def new_post():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
post = Post(title=form.title.data, body=form.body.data, author=current_user._get_current_object())
db.session.add(post)
print('hello')
return redirect(url_for('.index'))
else:
print('permission', current_user.can(Permission.WRITE_ARTICLES))
return render_template('new_post.html', form=form)
def topic(topic_id):
if request.method == 'POST':
if current_user.can(Permission.STICK):
post_id = request.form.get('post_id', type=int)
if request.form.get('sticky') == 'False':
Post.query.filter_by(id=post_id).update({'sticky': True})
else:
Post.query.filter_by(id=post_id).update({'sticky': False})
return jsonify(msg='success')
else:
abort(404)
page = request.args.get('page', 1, type=int)
topic_title = Topic.query.filter_by(id=topic_id).first_or_404().title
type = request.args.get('type')
if not type:
pagination = Post.query.filter_by(topic_id=topic_id).\
order_by(Post.sticky.desc(), Post.date_created.desc()).paginate(
page=page, per_page=20, error_out=False
)
posts = pagination.items
elif type == 'essence':
Post.rank_hot(topic_id)
pagination = Post.query.order_by(Post.sticky.desc(), Post.hot_index.desc()).paginate(
page=page, per_page=20, error_out=False
)
posts = pagination.items
else:
abort(404)
return render_template('topic.html', posts=posts, title=topic_title, pagination=pagination)
def home():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and \
form.validate_on_submit():
post = Post(
body=form.body.data,
author=current_user._get_current_object()
)
db.session.add(post)
return redirect(url_for('.index'))
page = request.args.get('page', 1, type=int)
pagination = Post.query.order_by(
Post.timestamp.desc()
).paginate(
page,
per_page=current_app.config['FLASKY_POSTS_PER_PAGE'] or 20,
error_out=False
)
posts = pagination.items
# posts = Post.query.order_by(Post.timestamp.desc()).all()
return render_template(
'index/index.html',
form=form,
posts=posts,
pagination=pagination,
)
def index():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and \
form.validate_on_submit():
# current_user仅仅时一个包含真正用户对象的封装
# 使用_get_current_objects获取真正的对象传给DB
post = Post(body=form.body.data,
author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('.index'))
# 渲染的当前页数,默认为1
page = request.args.get('page', 1, type=int)
# 显示关注者文章
show_followed = False
if current_user.is_authenticated:
show_followed = bool(request.cookies.get('show_followed', ''))
if show_followed:
query = current_user.followed_posts
else:
query = Post.query
# 利用该对象query进行分页导航
pagination = query.order_by(Post.timestamp.desc()).paginate(
page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'],
error_out=False)
posts = pagination.items
return render_template('index.html', form=form, posts=posts,
show_followed=show_followed, pagination=pagination)
def tags():
search_tags = request.args.get('search', None)
page = request.args.get('page', 1, type=int)
the_tags = Tag.query.outerjoin(book_tag).group_by(book_tag.c.tag_id).order_by(
db.func.count(book_tag.c.book_id).desc()).limit(30).all()
search_form = SearchForm()
search_form.search.data = search_tags
data = None
pagination = None
if search_tags:
tags_list = [s.strip() for s in search_tags.split(',') if len(s.strip()) > 0]
if len(tags_list) > 0:
the_books = Book.query
if not current_user.can(Permission.UPDATE_BOOK_INFORMATION):
the_books = Book.query.filter_by(hidden=0)
the_books = the_books.filter(
db.and_(*[Book.tags.any(Tag.name.ilike(word)) for word in tags_list])).outerjoin(Log).group_by(
Book.id).order_by(db.func.count(Log.id).desc())
pagination = the_books.paginate(page, per_page=8)
data = pagination.items
return render_template('book_tag.html', tags=the_tags, title='Tags', search_form=search_form, books=data,
pagination=pagination)
def edit(id):
book = Book.query.get_or_404(id)
if not current_user.can(Permission.EDIT):
abort('403')
form = AddBookForm()
if form.validate_on_submit():
book.front_cover=form.front_cover.data
book.bookname=form.bookname.data
book.introduction=form.introduction.data
book.press=form.press.data
book.author=form.author.data
book.book_type=form.book_type.data
book.published_date=form.published_date.data
book.amount_all=form.amount_all.data
db.session.add(book)
flash('The book has been updated.')
return redirect(url_for('.book', id=book.id))
form.front_cover.data=book.front_cover
form.bookname.data=book.bookname
form.introduction.data=book.introduction
form.press.data=book.press
form.author.data=book.author
form.book_type.data=book.book_type
form.published_date.data=book.published_date
form.amount_all.data=book.amount_all
return render_template('edit_book.html', form=form)
def delete_post(id):
post = Post.query.get_or_404(id)
if current_user != post.author and not current_user.can(Permission.ADMINISTER):
abort(403)
db.session.delete(post)
flash(u'博客已删除')
return redirect(url_for('.index'))
def delete(id):
post = Post.query.get_or_404(id)
if not current_user.can(Permission.ADMINISTER):
abort(403)
db.session.delete(post)
flash('The post has been deleted.')
return redirect(url_for('.index'))
def index():
form = PostForm()
if form.validate_on_submit():
if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
post = Post(body=form.body.data, author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('main.index'))
page = request.args.get('page', 1, type=int)
show_followed =False
if current_user.is_authenticated:
show_followed = bool(request.cookies.get('show_followed', ''))
if show_followed:
query = current_user.followed_posts
else:
query = Post.query
pagination = query.order_by(Post.timestamp.desc()).paginate(page, per_page=current_app.config['POSTS_PER_PAGE'], error_out=False)
posts = pagination.items
res = {
'form': form,
'pagination': pagination,
'posts': posts,
'show_followed': show_followed,
}
return render_template('index.html', **res)
def index():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and \
form.validate_on_submit():
post = Post(body=form.body.data, author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('.index'))
show_followed = False
User.is_authenticated
if current_user.is_authenticated:
show_followed = bool(request.cookies.get('show_followed', ''))
if show_followed:
query = current_user.followed_posts
else:
query = Post.query
# 分页处理
page = request.args.get('page', 1, type=int)
pagination = query.order_by(Post.timestamp.desc()).paginate(
page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'],
error_out=False)
posts= pagination.items
cfgtag=current_app.config['SQLALCHEMY_DATABASE_URI']
return render_template('index.html', form=form, posts=posts,
show_followed=show_followed, pagination=pagination, cfgtag=cfgtag)
def index():
"""
首页
:return: 首页模版
"""
form = PostForm() # 发布新文章
if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
post = Post(body=form.body.data, author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('.index'))
# 显示分页的全部posts或者关注用户的posts
show_followed = False
if current_user.is_authenticated:
show_followed = bool(request.cookies.get('show_followed', '')) # show-followed以字典形式存储在cookies中
if show_followed:
query = current_user.followed_posts
else:
query = Post.query
page = request.args.get('page', 1, type=int)
pagination = query.order_by(Post.timestamp.desc()).paginate(
page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False)
posts = pagination.items
return render_template('index.html',
posts=posts,
form=form,
show_followed=show_followed,
pagination=pagination,
current_time=datetime.utcnow(),
user_agent=request.headers.get('User-Agent'))
def decorated_function(bug_id):
bugs = Bugs.get_by_bug_id(bug_id)
if not (current_user == bugs.author and \
bugs.status_equal(Bug_Now_Status.CREATED)) and \
not current_user.can(Permission.ADMINISTER):
abort(403)
return f(bug_id)
def home():
'''main.home()'''
if current_user.is_authenticated:
if current_user.can('管理'):
return redirect(request.args.get('next') or url_for('status.home'))
return redirect(request.args.get('next') or url_for('profile.overview', id=current_user.id))
return minify(render_template('home.html'))
def new_post():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
allowed_tags = ['a', 'abbr', 'acronym', 'b', 'blockquote', 'code',
'em', 'i', 'li', 'ol', 'pre', 'strong', 'ul',
'h1', 'h2', 'h3', 'p', 'img', 'br', 'font']
bleach.ALLOWED_ATTRIBUTES[u'img'] = [u'src']
bleach.ALLOWED_ATTRIBUTES[u'font'] = [u'face']
body = bleach.linkify(bleach.clean(form.body.data, tags=allowed_tags, strip=True))
post = Post(title=form.title.data,
slug=slugify(form.title.data),
body=body,
author=User.objects(username=current_user.username).first())
post.save()
_old_tags = set()
for x in form.tags.data.split():
old_tag = Tag.objects(name=x).first()
if old_tag:
old_tag.posts.append(post)
old_tag.save()
_old_tags.add(x)
new_tags = [Tag(name=x) for x in form.tags.data.split() if x not in _old_tags]
for t in new_tags:
t.posts.append(post)
t.save()
return redirect(url_for('.index'))
return render_template('new_post.html', form=form)
def index():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
post = Post(body=form.body.data, author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('.index'))
posts = Post.query.order_by(Post.timestamp.desc().all())
return render_template('index.html', form=form, posts=posts)
def delete(slug):
post = Post.objects.get_or_404(slug=slug)
if current_user != post.author and not current_user.can(Permission.ADMINISTER):
abort(403)
for tag in Tag.objects(posts__contains=post).all():
tag.update(pull__posts=post)
post.delete()
flash('Post has been deleted.')
return redirect(url_for('.index'))
def delete(id):
post = Post.query.get_or_404(id)
if not current_user.can(Permission.ADMINISTER):
abort(403)
else:
post.tag.clear()
db.session.commit()
db.session.delete(post)
flash('文章已删除')
return redirect(url_for('.index'))
def postArticle():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and \
form.validate_on_submit():
post = Post(title=form.title.data,
body=form.body.data,
author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('article.postArticle'))
return render_template('article/post_article.html', form=form)
def writing():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and \
form.validate_on_submit():
post = Post(body=form.body.data,
author=current_user._get_current_object())
db.session.add(post)
flash(u'已完成发帖')
return redirect(url_for('blog.index'))
return render_template('blog/writing.html', form=form)
def index():
search_form = SearchForm()
the_books = Book.query
if not current_user.can(Permission.UPDATE_BOOK_INFORMATION):
the_books = the_books.filter_by(hidden=0)
popular_books = the_books.outerjoin(Log).group_by(Book.id).order_by(db.func.count(Log.id).desc()).limit(5)
popular_users = User.query.outerjoin(Log).group_by(User.id).order_by(db.func.count(Log.id).desc()).limit(5)
recently_comments = Comment.query.filter_by(deleted=0).order_by(Comment.edit_timestamp.desc()).limit(5)
return render_template("index.html", books=popular_books, users=popular_users, recently_comments=recently_comments,
search_form=search_form)
def user(username):
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and \
form.validate_on_submit():
post = Post(body=form.body.data,
author=current_user._get_current_object())
db.session.add(post)
user = User.query.filter_by(username=username).first_or_404()
postss = user.posts.order_by(Post.timestamp.desc()).all()
return render_template('user.html', user=user,form=form, posts=postss)
def delete(comment_id):
the_comment = Comment.query.get_or_404(comment_id)
if current_user.id == the_comment.user_id or current_user.can(Permission.DELETE_OTHERS_COMMENT):
the_comment.deleted = 1
book_id = the_comment.book_id
db.session.add(the_comment)
db.session.commit()
flash(u'成功删除一条评论.', 'info')
return redirect(request.args.get('next') or url_for('book.detail', book_id=book_id))
else:
abort(403)
def post(id):
post = Post.query.get_or_404(id)
form = CommentForm()
if current_user.can(Permission.COMMENT) and form.validate_on_submit():
comment = Comment(body=form.body.data,
post=post,
author=current_user._get_current_object())
db.session.add(comment)
return redirect(url_for('.post', id=post.id))
comments = post.comments.order_by(Comment.timestamp.desc()).all()
return render_template('blog/post.html', posts=[post], form=form, comments=comments)
def edit_post(id):
form = EditPostForm()
posts = Post.query.get_or_404(id)
if current_user != posts.author and not current_user.can(Permission.ADMINISTER):
abort(404)
if form.validate_on_submit():
posts.body = form.body.data
db.session.add(posts)
return redirect(url_for('main.post', id=posts.id))
form.body.data = posts.body
return render_template('edit_post.html', form=form)
def write():
form = PostForm()
if current_user.can(Permission.WRITE_ARTICLES) and form.validate_on_submit():
post = Post(title=form.title.data, summary=form.summary.data,
body=form.body.data, private=form.private.data,
author=current_user._get_current_object())
db.session.add(post)
return redirect(url_for('.individual_homepage',
id=current_user.id))
form.private = False
return render_template('write.html', form=form)
def edit_post(post_id):
p = Post.query.get_or_404(post_id)
if current_user != p.author and not current_user.can(Permission.ADMINISTER):
abort(403)
form = PostForm()
if form.validate_on_submit():
p.body = form.body.data
db.session.add(p)
flash("The post has been updated.")
return redirect("/post/" + str(p.id))
form.body.data = p.body
return render_template("edit_post.html", form=form)
def delete(id):
post = Post.query.get_or_404(id)
if current_user != post.author and \
not current_user.can(Permission.ADMINISTER):
abort(403)
currentCat = Category.query.get(post.category_id)
currentCat.count -= 1
Post.delete_post(post)
flash('The post has been deleted.')
return index()
def edit(id):
post = Post.query.get_or_404(id)
if current_user != post.author and not current_user.can(Permission.ADMINISTER):
abort(403)
form = PostForm()
if form.validate_on_submit():
post.body = form.body.data
db.session.add(post)
flash('The post has been updated.')
return redirect(url_for('.post', id=post.id))
form.body.data = post.body
return render_template('main/edit_post.html', form=form)
def editArticle(id):
post = Post.query.get_or_404(id)
if current_user != post.author and not current_user.can(Permission.ADMINISTER):
abort(403)
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.body = form.body.data
db.session.add(post)
flash("The post has been updated.")
form.title.data = post.title
form.body.data = post.body
return render_template('edit_post.html', form=form, posts=[post])
def edit_post(id):
single_post = Post.query.get_or_404(id)
if current_user != single_post.author and \
not current_user.can(Permission.ADMINSTER):
abort(403)
form = PostForm()
if form.validate_on_submit():
single_post.body = form.body.data
db.session.add(single_post)
flash(u'修改成功')
return redirect(url_for('.post', id=id))
form.body.data = single_post.body
return render_template('main/edit_post.html', form=form)
def decorated_function(*args, **kwargs): #function definition
if not current_user.can(permission):
abort(403)
return f(*args, **kwargs)
def decorated_func(*args, **kwargs):
if current_user.can(permission_name):
return func(*args, **kwargs)
abort(403)
def index():
games = Game.query.all()
can_create = current_user.can(Permission.GAME_ADMIN)
return render_template('main/index.html',
games=games,
can_create=can_create)
def decorated_function(*args, **kwargs):
# 调用User模型中的can方法进行权限验证
# TODO:如何获取role属性
if not current_user.can(permission):
abort(403)
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
if not current_user.can(permission):
abort(403)
return func(*args, **kwargs)
def decorated_function(*args, **kwargs):
# 如何不能高这个权重,则返回404
if not current_user.can(permission):
abort(404)
return f(*args, **kwargs)
def check_permissions(*args, **kwargs):
if not current_user.can(permissions):
abort(403)
return f(*args, **kwargs)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
#abort(403)
return render_template('403.html'), 403
return f(*args, **kwargs)
def can_edit_files():
from app.models import Permission
return current_user.can(Permission.WRITE)
def decorated_function(*args, **kwargs): # pylint: disable=C0111
if not current_user.can(permission):
abort(403)
return func(*args, **kwargs)
def decorated_function(*args, **kwargs):
if not current_user.can(resource, permission):
abort(403)
return f(*args, **kwargs)
def user_edit_profile(uploaded_files, username, sex, addr, info):
_data = {}
domain = None
if 'u-domain' in request.value.all and request.value.all['u-domain'].strip():
names = mdb_sys.db.audit_rules.find_one({'type':'username'})
domain = request.value.all['u-domain'].strip().replace(' ','')
if len(domain)<3 or len(domain)>30:
flash({'msg':'个性域名:需要3至30个字符!', 'type':'w'})
return jsonify(_data)
if not re.search(r"^[a-z0-9]+$",domain):
flash({'msg':'个性域名:只能是数字, 小写字母!', 'type':'w'})
return jsonify(_data)
elif mdb_user.db.user_profile.find_one({'domain':domain}) or domain==str(current_user.id):
flash({'msg':'此个性域名已被使用!', 'type':'w'})
return jsonify(_data)
elif domain in names and not current_user.can(Permission.ADMINISTER) and not current_user.is_role(Permission.ECP):
flash({'msg':'此个性域名已被使用!', 'type':'w'})
return jsonify(_data)
if not username:
flash({'msg':'名号不能为空!', 'type':'w'})
return jsonify(_data)
user = mdb_user.db.user.find_one({"username":username})
if user and user["_id"] != current_user.id:
flash({'msg':'此名号已被使用!', 'type':'w'})
return jsonify(_data)
names = mdb_sys.db.audit_rules.find_one({'type':'username'})
try:
t_username = username.upper()
except:
t_username = username
if t_username in names['rule'] and not current_user.can(Permission.ADMINISTER) and not current_user.is_role(Permission.ECP):
flash({'msg':'此名号已被使用!', 'type':'w'})
return jsonify(_data)
if len(username.encode("gbk").decode("gbk")) > 150:
flash({'msg':u'最多150字哦!','type':'w'})
return jsonify(_data)
# ---------------------------------------------------------------
tel = ""
# 地址
_provinces = ''
_city = ''
_area = ''
addrs = addr_f()
if addr['p'].strip("string:"):
for lv in addrs:
if lv['id'] == addr['p'].strip("string:"):
lv1 = lv
_provinces = lv['text']
break
if addr['c'].strip("string:"):
for lv in lv1['children']:
if lv['id'] == addr['c'].strip("string:"):
lv2 = lv
_city = lv['text']
break
if addr['a'].strip("string:"):
for lv in lv2['children']:
if lv['id'] == addr['a'].strip("string:"):
_area = lv['text']
break
addr = {"provinces":_provinces}
addr['city'] = _city
addr['area'] = _area
#性别
if sex:
sex = int(sex)
# 头像
bucket_name = {'b':config['upload'].AVA_B, 'domain':'avatar', 'project':'avatar'}
r = img_up(uploaded_files, bucket_name)
if r['url'] != -1:
if r['url'] == 1:
user_profile = {
'username':username,
'addr':addr,
'info':info,
'tel_num':tel,
'sex':sex
}
else:
user_profile = {
'username':username,
'addr':addr,
'info':info,
'tel_num':tel,
'sex':sex,
'avatar_url':r['url']
}
u_p = mdb_user.db.user_profile.find_one({'user_id':current_user.id})
if u_p:
if not 'default' in u_p['avatar_url']['key']:
img_del(u_p['avatar_url'])
flash({'msg':'头像更改成功,2秒后更新!.','type':'s'})
else:
user_profile = {
'username':username,
'addr':addr,
'info':info,
'tel_num':tel,
'sex':sex
}
mdb_user.db.user.update({"_id":current_user.id}, {"$set":{"username":username}})
if domain:
user_profile['user_domain'] = domain
user.domain = domain
mdb_user.db.user_profile.update({'user_id':current_user.id}, {'$set':user_profile})
flash({'msg':'信息修改成功哦.','type':'s'})
return _data
def delete_comment(comment_id):
comment = Comment.query.get_or_404(comment_id)
if current_user != comment.author and current_user != comment.photo.author and not current_user.can(
'MODERATE'):
abort(403)
page = request.args.get('page', 1, type=int)
db.session.delete(comment)
db.session.commit()
flash('Comment deleted.', 'success')
return redirect(
url_for('main.show_photo', photo_id=comment.photo.id, page=page))
def query_for_requests_to_publish():
if current_user.can(Permission.PUBLISH):
return Article.query.filter_by(request_to_publish=True)
else:
abort(403, description="You don't have permission to publish.")
def decorator_function(*args, **kwargs):
if not current_user.can(permissions):
abort(403)
return f(*args, **kwargs)
def query_for_all_unpublished():
if current_user.can(Permission.PUBLISH):
return Article.query.filter_by(is_published=False)
def decorated_function(*args, **kwargs):
if not current_user.can(permission_name):
abort(403)
return func(*args, **kwargs)
def decorated_function(*args, **kwargs):
if current_user.is_administrator():
return f(*args, **kwargs)
if (not current_user.can(permission)):
abort(403)
return f(*args, **kwargs)
def can_admin(permission):
return current_user.can(permission)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
return jsonify(status='fail', data=[], reason='no permission')
return f(*args, **kwargs)
def follow(id):
user = User.query.get_or_404(id)
if current_user.can(Permission.FOLLOW) and current_user.following(user):
flash('关注成功!')
return redirect(url_for('user.user_center', id=user.id))
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
abort(Constants.FORBIDDEN_PAGE_ERROR_PAGE)
return f(*args, **kwargs)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
abort(403) # forbidden HTTP Error
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
if current_user.can(permission):
return f(*args, **kwargs)
abort(403)
def decorated_funtion(*args, **kwargs):
if not current_user.can(permission):
return redirect(url_for('admin.admin_login'))
return f(*args, **kwargs)
def delete_comment(comment_id):
comment = Comment.query.get_or_404(comment_id)
if current_user != comment.author and current_user != comment.photo.author and not current_user.can(
'MODERATE'):
abort(403)
db.session.delete(comment)
db.session.commit()
flash('Comment deleted', 'info')
return redirect(url_for('main.show_photo', photo_id=comment.photo_id))
def wrap(*args, **kwargs):
if current_user.can(permission):
return func(*args, **kwargs)
else:
abort(501)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
flash(u'您没有权限访问。')
abort(401)
return f(*args, **kwargs)
def board(boardname):
form=PostForm()
board = Board.query.filter_by(name=boardname).first_or_404()
print('board')
if current_user.can(Permission.WRITE) and form.validate_on_submit():
post = Post.new_post(form.title.data, form.body.data, current_user._get_current_object(), board)
return redirect(url_for('.post', id=post.id))
board_show_all=bool(request.cookies.get('board_show_all', ''))
board_popular=bool(request.cookies.get('board_popular', ''))
board_click_above_avg=bool(request.cookies.get('board_click_above_avg', ''))
board_comment_above_avg=bool(request.cookies.get('board_comment_above_avg', ''))
board_user_comment=bool(request.cookies.get('board_user_comment', ''))
board_user_post=bool(request.cookies.get('board_user_post', ''))
page = request.args.get('page', 1, type=int)
pagination = None
avg = None
most_popular_post=None
if board_popular:
query = board.posts
most_popular_post = query.order_by(Post.duration.desc()).limit(1).first()
comments = Comment.query.join(Post, Comment.post_id == Post.id).filter(Post.id == most_popular_post.id).subquery().c
tmp = db.session.query(User, comments.author_id).filter(User.id==comments.author_id)
pagination = tmp.paginate(
page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
error_out=False
)
users = pagination.items
elif board_click_above_avg:
avg_click = board.post_mean_view()
print('平均阅读', avg_click)
query = board.posts.filter(Post.view_count > avg_click)
pagination = query.order_by(Post.view_count.desc()).paginate(
page, per_page=current_app.config['BBS_POSTS_PER_PAGE'],
error_out=False
)
elif board_comment_above_avg:
# 在该版块的所有回帖
comments = Comment.query.join(Post, Comment.post_id == Post.id).filter(Post.board_id == board.id).subquery().c
comment_cnt = db.session.query(comments.id).count()
author_cnt = db.session.query(comments.author_id).group_by(comments.author_id).count()
avg = comment_cnt/author_cnt
# 按在该版块发帖数降序排列的所有用户
counts = func.count('comments.id').label('cnt')
tmp = db.session.query(User, comments.author_id, counts).\
group_by(comments.author_id).filter(User.id==comments.author_id).order_by(counts.desc()).\
having(counts > avg)
pagination = tmp.paginate(
page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
error_out=False
)
elif board_user_comment:
# 在该版块的所有回帖
comments = Comment.query.join(Post, Comment.post_id == Post.id).filter(Post.board_id == board.id).subquery().c
# 按在该版块发帖数降序排列的所有用户
tmp = db.session.query(User, comments.author_id, func.count(comments.id).label('cnt')).\
group_by(comments.author_id).filter(User.id==comments.author_id).order_by(desc('cnt'))
pagination = tmp.paginate(
page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
error_out=False
)
elif board_user_post:
# 在该版块的所有post
posts = Post.query.filter(Post.board_id == board.id).subquery().c
# 按在该版块发帖数降序排列的所有用户
tmp = db.session.query(User, posts.author_id, func.count(posts.id).label('cnt')).\
group_by(posts.author_id).filter(User.id==posts.author_id).order_by(desc('cnt'))
pagination = tmp.paginate(
page, per_page=current_app.config['BBS_USERS_PER_PAGE'],
error_out=False
)
else:
board_show_all = True
pagination = board.posts.order_by(Post.timestamp.desc()).paginate(
page, per_page=current_app.config['BBS_POSTS_PER_PAGE'],
error_out=False
)
posts = pagination.items
users = pagination.items
print(len(posts), len(users))
print(board_show_all, board_popular, board_click_above_avg, board_comment_above_avg,
board_user_comment)
return render_template('board.html', form=form, board=board, posts=posts, users=users, pagination=pagination,
board_show_all = board_show_all, board_popular=board_popular,
board_click_above_avg=board_click_above_avg, board_comment_above_avg=board_comment_above_avg,
board_user_comment=board_user_comment,board_user_post=board_user_post, avg_comment = avg, post=most_popular_post)
def wrap(*args, **kwargs):
if not current_user.can(p):
abort(403) # 没权限p返回403错误码
return f(*args, **kwargs)