def get_own_ad(self, ad_id):
ad_record = self.db.get("SELECT *, sf_ad.id AS ad_id, url.id AS url_id "
"FROM sf_ad JOIN url ON sf_ad.url_id=url.id "
"WHERE sf_ad.id=%s AND sf_ad.status=%s", ad_id, enum.AdStatus.Active)
if ad_record is None:
raise exception.PromptRedirect("不存在的记录")
if self.user['id'] != ad_record['owner_id'] and not self.is_admin:
raise exception.PromptRedirect("您无权查看此记录")
return ad_record
def post(self):
method = self.get_argument("method")
if method == "add":
self.add()
elif method == "modify":
self.modify()
else:
raise exception.PromptRedirect("错误的参数")
def post(self):
method = self.get_argument("method")
if method == "change_password":
self.change_password()
elif method == "add":
self.add_user()
else:
raise exception.PromptRedirect("不支持的方法")
def post(self):
username = self.get_argument("username")
password = self.get_argument("password")
user = self.db.get("SELECT * FROM user WHERE name=%s AND status=%s",
username, 0)
if user is None or user["password"] != password:
raise exception.PromptRedirect("帐号或密码错误")
self.session['user'] = user
self.session.save()
self.redirect("/manage")
def add_user(self):
username = self.get_argument("username")
password = self.get_argument("password")
user_count = self.db.get("SELECT COUNT(0) AS count FROM user WHERE name=%s", username)['count']
if user_count > 0:
raise exception.PromptRedirect("用户名已存在")
self.db.execute("INSERT INTO user(name, password, status, `limit`, type, create_time) VALUES(%s, %s, %s, %s, %s, NOW())",
username, password, enum.UserStatus.Active, 0, enum.Role.Normal)
self.prompt_and_redirect("添加用户成功")
def get(self):
method = self.get_argument("method")
if method == "delete":
self.delete()
else:
raise exception.PromptRedirect("错误的参数")
def wrapper(handler, *args, **kwargs):
if not handler.is_admin:
raise exception.PromptRedirect("没有权限进行此操作。", "/")
return func(handler, *args, **kwargs)
def wrapper(handler, *args, **kwargs):
if not handler.is_login:
raise exception.PromptRedirect("请登录后,执行操作。", "/")
return func(handler, *args, **kwargs)