def get(self):
x ={
'a':self.get_argument("a",""),
'uname':self.get_argument("uname","")
}
tmd = None
title = "添加用户"
if (x['a']=='del'):
if self.accessSelf(x['uname']) or (not self.accessAdmin()):
##1,不能删除自己, 2 非管理员不能删除别人
self.permissionDenied()
return
self.logW(u"删除开发者信息:%s"%(x['uname']))
model.del_user(x['uname'])
self.seeother("/publish")
return
elif (x['a']=='edit'):
if (not self.accessAdmin()) and (not self.accessSelf(x['uname'])) :
##1,只能编辑自己, 2 非管理员不能编辑别人
self.permissionDenied()
return
tmd = model.get_user_by_uname(x['uname'])
title = "编辑用户信息"
elif not self.accessAdmin():
self.permissionDenied()
return
self.render("publish_user.html",pupdate=tmd, ptitle=title,getStatuStr=config.getStatuStr)
def POST(self):
if not check_priv_lvl(2):
raise web.notfound("You don't have the right privilege level to access this")
i = web.input(cin=None)
user_form = self.form()
client_form = self.cin_form()
if 'uid' in i:
logger.info("Deleting user")
model.del_user(i.cin, i.uid)
logger.debug('User Deleted: %d',i.uid)
elif 'new_client' in i:
if client_form.validates():
logger.info("Adding new client")
model.add_client(i.new_client, i.client_name)
logger.debug('Client Added: %d|%s',i.new_client, i.client_name)
elif 'username' in i:
logger.info("Adding user")
if not user_form.validates():
return render.admin(model.get_all_users() if session.cin==0 else model.get_user_by_cin(session.cin), user_form, client_form)
uname, pwd, email = i.username.strip().lower(), i.password.strip(), i.email.strip()
pwd = bcrypt.hashpw(pwd, bcrypt.gensalt(BCRYPT_WLOAD))
cin = i.cin if i.cin else session.cin
ret = model.add_user(cin, uname,pwd, email, i.privilege)
#Checks if CIN exists and if CIN/Username combination exists
if ret == 0:
raise web.notfound("No client exists with this CIN")
elif ret == -1:
raise web.notfound("Username exists with identical CIN")
logger.debug('User added %s', uname)
raise web.seeother('/admin')
def POST(self):
i = web.input()
user_form = self.form()
if not user_form.validates():
return render.admin(model.get_all_users(),user_form)
if 'uid' in i:
model.del_user(i.cin, i.uid)
elif 'username' in i:
uname, pwd, email = i.username.strip().lower(), i.password.strip(), i.email.strip()
pwd = bcrypt.hashpw(pwd, bcrypt.gensalt(BCRYPT_WLOAD))
model.add_user(i.cin, uname,pwd, email)
return render.admin(model.get_all_users(), user_form)
def GET(self, id):
model.del_user(int(id))
raise web.seeother('/usercontrol')
def GET(self, id):
users = model.del_user(id)
raise web.seeother('/approve')
def DELETE(self, id):
"""Delete a user"""
if model.del_user(id) == 1 :
return demjson.encode({"status":"success"})
else:
return demjson.encode({"status":"fail"})
def GET(self, id):
users = model.del_user(id)
raise web.seeother('/approve')
