class RoleListSource(HTTPMethodView):
"""操作Role这张表
"""
decorators = [role_check(), authorized()]
async def get(self, request):
"""直接查看Role中的全部内容,如果有参数service_name,则检查该service_name是否存在
"""
if request.args.get("service_name") is None:
roles = await Role.select()
return json({
"message": {
"rolelist": [{
"servicename": role.service_name
} for role in roles]
}
})
else:
role = await Role.get(
Role.service_name == request.args.get("service_name"))
print(role)
return json({"message": True})
async def post(self, request):
"""为Role表添加新的成员,使用inser_many,传入的必须为一个名为roles的列表,每个元素包含service_name
"""
iq = Role.insert_many(request.json["roles"])
try:
result = await iq.execute()
except Exception as e:
return json({"message": "数据库错误", "error": str(e)}, 500)
else:
if result:
return json({"result": True})
else:
return json({"result": False})
async def delete(self, request):
"""在Role表中删除service_name为name的权限
"""
name = request.json["service_name"]
dq = Role.delete().where(Role.service_name == name)
try:
nr = await dq
except Exception as e:
return json({"message": "数据库错误", "error": e.message}, 500)
else:
if nr:
return json({"result": True})
else:
return json({"result": False})
class UserEmailSource(HTTPMethodView):
"""操作单个用户中的email
"""
decorators = [captcha_check("email"), role_or_self_check(), authorized()]
async def get(self, request, _id):
"""查看用户修改email
"""
try:
user = await User.get(User._id == _id)
except:
return json({"message": "找不到对应用户"}, 401)
else:
return json({
"username": user.username,
"main_email": user.main_email
})
async def post(self, request, _id):
"""为用户修改email,需要传入一个验证码信息
"""
token = request.json["token"]
try:
token_info = request.app.serializer.loads(
token, request.app.config['TOKEN_TIME'])
except SignatureExpired as e:
return json({"message": "token is out of date"}, 401)
source = token_info["source"]
now_id = token_info["_id"]
new_email = token_info["new_email"]
if _id != now_id or source != type(self).__name__:
return json(
{"message": "you do not have permission to update email"}, 401)
else:
try:
user = await User.get(User._id == _id)
except:
return json({"message": "can not find the user"}, 401)
else:
try:
user.main_email = new_email
result = await user.save()
except Exception as e:
print(e)
return json({"result": False})
else:
return json({"result": True})
class UserPasswordSource(HTTPMethodView):
"""操作单个用户中的密码
"""
decorators = [captcha_check("password"), authorized()]
async def post(self, request, _id):
"""为用户修改password,需要传入一个{"token":xxx}
"""
token = request.json["token"]
try:
token_info = request.app.serializer.loads(
token, request.app.config['TOKEN_TIME'])
except SignatureExpired as e:
return json({"message": "token is out of date"}, 401)
source = token_info["source"]
now_id = token_info["_id"]
new_password = token_info["new_password"]
if _id != now_id or source != type(self).__name__:
return json(
{"message": "you do not have permission to update email"}, 401)
else:
try:
user = await User.get(User._id == _id)
except:
return json({"message": "can not find the user"}, 401)
else:
try:
user.password = new_password
result = await user.save()
except Exception as e:
print(e)
return json({"result": False})
else:
return json({"result": True})
class UserRoleSource(HTTPMethodView):
"""操作单个用户中的权限
"""
decorators = [role_or_self_check(), authorized()]
async def get(self, request, _id):
"""获取用户当前的权限信息"""
try:
user = await User.get(User._id == _id)
except:
return json({"message": "找不到对应用户"}, 400)
else:
return json({
"username": user.username,
"roles": [i.service_name for i in await user.roles]
})
async def post(self, request, _id):
"""为用户添加权限需要json传入service_name字段实现
"""
if (request.app.name not in request.args['auth_roles']):
return json({"message": "没有权限添加权限"}, 401)
try:
user = await User.get(User._id == _id)
except:
return json({"message": "找不到用户"}, 400)
else:
try:
role = await Role.get(
Role.service_name == request.json["service_name"])
except:
return json({"message": "找不到想要添加的服务权限"}, 400)
else:
try:
result = await user.roles.add(role)
except:
return json({"result": False})
else:
return json({"result": True})
async def delete(self, request, _id):
"""为用户删除权限
"""
if (request.app.name not in request.args['auth_roles']):
return json({"message": "没有权限删除权限"}, 401)
try:
user = await User.get(User._id == _id)
except:
return json({"message": "找不到用户"}, 400)
else:
try:
role = await Role.get(
Role.service_name == request.json["service_name"])
except Exception as e:
print(e)
return json({"message": "找不到想要删除的服务权限"}, 400)
else:
try:
result = await user.roles.remove(role)
except:
return json({"result": False})
else:
return json({"result": True})
class UserListSource(HTTPMethodView):
"""操作User这张表
"""
decorators = [role_check(), authorized()]
async def get(self, request):
"""直接查看User中的全部内容,可以添加参数name查看username为name的用户是否存在
"""
name = request.args.get("name")
if name:
try:
user = await User.get(User.username == name)
except:
return json({"message": "找不到用户"}, 400)
else:
users = [user]
else:
users = await User.select()
return json({
"userlist": [{
"_id": str(user._id),
"username": user.username,
"main_email": user.main_email,
"roles": [i.service_name for i in await user.roles]
} for user in users]
})
async def post(self, request):
"""为User表批量添加新的成员,使用inser_many,传入的必须为一个名为users的列表,每个元素包含username和password和main_email
"""
try:
request.json["users"]
except:
return json(
{
"message":
"需要传入一个名为users的列表,每个元素包含username和password和main_email"
}, 500)
iq = User.insert_many([{
"_id": uuid.uuid4(),
"username": i["username"],
'password': i['password'],
"main_email": i['main_email'],
"ctime": datetime.datetime.now()
} for i in request.json["users"]])
try:
result = await iq.execute()
except peewee.IntegrityError as pe:
return json({"message": "用户数据已存在"}, 400)
except Exception as e:
return json({"message": "数据库错误", "error": str(e)}, 500)
else:
if result:
return json({"result": True})
else:
return json({"result": False})
async def delete(self, request):
"""在User表中删除_id在users的用户,users传入的是一串_id列表
"""
try:
_ids = request.json["users"]
except:
return json({"message": "需要传入一个名为users的列表,每个元素为user的_id"}, 400)
dq = User.delete().where(User._id << _ids)
try:
result = await dq.execute()
print(result)
except Exception as e:
return json({"message": "数据库错误", "error": str(e)}, 500)
else:
if result:
return json({"result": True})
else:
return json({"result": False})