def bulletin_board():
req_data = request.get_json()
admin_id = g.admin_id
title = req_data.get("title")
content = req_data.get("content")
if not all([admin_id, title, content]):
return jsonify(msg="参数不完整", code=4000), 400
# 存的是 公告
board = Board(title=title, content=content, admin_id=admin_id)
db.session.add(board)
# 存操作日志
ip = request.remote_addr
detail = "添加了公告:" + title
aol = AdminOperateLog(admin_id=admin_id, ip=ip, detail=detail)
db.session.add(aol)
try:
db.session.commit()
except Exception as e:
print(e)
db.session.rollback()
return jsonify(msg="提交不成功", code=4001), 400
return jsonify(msg="提交成功", code=200), 200
def delete_user():
"""
用户的用户名
:return:
"""
admin_id = g.admin_id
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
delete_user_username = req_dict.get("username")
# 参数完整的校验
if not all([delete_user_username, ip_addr]):
return jsonify(code=400, msg="参数不完整")
user = User.query.filter(User.username == delete_user_username).first()
if user is None:
return jsonify(code=400, msg="查询不到用户")
try:
user.status = "删除"
db.session.add(user)
detail = "删除了用户: %s " % user
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(code=200, msg="删除用户成功!")
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=400, msg="执行操作失败")
def bulletin_board():
admin_id = g.admin_id # 获取管理员的id
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
title = req_dict.get("title")
content = req_dict.get("content")
# 校验参数
# 参数完整的校验
if not all([title, content, ip_addr]):
return jsonify(code=400, msg="参数不完整")
# 将数据保存
board = Board(title=title, content=content, admin_id=admin_id)
try:
detail = "发送了新公告: %s " % title
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(board)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(code=200, msg="保存数据成功")
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=400, msg="保存数据失败")
def delete_tag():
admin_id = g.admin_id
json_data = request.get_json()
ip_addr = request.remote_addr
tag = json_data.get("tag")
if not all([ip_addr, tag]):
return jsonify(code=4001, msg="参数不完整"), 400
# 删除标签 软删除
# t = Tag.query.filter_by(name=tag).delete()
t = Tag.query.filter_by(name=tag).first()
if t and t.status is True:
t.status = False
else:
return jsonify(code=4002, msg="标签不存在"), 400
detail = "删除了旧标签: %s " % tag
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(admin_operate_log)
db.session.add(t)
try:
db.session.commit()
return jsonify(code=200, msg="删除标签成功")
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=4004, msg="删除标签失败")
def bulletin_board():
admin_id = g.admin_id # 获取管理员的id
admin_name = session.get("username") # 获取管理员的名字
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
title = req_dict.get("title")
content = req_dict.get("content")
# 校验参数
# 参数完整的校验
if not all([title, content, ip_addr]):
return jsonify(re_code=400, msg="参数不完整")
# 将数据保存
board = Board(title=title, content=content, admin_id=admin_id)
try:
detail = "管理员:%s --> id:%s ; 新发送了公告 <%s> " % (admin_name, admin_id,
title)
admin_operate_log = AdminOperateLog(admin_id=admin_id,
ip=ip_addr,
detail=detail)
db.session.add(board)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(re_code=200, msg="保存数据成功")
except:
db.session.rollback()
return jsonify(re_code=400, msg="保存数据失败")
def add_manager():
"""
需要的用户信息
管理员用户名
管理员密码
管理员权限等级 1 2 4 8 16 32
注意:
管理员只能创建权限比自己小的子管理员
32 权限的管理员是超级管理员
:return:
"""
admin_id = g.admin_id
admin_name = session.get("username") # 获取管理员的名字
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
new_admin_username = req_dict.get("username")
new_admin_password = req_dict.get("password")
new_admin_power = req_dict.get("power")
# 校验参数
# 参数完整的校验
if not all(
[new_admin_username, new_admin_password, ip_addr, new_admin_power]):
return jsonify(re_code=400, msg="参数不完整")
# 获取当前管理员的信息
current_admin = Admin.query.get(admin_id)
if not current_admin:
return jsonify(re_code=400, msg="当前管理员出错")
# 获取当前管理员的权限
current_admin_power = current_admin.authority
if not current_admin_power:
current_admin_power = 1
else:
current_admin_power = int(current_admin_power)
# 判断当前管理员的权限是否比新管理员权限大
if current_admin_power > new_admin_power:
new_admin = Admin(username=new_admin_username,
password=new_admin_password,
authority=new_admin_power)
try:
db.session.add(new_admin)
detail = "管理员:%s --> id:%s ; 添加了新管理员:%s " % (admin_name, admin_id,
new_admin_username)
admin_operate_log = AdminOperateLog(admin_id=admin_id,
ip=ip_addr,
detail=detail)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(re_code=200, msg="添加管理员成功")
except:
db.session.rollback()
return jsonify(re_code=400, msg="保存数据失败,或许用户名冲突,请稍后再试")
else:
return jsonify(re_code=400, msg="当前管理员无法添加此权限用户")
def delete_manager():
"""
需要的用户信息
管理员用户名
:return:
"""
admin_id = g.admin_id
admin_name = session.get("username") # 获取管理员的名字
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
delete_admin_username = req_dict.get("username")
# 参数完整的校验
if not all([delete_admin_username, ip_addr]):
return jsonify(code=400, msg="参数不完整")
# 获取当前管理员的信息
current_admin = Admin.query.get(admin_id)
if not current_admin:
return jsonify(code=400, msg="当前管理员出错")
# 获取当前管理员的权限
current_admin_power = current_admin.power
if current_admin_power != "超级管理员":
return jsonify(code=400, msg="当前管理员权利不够删除管理员")
# 执行操作
if current_admin_power == "超级管理员":
delete_admin = Admin.query.filter_by(username=delete_admin_username).first()
if not delete_admin:
return jsonify(code=400, msg="查询不到将要删除的管理员")
# 如果删除的是自己
if delete_admin.username == admin_name:
return jsonify(code=400, msg="不能删除自己信息")
try:
delete_admin.status = "删除"
db.session.add(delete_admin)
detail = "删除了管理员: %s " % delete_admin_username
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(code=200, msg="删除管理员成功!")
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=400, msg="执行操作失败")
return jsonify(code=400, msg="未知错误")
def post_blog_article():
"""
title
content
summary
admin_id
tags = []
:return:
"""
admin_id = g.admin_id # 博主的id
req_data = request.get_json()
ip_addr = request.remote_addr
title = req_data.get("title") # 标题
content = req_data.get("content") # 内容
summary = req_data.get("summary") # 简介
logo = req_data.get("logo") # 封面
status = req_data.get("status") # 状态 "发布", "草稿"
tags = req_data.get("tags") # ["name","name"]
if not all([title, content, summary, tags, logo]):
return jsonify(code=4000, msg="参数不完整")
if status not in ("发布", "草稿"):
return jsonify(code=4001, msg="参数出错")
try:
blog = Blog(title=title, content=content, summary=summary, admin_id=admin_id, status=status,logo=logo)
# 查询标签添加博客标签
t = Tag.query.filter(Tag.name.in_(tags)).all()
blog.tags = t
if status == "草稿":
detail = "添加草稿: %s " % title
else:
detail = "发布博客: %s " % title
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(blog)
db.session.add(admin_operate_log)
db.session.commit()
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=4002, msg="操作出错,数据库出错")
return jsonify(code=200, msg="操作成功", id=blog.id)
def add_manager():
"""
需要的用户信息
管理员用户名
管理员密码
权限 管理员 超级管理员
注意:
管理员只能创建权限比自己小的子管理员
:return:
"""
admin_id = g.admin_id
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
new_admin_username = req_dict.get("username")
new_admin_password = req_dict.get("password")
# 参数完整的校验
if not all([new_admin_username, new_admin_password, ip_addr]):
return jsonify(code=400, msg="参数不完整")
# 获取当前管理员的信息
current_admin = Admin.query.get(admin_id)
if not current_admin:
return jsonify(code=400, msg="当前管理员出错")
# 获取当前管理员的权限
current_admin_power = current_admin.power
# 判断管理员是否是超级管理员
if current_admin_power == "超级管理员":
avatar = "http://bilibili.com"
new_admin = Admin(username=new_admin_username, password=new_admin_password, power="管理员",
avatar=avatar)
try:
db.session.add(new_admin)
detail = "添加了新管理员: %s " % new_admin_username
# 操作日志
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(code=200, msg="添加管理员成功")
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=400, msg="保存数据失败,或许用户名冲突,请稍后再试")
else:
return jsonify(code=400, msg="当前管理员无法添加此权限用户")
def delete_tag():
admin_id = g.admin_id
json_data = request.get_json()
ip_addr = request.remote_addr
tag = json_data.get("tag")
if not all([ip_addr, tag]):
return jsonify(code=4001, msg="参数不完整")
try:
# 删除标签
t = Tag.query.filter_by(name=tag).delete()
detail = "删除了旧标签: %s " % tag
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(code=200, msg="删除标签成功")
except Exception as e:
print(e)
return jsonify(code=4004, msg="删除标签失败")
def delete_blog_article():
"""
status
状态 正常 草稿
:return:
"""
req_data = request.get_json()
ip_addr = request.remote_addr
status = req_data.get("status") # 博客状态 "发布", "草稿", "删除"
bid = req_data.get("id") # 博客id
admin_id = g.admin_id # 博主id
if not all([ip_addr, status, bid, admin_id]):
return jsonify(code=4000, msg="参数不完整")
if status not in ["发布", "草稿", "删除"]:
return jsonify(code=4001, msg="状态更改失败")
blog = Blog.query.get(bid)
if blog is None or blog.status == "删除":
return jsonify(code=4002, msg="博客不存在")
# 如果 不是超级管理员 也不是作者 那么出错
if blog.admin_id != admin_id and admin_id != 1:
return jsonify(code=4002, msg="你不是作者")
if blog.status == status:
return jsonify(code=200, msg="操作成功")
detail = "修改了文章状态: %s --> %s " % (blog.status, status)
try:
blog.status = status
# 添加操作日志
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(admin_operate_log)
db.session.add(blog)
db.session.commit()
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=4003, msg="修改出错,请稍后再试")
return jsonify(code=200, msg="操作成功")
def add_tag():
admin_id = g.admin_id
json_data = request.get_json()
ip_addr = request.remote_addr
tag = json_data.get("tag")
if not all([ip_addr, tag]):
return jsonify(code=4001, msg="参数不完整")
try:
# 添加标签
t = Tag(name=tag)
detail = "添加了新标签: %s " % tag
admin_operate_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(t)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(code=200, msg="新增标签成功")
except Exception as e:
db.session.rollback()
print(e)
return jsonify(code=4004, msg="新增标签失败")
def delete_comment():
req_json = request.get_json()
ip_addr = request.remote_addr
admin_id = g.admin_id
comment_id = req_json.get("comment_id")
if not all([admin_id, comment_id, ip_addr]):
return jsonify(code=4000, msg="参数不完整")
try:
# 删除评论
blog = Comment.query.filter(Comment.id == comment_id).delete()
if blog != 1:
return jsonify(code=400, msg="删除评论失败,评论不存在")
detail = "删除了评论 %d " % comment_id
user_log = AdminOperateLog(admin_id=admin_id, ip=ip_addr, detail=detail)
db.session.add(user_log)
db.session.commit()
return jsonify(code=200, msg="删除了评论成功")
except Exception as e:
print(e)
db.session.rollback()
return jsonify(code=400, msg="删除评论失败,请稍后再试")
def delete_manager():
"""
需要的用户信息
管理员用户名
判断
当前管理员的权限是否大于等于16
只有大于等于16的管理员才能删管理员
:return:
"""
admin_id = g.admin_id
admin_name = session.get("username") # 获取管理员的名字
ip_addr = request.remote_addr # 获取管理员登录的ip
req_dict = request.get_json()
delete_admin_username = req_dict.get("username")
# 参数完整的校验
if not all([delete_admin_username, ip_addr]):
return jsonify(re_code=400, msg="参数不完整")
# 获取当前管理员的信息
current_admin = Admin.query.get(admin_id)
if not current_admin:
return jsonify(re_code=400, msg="当前管理员出错")
# 获取当前管理员的权限
current_admin_power = current_admin.authority
if not current_admin_power:
current_admin_power = 1
else:
current_admin_power = int(current_admin_power)
if current_admin_power < 16:
return jsonify(re_code=400, msg="当前管理员权利不够删除管理员")
# 执行操作
if current_admin_power >= 16:
delete_admin = Admin.query.filter_by(
username=delete_admin_username).first()
if not delete_admin:
return jsonify(re_code=400, msg="查询不到将要删除的管理员")
# 如果删除的是超级管理员
if delete_admin.authority > current_admin_power:
return jsonify(re_code=400, msg="当前管理员权利不够删除此管理员")
# 如果删除的是自己
if delete_admin.username == admin_name:
return jsonify(re_code=400, msg="不能删除自己信息")
try:
db.session.delete(delete_admin)
detail = "管理员:%s --> id:%s ; 删除了管理员:%s " % (admin_name, admin_id,
delete_admin_username)
admin_operate_log = AdminOperateLog(admin_id=admin_id,
ip=ip_addr,
detail=detail)
db.session.add(admin_operate_log)
db.session.commit()
return jsonify(re_code=200, msg="删除管理员成功!")
except:
db.session.rollback()
return jsonify(re_code=400, msg="执行操作失败")
return jsonify(re_code=400, msg="未知错误")