def del_user():
user_id = request.args.get('user_id')
if not user_id:
abort(404)
user = User.query.get(user_id)
try:
db.session.delete(user)
db.session.commit()
return Api.success()
except:
db.session.rollback()
return Api.unauth_error(msg='无法删除此用户')
def add_user():
if request.method == "GET":
return render_template('cms_addcmsuser.html')
else:
form = AddUserForm(request.form)
if form.validate():
login_name = form.login_name.data
name = form.name.data
user = User(login_name=login_name,name=name)
user.password = '******'
db.session.add(user)
db.session.commit()
return Api.success()
else:
return Api.params_error(form.get_error)
def edit_user():
user_id = request.args.get('user_id')
if request.method == 'GET':
if not user_id:
abort(404)
user = User.query.get(user_id)
context = {'user':user}
return render_template('/cms_editcmsuser.html',**context)
else:
permission = request.form.get('permission')
if permission:
user = User.query.get(user_id)
user.permission = '管理员' if permission =='1' else '操作员'
db.session.commit()
return Api.success()
else:
return Api.params_error(msg='没有相应的权限')
def reset_pwd():
if request.method == 'GET':
return render_template('cms_resetpwd.html')
else:
form = ResetPwdForm(request.form)
if form.validate():
old_pwd = form.old_pwd.data
new_pwd = form.new_pwd.data
user = g.cms_user
if user.check_pwd(old_pwd):
user.password = new_pwd
db.session.commit()
return Api.success()
else:
return Api.params_error(msg='旧密码错误!')
else:
return Api.params_error(msg=form.get_error)
def login():
if request.method == 'GET':
return render_template('login.html')
else:
form = LoginForm(request.form)
if form.validate():
login_name = form.login_name.data
password = form.password.data
remember = form.remember.data
user = User.query.filter_by(login_name=login_name).first()
if user and user.check_pwd(password):
session[current_app.config['USER_ID']] = user.id
if remember:
session.permanent = True
return Api.success()
else:
return Api.params_error(msg='用户名或密码错误,请重新输入')
else:
return Api.params_error(msg=form.get_error)
