def adm_post_delete(): data = {} ids = json_to_pyseq(request.argget.all('ids', [])) pending_delete = int(request.argget.all("pending_delete", 1)) for i in range(0, len(ids)): ids[i] = ObjectId(ids[i]) if pending_delete: r = mdb_web.db.post.update_many({"_id": { "$in": ids }}, {"$set": { "is_delete": 3 }}) if r.modified_count: data = { "msg": gettext("Move to a permanently deleted area, {}").format( r.modified_count), "msg_type": "s", "http_status": 204 } else: data = { "msg": gettext("No match to relevant data"), "msg_type": "w", "http_status": 400 } else: if current_user.can(permissions(["IMPORTANT_DATA_DEL"])): data = delete_post(ids=ids) else: abort(401) return data
#!/usr/bin/env python # -*-coding:utf-8-*- from apps.core.flask.login_manager import osr_login_required from apps.core.blueprint import api from apps.core.flask.permission import permission_required from apps.core.flask.response import response_format from apps.modules.setting.process.get_file_log import sys_log from apps.core.flask.permission import permissions __author__ = "Allen Woo" @api.route('/admin/setting/sys/log', methods=['GET']) @osr_login_required @permission_required(permissions(["SYS_SETTING"])) def api_sys_log(): ''' GET: 获取文件日志 name:<str>,日志名称 ip:<str>,要获取哪个主机的日志 page:<int> :return: ''' data = sys_log() return response_format(data)
# -*-coding:utf-8-*- from flask import request from apps.core.flask.login_manager import osr_login_required from apps.configs.sys_config import METHOD_WARNING from apps.core.blueprint import api from apps.core.flask.permission import permission_required from apps.core.flask.response import response_format from apps.modules.post.process.adm_post import adm_get_post, adm_get_posts, adm_post_audit, adm_post_restore, \ adm_post_delete from apps.core.flask.permission import permissions @api.route('/admin/post', methods=['GET', 'POST', 'PUT', 'PATCH', 'DELETE']) @osr_login_required @permission_required(permissions(["AUDIT"])) def api_adm_post(): ''' GET: 1. 根据条件获取文章 sort:<array>,排序, 1表示升序, -1表示降序.如: 按时间降序 [{"issue_time":-1},{"update_time",-1}] 按时间升序 [{"issue_time", 1},{"update_time",1}] 先后按赞(like)数降序, 评论数降序,pv降序, 发布时间降序 [{"like", -1}, {"comment_num", -1}, {"pv", -1},{"issue_time", -1}]; 默认时按时间降序, 也可以用其他字段排序 page:<int>,第几页,默认第1页 pre:<int>, 每页查询多少条 status:<int> , "is_issued"(正常发布) or "draft"(草稿) or "not_audit"(等待审核) or "unqualified"(未通过审核) or "recycle"(用户的回收站) or "user_remove" (user_remove是指用户永久删除或被管理删除的) keyword:<str>, Search keywords, 搜索的时候使用
# -*-coding:utf-8-*- from apps.core.flask.login_manager import osr_login_required from apps.core.blueprint import api from apps.core.flask.permission import permission_required, permissions from apps.core.flask.response import response_format from apps.modules.message.process.send_msg import send_msg __author__ = "Allen Woo" @api.route('/admin/message/send', methods=['POST']) @osr_login_required @permission_required(permissions(["EDITOR"])) def api_adm_send_msg(): ''' POST 发送消息 title:<title>,标题 content:<str>,正文 content_html:<str>,正文html send_type:<array>,发送类型on_site, email, sms . 如:["email"], 也可以同时发送多个个["email", "on_site"] username:<array>, 接收信息的用户名, 如["test", "test2"] :return: ''' data = send_msg() return response_format(data)
# -*-coding:utf-8-*- from flask import request from apps.core.flask.login_manager import osr_login_required from apps.configs.sys_config import METHOD_WARNING from apps.core.blueprint import api from apps.core.flask.permission import permission_required from apps.core.flask.response import response_format from apps.modules.audit.process.rules import audit_rules, audit_rule_add, audit_rule_delete from apps.core.flask.permission import permissions from apps.core.utils.get_config import get_config __author__ = 'Allen Woo' @api.route('/admin/audit/rule/key', methods=['GET']) @osr_login_required @permission_required(permissions(["WEB_SETTING"])) def api_audit_rule_key(): ''' GET: 获取审核规则的所有key与说明, 也就config设置中的audit :return: ''' keys = get_config("name_audit", "AUDIT_PROJECT_KEY") data = {"keys":keys} return response_format(data) @api.route('/admin/audit/rule', methods=['GET', 'POST', 'PUT', 'PATCH', 'DELETE']) @osr_login_required @permission_required(permissions(["WEB_SETTING"])) def api_audit_rule():
def api_access_token(): ''' GET: 客户端获取/刷新AccessToken (必须使用SecretToken验证通过) 如果请求头中带有ClientId 则使用客户端提供的ClientId, 否则创建新的ClientId :return: ''' data = rest_token_auth.create_access_token() return response_format(data) @api.route('/admin/token/secret-token', methods=['GET', 'POST', 'PUT','DELETE']) @osr_login_required @permission_required(permissions(["ROOT"])) def api_rest_token(): ''' 客户端访问使用的secret token管理 GET: 获取所有secret token POST: 创建一个secret token PUT: 激活或禁用一个id token_id:<id>,token id action:<str>,如果为"activate"则激活token, 为"disable"禁用token DELETE: 删除一个token token_id:<id>,token id
from flask import request from apps.core.flask.login_manager import osr_login_required from apps.core.blueprint import api from apps.core.flask.permission import permission_required from apps.core.flask.response import response_format from apps.modules.report.process.basic_access import get_post_access, get_comment_access, get_user_access, get_message, \ get_plugin, get_media, get_inform_data from apps.utils.format.obj_format import json_to_pyseq from apps.core.flask.permission import permissions __author__ = "Allen Woo" @api.route('/admin/report/basic', methods=['GET']) @osr_login_required @permission_required(permissions(["REPORT"])) def api_basic_report(): ''' GET: 获取网站的最基本报表数据 project:<array>,默认全部,可以是post, comment, user, message, plugin, media, inform ''' project = json_to_pyseq(request.argget.all('project', [])) data = {} if "post" in project or not project: data["post"] = get_post_access() if "comment" in project or not project: data["comment"] = get_comment_access()
from apps.core.flask.login_manager import osr_login_required import regex as re from apps.configs.sys_config import METHOD_WARNING from apps.core.blueprint import api from apps.core.flask.permission import permission_required, permissions from apps.core.flask.response import response_format from apps.modules.user.process.role import role, roles, add_role, edit_role, delete_role from apps.configs.config import CONFIG __author__ = "Allen Woo" @api.route('/admin/role/permission', methods=['GET']) @osr_login_required @permission_required(permissions(["USER_MANAGE"])) def get_role_permissions(): ''' GET: 获取所有的权限表 :return: ''' data = [] for k, v in CONFIG["permission"].items(): if not re.search(r"^__.*__$", k): data.append((k, v["value"], v["info"])) data = {"permissions": sorted(data, key=lambda x: x[1])} return response_format(data)
def sys_config_edit(): key = request.argget.all('key') project = request.argget.all('project') value = request.argget.all('value') info = request.argget.all('info') version = mdb_sys.db.sys_config.find_one( {"new_version": { "$exists": True }}, {"_id": 0}) s, r = arg_verify(reqargs=[("key", key), ("project", project)], required=True) if not s: return r # 查看是否是必须root用户才能设置的 if project in MUST_ROOT_SETTING: # 权限检查 user_role = mdb_user.db.role.find_one( {"_id": ObjectId(current_user.role_id)}) if get_num_digits(user_role["permissions"]) < get_num_digits( permissions(["ROOT"])): data = { "msg": gettext("Root permission required"), "msg_type": "w", "http_status": 401 } return data old_conf = mdb_sys.db.sys_config.find_one({ "key": key, "project": project, "conf_version": version["new_version"] }) if not old_conf: data = { "msg": gettext("There is no such data"), "msg_type": "e", "http_status": 404 } else: try: if old_conf["type"] == "int" or old_conf["type"] == "binary": value = int(value) elif old_conf["type"] == "float": value = float(value) elif old_conf["type"] == "string": value = str(value) elif old_conf["type"] == "bool": try: value = int(value) if value: value = True else: value = False except: pass if value or (isinstance(value, str) and value.upper() != "FALSE"): value = True else: value = False elif old_conf["type"] == "list": # 如果不是list类型,则转为list类型 if not isinstance(value, list): # "[]"转list value = json.loads(value) if not isinstance(value, list): # "aaa,bbb,ccc"转["aaa", "bbb", "ccc"] value = value.strip(",").split(",") value = [v.strip("\n") for v in value] elif old_conf["type"] == "dict": if not isinstance(value, dict): value = json.loads(value) if not isinstance(value, dict): data = { "msg": gettext( 'The format of the "value" errors, need a "{}" type' ).format(old_conf["type"]), "msg_type": "e", "http_status": 400 } return data elif old_conf["type"] == "tuple": if not isinstance(value, tuple): value = json.loads(value) if not isinstance(value, tuple): data = { "msg": gettext( 'The format of the "value" errors, need a "{}" type' ).format(old_conf["type"]), "msg_type": "e", "http_status": 400 } return data elif old_conf["type"] == "password": value = str(value) else: data = { "msg": gettext('There is no {}').format(old_conf["type"]), "msg_type": "e", "http_status": 400 } return data except Exception as e: data = { "msg": gettext('The format of the "value" errors, need a "{}" type'). format(old_conf["type"]), "msg_type": "e", "http_status": 400 } return data if not info: info = old_conf["info"] conf = {"value": value, "update_time": time.time(), "info": info} # 更新版本 # 解释:只要有一台服务器端重启web并更新配置, 则会把重启时最新版本加入到used_version中 if version["new_version"] in version["used_versions"]: # 如果目前的最新版本号在used_version中, 则本次修改就要生成更新的配置版本 now_version = time_to_utcdate(tformat="%Y_%m_%d_%H_%M_%S") old_version = mdb_sys.db.sys_config.find( { "project": { "$exists": True }, "conf_version": version["new_version"] }, {"_id": 0}) # 生成最新版本配置 for v in old_version: v["conf_version"] = now_version mdb_sys.db.sys_config.insert_one(v) # 更新当前使用的最新版本号 mdb_sys.db.sys_config.update_one( {"new_version": { "$exists": True }}, {"$set": { "new_version": now_version }}) # 删除多余的配置版本 ver_cnt = len(version["used_versions"]) if ver_cnt >= 15: rm_vers = version["used_versions"][0:ver_cnt - 15] mdb_sys.db.sys_config.update_one( {"new_version": { "$exists": True }}, { "$set": { "used_versions": version["used_versions"][ver_cnt - 15:] } }) mdb_sys.db.sys_config.delete_many( {"version": { "$in": rm_vers }}) else: # 否则, 本次修改暂不生成新配置版本 now_version = version["new_version"] # 更新修改数据 mdb_sys.db.sys_config.update_one( { "project": project, "key": key, "conf_version": now_version }, {"$set": conf}, upsert=True) # 删除缓存,达到更新缓存 cache.delete(CONFIG_CACHE_KEY) data = { "msg": gettext("Modify the success"), "msg_type": "s", "http_status": 201 } return data