utf-8')
def route_login(request):
headers = {
'Content-Type': 'text/html',
}
log('from route_login --> cookies: ', request.cookies)
# 由cookie得到的用户实例,可能为None
u = current_user(request)
# 若有手动输入账号密码且用POST
# 2个 if 解决 有没有 和 对不对 的问题。
if request.method == 'POST':
form = request.form()
# 创建一个新的用户实例
if User.validate_login(form):
# 设置session_id
session_id = random_str()
log("from route_login --> session_id: ", session_id)
u = User.find_by(username=form.get('username'))
session[session_id] = u.id
headers['Set-Cookie'] = 'sid={}'.format(session_id)
result = '登录成功'
else:
result = '用户名或者密码错误'
else:
result = '请POST登录'
body = template('login.html', result=result, username='******')
# 第一次输入用户名密码并提交{{username}}并不会改变,第一次提交cookie中还没有user字段而current_user需要根据这个判断
# 但是可以替换,如下代码所示
if u is not None:
body = body.replace('游客', u.username)
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def todo_index(request):
"""
todo 首页函数
"""
headers = {
'Content-Type': 'text/html',
}
# 找到当前登录的用户, 如果没有登录, 就 redirect 到 /login
username = current_user(request)
u = User.find_by(username=username)
todo_list = Todo.find_all(user_id=u.id)
# 生成 todo list 的 HTML 字段
todos = []
for i, t in enumerate(todo_list):
# 第几个 task 直接用 index 来定位, 不需要新建一个 task_id 来存储
edit_link = f'<a href="/todo/edit?id={t.id}">编辑</a>'
delete_link = f'<a href="/todo/delete?id={t.id}">删除</a>'
s = f'<h3>{i+1} : {t.title} {edit_link} {delete_link}</h3>'
todos.append(s)
todo_html = ''.join(todos)
body = template('todo_index.html')
body = body.replace('{{todos}}', todo_html)
header = response_with_headers(headers)
response = header + '\r\n' + body
return response.encode('utf-8')
def route_login(request):
"""
登录页面的路由函数
"""
headers = {
'Content-Type': 'text/html',
# 'Set-Cookie': 'a=b; c=d'
}
# username 默认是有课, session_id 默认是 ''
username = current_user(request)
if request.method == 'POST':
# 得到 post 过来的 body 数据
# 说明是第一次登录
form = request.form()
# 根据发送来的数据创建一个对象, 和数据库里面的对象比较
u = User(form)
if u.validate_login():
session_id = random_str()
session[session_id] = u.username
# session 变为 {'fdsafeaf1213': '游客注册的用户名'}
headers['Set-Cookie'] = f'user={session_id}'
result = '登录成功'
else:
result = '用户名或者密码错误'
else:
# Get 请求, 打开这个页面的时候的处理
result = ''
body = template('login.html')
body = body.replace('{{result}}', result)
body = body.replace('{{username}}', username)
# 拼接 header
header = response_with_headers(headers)
response = header + '\r\n' + body
return response.encode(encoding='utf-8')
def index(request):
"""
todo 首页的路由函数
"""
u = current_user(request)
todo_list = Todo.find_all(user_id=u.id)
# 下面这行生成一个 html 字符串
todo_html = """
<h3>
{} : {}
<a href="/todo/edit?id={}">编辑</a>
<a href="/todo/delete?id={}">删除</a>
<div> 创建时间:{}</div>
<div> 最后更新时间:{}</div>
</h3>
"""
todo_html = ''.join([
todo_html.format(t.id, t.title, t.id, t.id,
formatted_time(t.created_time),
formatted_time(t.updated_time)) for t in todo_list
])
# 替换模板文件中的标记字符串
body = template('todo_index.html')
body = body.replace('{{todos}}', todo_html)
# 下面 3 行可以改写为一条函数, 还把 headers 也放进函数中
headers = {
'Content-Type': 'text/html',
}
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode()
def edit(request):
"""
todo 首页的路由函数
"""
u = current_user(request)
todo_id = int(request.query.get('id'))
t = Todo.find_by(id=todo_id)
if u.id == t.user_id:
# 替换模板文件中的标记字符串
body = template('todo_edit.html')
body = body.replace('{{todo_id}}', str(t.id))
body = body.replace('{{todo_title}}', t.title)
# 下面可以改写为一条函数, 还把 headers 也放进函数中
headers = {
'Content-Type': 'text/html',
}
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode()
else:
error(request)
def edit(request):
"""
todo edit 的路由函数
"""
headers = {
'Content-Type': 'text/html',
}
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
# 得到当前编辑的 todo 的 id
todo_id = int(request.query.get('id', -1))
t = Todo.find_by(id=todo_id)
if t.user_id != u.id:
return redirect('/login')
# if todo_id < 1:
# return error(404)
# 替换模板文件中的标记字符串
body = template('todo_edit.html')
body = body.replace('{{todo_id}}', str(t.id))
body = body.replace('{{todo_title}}', str(t.title))
# 下面 3 行可以改写为一条函数, 还把 headers 也放进函数中
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def index(request): # todo 首页的路由函数
headers = {
'Content-Type': 'text/html',
}
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
todo_list = Todo.find_all(
user_id=u.id
) # 查找Todo数据库里 todo类的user_id属性和当前用户相等的Todo实例 即属于此用户的Todo数据 # 返回的是一个list包含符合条件的所有对象实例
# 下面这行生成一个 html 字符串
# todo_html = ''.join(['<h3>{} : {} </h3>'.format(t.id, t.title)
# for t in todo_list])
# 上面一行列表推倒的代码相当于下面几行
todos = []
for t in todo_list:
edit_link = '<a href="/todo/edit?id={}">编辑</a>'.format(t.id)
delete_link = '<a href="/todo/delete?id={}">删除</a>'.format(t.id)
s = '<h3>{} : {} {} {}</h3>'.format(t.id, t.title, edit_link,
delete_link)
todos.append(s)
todo_html = ''.join(todos)
# 替换模板文件中的标记字符串
body = template('todo_index.html')
body = body.replace('{{todos}}', todo_html)
# 下面 3 行可以改写为一条函数, 还把 headers 也放进函数中
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def edit(request):
uname = get_cookie(request)
t = User.find_by(username=uname)
if t is None:
return director('/login')
headers = {
'Content-Type:': 'text/html',
}
todo_id = request.query.get('id', -1)
if int(todo_id) < 0:
return director('/error')
log('todo_id', todo_id)
u = Todo.find_by(id=int(todo_id))
if u is None:
return director('/todo')
elif u.user_id != t.id:
return director('/todo')
log('u,', u)
body = template('edit.html')
body = body.replace('{{todo_id}}', str(todo_id))
body = body.replace('{{todo_username}}', u.username)
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode('utf-8')
def admin(request):
headers = {
'Content-Type': 'text/html',
}
u = current_user(request)
# 设定用户id=1是管理员进行权限验证
if u.id != 1:
return redirect('/login')
body = template('admin.html', users=u.all())
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def index(request):
headers = {
'Content-Type': 'text/html',
}
# 以下代码 是选择 加载所有的todo 还是 某个用户专属的todo
u = current_user(request)
# todo_list = To_do.all()
todo_list = Todo.find_all(user_id=u.id, deleted=False) # 如果删除就不现实出来
body = template('todo_index.html', todos=todo_list)
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def edit(request):
todo_id = int(request.query['id'])
t = Todo.find_by(id=todo_id)
body = template('todo_edit.html')
body = body.replace('{{todo_id}}', str(todo_id))
body = body.replace('{{todo_title}}', t.title)
headers = {
'Content-Type': 'text/html',
}
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode()
def route_out(request):
headers = {
'Content-Type': 'text/html',
}
session_id = request.cookies.get('sid', '')
if session_id != '':
session.pop(session_id)
result = '退出成功'
else:
result = '你还没登陆'
body = template('login.html', result=result, username='******')
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def edit(request):
headers = {
'Content-Type': 'text/html',
}
todo_id = int(request.query.get('id'))
t = Todo.find_by(id=todo_id)
u = current_user(request)
# 权限验证: 非授权用户不能更改
if u.id != t.user_id:
return redirect('/todo/index')
body = template('todo_edit.html', t=t)
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def edit(request):
headers = {
'Content-Type': 'text/html',
}
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
todo_id = int(request.query.get('id', -1))
t = Todo.find_by(id=todo_id)
if t.user_id != u.id:
return redirect('/login')
body = templates('todo_edit.html')
body = body.replace('{{todo_id}}', str(t.id))
# print('t.id', t.id)
body = body.replace('{{todo_title}}', str(t.title))
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def index(request):
headers = {'Content-Type': 'text/html'}
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
todo_list = Todo.find_all(user_id=u.id)
# todo_html = ''.join(['<h3>{} : {}</h3>'.format(t.id, t.title) for t in todo_list])
todos = []
for t in todo_list:
edit_link = '<a href="/todo/edit?id={}">编辑</a>'.format(t.id)
delete_link = '<a href="/todo/delete?id={}">删除</a>'.format(t.id)
s = '<h3>{} : {} {} {}</h3>'.format(t.id, t.title, edit_link,
delete_link)
todos.append(s)
todo_html = ''.join(todos)
body = templates('todo_index.html')
body = body.replace('{{todos}}', todo_html)
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')