async def api_modify_password(request, *, user_id, password0, password1,
password2):
if request.__user__ is None:
raise APIPermissionError('You must login first!')
if not user_id or not user_id.strip():
raise APIValueError('user_id', 'user_id can not be empty.')
if not password0 or not password0.strip():
raise APIValueError('password0', 'old password can not be empty.')
if not password1 or not RE_SHA1.match(password1):
raise APIValueError('password1', 'Invalid new password.')
if not password2 or not RE_SHA1.match(password2):
raise APIValueError('password2', 'Invalid confirmimg password.')
user = await User.find(user_id)
if user is None:
raise APIResourceNotFoundError('User not found')
# 检查密码
sha1 = hashlib.sha1()
sha1.update(user_id.encode('utf-8'))
sha1.update(b':')
sha1.update(password0.encode('utf-8'))
if user.password != sha1.hexdigest():
raise APIValueError('password', 'Invalid old password.')
# 修改密码
sha1_password = '******' % (user_id, password1)
user.password = hashlib.sha1(sha1_password.encode('utf-8')).hexdigest()
await user.update()
return dict(user_id=user_id)
async def api_delete_category(id, request):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
cat = await Category.find(id)
if cat is None:
raise APIResourceNotFoundError('Category')
await cat.remove()
return dict(id=id)
async def api_delete_user(id, request):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
user = await User.find(id)
if user is None:
raise APIResourceNotFoundError('User')
await user.remove()
return dict(id=id)
async def api_delete_blog(request, *, id):
if request.__user__ is None or not request.__user__.admin:
raise APIPermissionError('Only admin can do this!')
blog = await Blog.find(id)
if blog is None:
raise APIResourceNotFoundError('Blog')
await blog.remove()
return dict(id=id)
async def api_create_comment(id, request, *, content):
user = request.__user__
if user is None or not user.admin:
raise APIPermissionError('Only admin can do this!')
if not content or not content.strip():
raise APIValueError('comment', 'Comment can not be empty.')
blog = await Blog.find(id)
if blog is None:
raise APIResourceNotFoundError('Blog')
comment = Comment(blog_id=blog.id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=content.strip())
await comment.save()
return comment