def delete_comment(id):
user_id = get_jwt_identity()
is_admin = get_jwt()['is_admin']
query = {"_id": id}
comment = mongo.db.comment.find_one_or_404(query)
print(comment)
if is_admin or comment['user_id'] == user_id:
count = mongo.db.comment.delete_one(query).deleted_count
print(count)
if count != 0:
return "ok"
else:
raise ApiError(NOT_FOUND, 404)
return ApiError(NO_AUTH, 403)
def get_article(id):
articles = mongo.db.article.find_one_or_404({'_id': id})
article = Article(entries=articles)
if article.access_level == 0:
return article.serialize()
else:
raise ApiError(NO_AUTH, 403)
def cancel_like(id):
user_id = get_jwt_identity()
is_admin = get_jwt()['is_admin']
like_query = {"$and": [{"user_id": user_id}, {"article_id": id}]}
query = {"_id": id}
articles = mongo.db.article.find_one_or_404({'_id': id})
article = Article(entries=articles)
if check_article_like_auth(article, is_admin, user_id):
count = mongo.db.like.delete_one(like_query).deleted_count
print(count)
if count != 0:
update_data = {"$inc": {"like_num": -1}}
mongo.db.article.update_one(query, update_data)
return "ok"
else:
raise ApiError(NOT_FOUND, 404)
raise ApiError(NO_AUTH, 403)
def get_family(id):
currentUserId = get_jwt_identity()
is_admin = get_jwt()['is_admin']
family = mongo.db.family.find_one_or_404({'_id': id})
family = Family(entries=family)
# todo: judge special jwt,public family
if check_family_read_auth(family, currentUserId, is_admin):
return family.serialize()
else:
raise ApiError(NO_AUTH, 403)
def add_like(id):
user_id = get_jwt_identity()
is_admin = get_jwt()['is_admin']
like_query = {"$and": [{"user_id": user_id}, {"article_id": id}]}
like = mongo.db.like.find_one(like_query)
if like != None:
raise ApiError(REPETITIVE_OPERATION)
query = {"_id": id}
articles = mongo.db.article.find_one_or_404({'_id': id})
article = Article(entries=articles)
if check_article_like_auth(article, is_admin, user_id):
update_data = {"$inc": {"like_num": 1}}
mongo.db.article.update_one(query, update_data)
like = dict()
like['_id'] = generateID()
like['user_id'] = user_id
like['article_id'] = article.id
like['time'] = currentTime()
mongo.db.like.insert_one(like)
return like
raise ApiError(NO_AUTH, 403)
def delete_family(id):
is_admin = get_jwt()['is_admin']
currentUserId = get_jwt_identity()
query = {"_id": id}
family = mongo.db.family.find_one_or_404({'_id': id})
family = Family(entries=family)
if check_family_read_auth(family, currentUserId, is_admin):
result = mongo.db.family.delete_one(query).deleted_count
## todo:maybe need to delete the connection between family & person
if result != 0:
return "ok"
else:
raise ApiError(NOT_FOUND, 404)
def get_relation(id):
is_admin = get_jwt()['is_admin']
currentUserId = get_jwt_identity()
relation = mongo.db.relation.find_one_or_404({'_id': id})
family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
family = Family(entries=family)
if relation['user_id'] == currentUserId or check_family_read_auth(
family, currentUserId, is_admin):
relation = Relation(entries=relation)
return relation.serialize()
else:
raise ApiError(NO_AUTH, 403)
def delete_relation(id):
is_admin = get_jwt()['is_admin']
query = {"_id": id}
currentUserId = get_jwt_identity()
relation = mongo.db.relation.find_one_or_404(query)
family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
family = Family(entries=family)
if relation['user_id'] == currentUserId or check_family_edit_auth(
family, currentUserId, is_admin):
result = mongo.db.relation.delete_one(query).deleted_count
print(result)
return "ok"
else:
raise ApiError(NO_AUTH, 403)
def update_family(id):
is_admin = get_jwt()['is_admin']
currentUserId = get_jwt_identity()
query = {"_id": id}
data = json.loads(request.get_data())
data = check_data(FamilySchema, data)
family = mongo.db.family.find_one_or_404({'_id': id})
family = Family(entries=family)
if check_family_edit_auth(family, currentUserId, is_admin):
update_data = {"$set": data}
mongo.db.family.update_one(query, update_data)
family = Family(entries=data)
return family.serialize()
else:
raise ApiError(NO_AUTH, 403)
def get_family(id):
currentUserId = get_jwt_identity()
is_admin = get_jwt()['is_admin']
family = mongo.db.family.find_one_or_404({'_id': id})
family = Family(entries=family)
# todo: judge special jwt,public family
if check_family_read_auth(family, currentUserId, is_admin):
memberList = []
for member in family.members:
person = mongo.db.person.find_one_or_404({'_id': member})
memberList.append(person)
family.members = memberList
return family.serialize()
else:
raise ApiError(NO_AUTH, 403)
def query_person(id):
is_admin = get_jwt()['is_admin']
print(is_admin)
currentUserId = get_jwt_identity()
persons = mongo.db.person.find_one_or_404({'_id': id})
person = Person(entries=persons)
print(person.family)
family = mongo.db.family.find_one_or_404({"_id": person.family})
family = Family(entries=family)
print(currentUserId)
if person.user_id == currentUserId or check_family_read_auth(
family, currentUserId, is_admin):
return person.serialize()
else:
raise ApiError(NO_AUTH, 403)
def update_relation(id):
is_admin = get_jwt()['is_admin']
query = {"_id": id}
data = json.loads(request.get_data())
data = check_data(RelationSchema, data)
currentUserId = get_jwt_identity()
relation = mongo.db.relation.find_one_or_404(query)
family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
family = Family(entries=family)
if relation.user_id == currentUserId or check_family_edit_auth(
family, currentUserId, is_admin):
update_data = {"$set": data}
mongo.db.relation.update_one(query, update_data)
relation = Relation(entries=data)
else:
raise ApiError(NO_AUTH, 403)
return relation.serialize()
def add_relation():
is_admin = get_jwt()['is_admin']
data = json.loads(request.get_data())
data = check_data(RelationSchema, data)
current_user_id = get_jwt_identity()
relation = Relation(entries=data)
family = mongo.db.family.find_one_or_404({'_id': relation.family_id})
family = Family(entries=family)
if check_family_edit_auth(family, current_user_id,
is_admin): # todo:need to add admins
relation.id = generateID()
relation.user_id = current_user_id
mongo.db.relation.insert_one(relation)
return relation.serialize()
else:
raise ApiError(NO_AUTH, 403)
def register_user():
data = json.loads(request.get_data())
data = check_data(RegisterUserSchema, data)
if list(mongo.db.user.find({"email": data['email']}))!=[]:
raise ApiError(EMAIL_ALREADY_EXIST)
user = User(entries=data)
user.type = 0
#设定注册时间
user.register_time = currentTime()
#加密
user.passwordHash()
#生成ID
user.id = generateID()
print(user.id)
print(user.serialize())
mongo.db.user.insert_one(user.serialize())
return user.serialize()
def login():
data = json.loads(request.get_data())
check_data(LoginUsersSchema, data)
user = mongo.db.user.find_one_or_404({'email': data['email']})
user = User(user)
result = user.check_password(data['password'])
# no need to use jwt_claim now
additional_claims = {"is_admin": False}
if result:
if user.type == 1:
additional_claims['is_admin'] = True
access_token = create_access_token(identity=user.id,
additional_claims=additional_claims)
# add admin special jwt
# add logout
return jsonify(access_token=access_token)
else:
raise ApiError(WRONG_PASSWORD)
def add_comment(id):
data = json.loads(request.get_data())
data = check_data(CommentSchema, data)
user_id = get_jwt_identity()
is_admin = get_jwt()['is_admin']
query = {"_id": id}
articles = mongo.db.article.find_one_or_404({'_id': id})
article = Article(entries=articles)
#TODO: 权限校验
if check_article_like_auth(article, is_admin, user_id):
comment = dict()
comment['_id'] = generateID()
comment['user_id'] = user_id
comment['article_id'] = id
comment['content'] = data['content']
comment['time'] = currentTime()
mongo.db.comment.insert_one(comment)
return comment
raise ApiError(NO_AUTH, 403)
def update_person(id):
print(id)
is_admin = get_jwt()['is_admin']
currentUserId = get_jwt_identity()
query = {"_id": id}
data = json.loads(request.get_data())
data = check_data(PersonSchema, data)
person = mongo.db.person.find_one_or_404({'_id': id})
family = mongo.db.family.find_one_or_404({"_id": person['family']})
family = Family(entries=family)
if person['user_id'] == currentUserId or check_family_edit_auth(
family, currentUserId, is_admin):
update_data = {"$set": data}
mongo.db.person.update_one(query, update_data)
person = Person(entries=data)
return person.serialize()
else:
raise ApiError(NO_AUTH, 403)
async def put(self, request):
raise ApiError(['Test API error'], 400)
def _authed(*args, **kwargs):
if not is_authed():
raise ApiError("Unauthorized")
return func(*args, **kwargs)
def get_family_detail(id):
is_admin = get_jwt()['is_admin']
'''首先 构建出所有的用户信息dict
id最后应该统一化为string 目前使用的测试数据不统一,因此用了多于代码进行处理
# dict['id':[dict(person),relation]]
# person:
# type:dict
familyTree[id]:personDict
# personDict['name']=string
personDict['mates']:list[person]
personDict['children']:list[person]
'''
currentUserId = get_jwt_identity()
familyMembersDict = dict()
# 构建一个由id persondict组成的列表, 并且root是id号即可
familyTree = dict()
root = None
familyMemberQuery = {"family": id}
family = mongo.db.family.find_one_or_404({'_id': id})
family = Family(entries=family)
if check_family_read_auth(family, currentUserId, is_admin):
familyMebers = list(mongo.db.person.find(familyMemberQuery))
print(familyMebers)
# 以id为key建立索引,方便之后查找
for person in familyMebers:
# 用id为key建立familyMembers字典,属性为(当前角色,当前角色的孩子id,当前角色的matesId),采用这些信息构建familyTree
familyMembersDict[person["_id"]] = [person]
childrenQuery = {"from_person": str(person["_id"]), "type": 1}
mateQuery = {
"from_person": str(person["_id"]),
"$or": [{
"type": 3
}, {
"type": 4
}]
}
childrenRelations = list(mongo.db.relation.find(childrenQuery))
mateRelations = list(mongo.db.relation.find(mateQuery))
childIds = [r['to_person'] for r in childrenRelations]
mateIds = [r['to_person'] for r in mateRelations]
familyMembersDict[person["_id"]].append(childIds)
familyMembersDict[person["_id"]].append(mateIds)
# personDict为最终输出时需要用到的数据
personDict = dict()
personDict['name'] = person['name']
personDict['mates'] = []
personDict['children'] = []
personDict['image_url'] = ""
familyTree[person["_id"]] = personDict
for k, v in familyTree.items():
if root == None:
root = k
childIds = familyMembersDict[k][1]
for id in childIds:
# 如果根节点是当前节点的孩子,那么当前节点是根节点
if root == id:
root = k
familyTree[k]['children'].append(familyTree[id])
mateIds = familyMembersDict[k][2]
for mateid in mateIds:
query = {"_id": mateid}
mate = mongo.db.person.find_one(query)
mateDict = dict()
mateDict['name'] = mate['name']
mateDict['image_url'] = ""
familyTree[k]['mates'].append(mateDict)
print(familyMembersDict)
return familyTree[root]
else:
raise ApiError(NO_AUTH, 403)
def _admin_only(*args, **kwargs):
if Users.query.filter_by(id=session['id'], is_admin=1).first() is None:
raise ApiError("Unauthorized")
return func(*args, **kwargs)
