def login(): data = json.loads(request.get_data()) check_data(LoginUsersSchema, data) user = mongo.db.user.find_one_or_404({'email': data['email']}) user = User(user) result = user.check_password(data['password']) # no need to use jwt_claim now additional_claims = {"is_admin": False} if result: if user.type == 1: additional_claims['is_admin'] = True access_token = create_access_token(identity=user.id, additional_claims=additional_claims) # add admin special jwt # add logout return jsonify(access_token=access_token) else: raise ApiError(WRONG_PASSWORD)
def edit_comment(id): data = json.loads(request.get_data()) data = check_data(CommentSchema, data) user_id = get_jwt_identity() comment_query = {"$and": [{"_id": id}, {"user_id": user_id}]} comment = mongo.db.comment.find_one_or_404(comment_query) comment['content'] = data['content'] update_data = {'$set': comment} mongo.db.comment.update_one(comment_query, update_data) return comment
def add_family(): data = json.loads(request.get_data()) data = check_data(FamilySchema, data) # currentUserId = get_jwt_identity() family = Family(entries=data) family.created_by = currentUserId family.id = generateID() print(family) mongo.db.family.insert_one(family.serialize()) return family.serialize()
def add_person(): # currentUserId = get_jwt_identity() data = json.loads(request.get_data()) data = check_data(PersonSchema, data) # person = Person(entries=data) person.user_id = currentUserId person.id = generateID() print(person.serialize()) mongo.db.person.insert_one(person.serialize()) return person.serialize()
def edit_article(id): data = json.loads(request.get_data()) data = check_data(ArticleSchema,data) user_id = get_jwt_identity() article_query = {"$and":[{"_id":id},{"user_id":user_id}]} article = mongo.db.article.find_one_or_404(article_query) data['modified_time']=currentTime() update_data={'$set':data} mongo.db.article.update_one(article_query,update_data) article = mongo.db.article.find_one_or_404(article_query) return article
def add_article(): data = json.loads(request.get_data()) data = check_data(ArticleSchema,data) user_id = get_jwt_identity() data['_id']=generateID() data['user_id']=user_id data['created_time']=currentTime() data['modified_time']=data['created_time'] data['click_num']=data['like_num']=data['favorite_num']=0 mongo.db.article.insert_one(data) article = mongo.db.article.find_one_or_404({'_id':data['_id']}) return article
def update_family(id): is_admin = get_jwt()['is_admin'] currentUserId = get_jwt_identity() query = {"_id": id} data = json.loads(request.get_data()) data = check_data(FamilySchema, data) family = mongo.db.family.find_one_or_404({'_id': id}) family = Family(entries=family) if check_family_edit_auth(family, currentUserId, is_admin): update_data = {"$set": data} mongo.db.family.update_one(query, update_data) family = Family(entries=data) return family.serialize() else: raise ApiError(NO_AUTH, 403)
def update_relation(id): is_admin = get_jwt()['is_admin'] query = {"_id": id} data = json.loads(request.get_data()) data = check_data(RelationSchema, data) currentUserId = get_jwt_identity() relation = mongo.db.relation.find_one_or_404(query) family = mongo.db.family.find_one_or_404({'_id': relation['family_id']}) family = Family(entries=family) if relation.user_id == currentUserId or check_family_edit_auth( family, currentUserId, is_admin): update_data = {"$set": data} mongo.db.relation.update_one(query, update_data) relation = Relation(entries=data) else: raise ApiError(NO_AUTH, 403) return relation.serialize()
def add_relation(): is_admin = get_jwt()['is_admin'] data = json.loads(request.get_data()) data = check_data(RelationSchema, data) current_user_id = get_jwt_identity() relation = Relation(entries=data) family = mongo.db.family.find_one_or_404({'_id': relation.family_id}) family = Family(entries=family) if check_family_edit_auth(family, current_user_id, is_admin): # todo:need to add admins relation.id = generateID() relation.user_id = current_user_id mongo.db.relation.insert_one(relation) return relation.serialize() else: raise ApiError(NO_AUTH, 403)
def register_user(): data = json.loads(request.get_data()) data = check_data(RegisterUserSchema, data) if list(mongo.db.user.find({"email": data['email']}))!=[]: raise ApiError(EMAIL_ALREADY_EXIST) user = User(entries=data) user.type = 0 #设定注册时间 user.register_time = currentTime() #加密 user.passwordHash() #生成ID user.id = generateID() print(user.id) print(user.serialize()) mongo.db.user.insert_one(user.serialize()) return user.serialize()
def add_comment(id): data = json.loads(request.get_data()) data = check_data(CommentSchema, data) user_id = get_jwt_identity() is_admin = get_jwt()['is_admin'] query = {"_id": id} articles = mongo.db.article.find_one_or_404({'_id': id}) article = Article(entries=articles) #TODO: 权限校验 if check_article_like_auth(article, is_admin, user_id): comment = dict() comment['_id'] = generateID() comment['user_id'] = user_id comment['article_id'] = id comment['content'] = data['content'] comment['time'] = currentTime() mongo.db.comment.insert_one(comment) return comment raise ApiError(NO_AUTH, 403)
def update_person(id): print(id) is_admin = get_jwt()['is_admin'] currentUserId = get_jwt_identity() query = {"_id": id} data = json.loads(request.get_data()) data = check_data(PersonSchema, data) person = mongo.db.person.find_one_or_404({'_id': id}) family = mongo.db.family.find_one_or_404({"_id": person['family']}) family = Family(entries=family) if person['user_id'] == currentUserId or check_family_edit_auth( family, currentUserId, is_admin): update_data = {"$set": data} mongo.db.person.update_one(query, update_data) person = Person(entries=data) return person.serialize() else: raise ApiError(NO_AUTH, 403)