def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改新闻属性'))
if permission.can()is not True:
abort_if_unauthorized("修改新闻属性")
category = Category.query.filter(Category.id == id).first()
abort_if_not_exist(category, "category")
args = parser_spec.parse_args()
name = args['name']
if name != None and name != category.name:
c = Category.query.filter(Category.name == name).first()
abort_if_exist(c, "category")
category.name = name
db.session.add(category)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除新闻属性'))
if permission.can()is not True:
abort_if_unauthorized("删除新闻属性")
id = int(id)
category = Category.query.filter(Category.id == id).first()
abort_if_not_exist(category, "category")
db.session.delete(category)
db.session.commit()
else:
abort(404, message="api not found")
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改新闻标签'))
if permission.can() is not True:
abort_if_unauthorized("修改新闻标签")
tag = Tag.query.filter(Tag.id == id).first()
abort_if_not_exist(tag, "tag")
args = parser_spec.parse_args()
name = args['name']
if name != None and name != tag.name:
t = Tag.query.filter(Tag.name == name).first()
abort_if_exist(t, "tag")
tag.name = name
db.session.add(tag)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除新闻标签'))
if permission.can() is not True:
abort_if_unauthorized("删除新闻标签")
tag = Tag.query.filter(Tag.id == id).first()
abort_if_not_exist(tag, "tag")
db.session.delete(tag)
db.session.commit()
else:
abort(404, message="api not found")
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改新闻属性'))
if permission.can() is not True:
abort_if_unauthorized("修改新闻属性")
category = Category.query.filter(Category.id == id).first()
abort_if_not_exist(category, "category")
args = parser_spec.parse_args()
name = args['name']
if name != None and name != category.name:
c = Category.query.filter(Category.name == name).first()
abort_if_exist(c, "category")
category.name = name
db.session.add(category)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除新闻属性'))
if permission.can() is not True:
abort_if_unauthorized("删除新闻属性")
id = int(id)
category = Category.query.filter(Category.id == id).first()
abort_if_not_exist(category, "category")
db.session.delete(category)
db.session.commit()
else:
abort(404, message="api not found")
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改新闻标签'))
if permission.can()is not True:
abort_if_unauthorized("修改新闻标签")
tag = Tag.query.filter(Tag.id == id).first()
abort_if_not_exist(tag, "tag")
args = parser_spec.parse_args()
name = args['name']
if name != None and name != tag.name:
t = Tag.query.filter(Tag.name == name).first()
abort_if_exist(t, "tag")
tag.name = name
db.session.add(tag)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除新闻标签'))
if permission.can()is not True:
abort_if_unauthorized("删除新闻标签")
tag = Tag.query.filter(Tag.id == id).first()
abort_if_not_exist(tag, "tag")
db.session.delete(tag)
db.session.commit()
else:
abort(404, message="api not found")
def post(self,id):
request_arg=RequestMethod_parser.parse_args()
requestMethod=request_arg['requestMethod']
if requestMethod=="PUT":
if current_user.is_anonymous==True:
abort_if_unauthorized("修改用户")
permission=Permission(ActionNeed("修改用户"))
permission1=EditUserPermission(EditUserNeed(current_user.id))
if (permission.can()is not True)and (permission1.can()is not True):
abort_if_unauthorized("修改用户")
user=User.query.filter(User.id==id).first()
abort_if_not_exist(user,"user")
args=User1_parser.parse_args()
# userId=args['userId']
status=args['status']
email=args['email']
phone=args['phone']
passWord=args['passWord']
roleName=args['roleName']
userName=args['userName']
if userName!=None and userName!=user.userName:
user1=User.query.filter(User.userName==userName).first()
abort_if_exist(user1,"userName")
user.userName=userName
if status!=None and permission.can():
user.status=status
if email!=None:
user.email=email
if phone!=None:
user.phone=phone
if passWord!=None:
user.passWord=generate_password_hash(passWord)
if roleName!=None and permission.can():
try:
roleName=list(eval(roleName[0]))
except:
pass
r=list()
for name in roleName:
role=Role.query.filter(Role.roleName==name).first()
abort_if_not_exist(role,"role")
r.append(role)
user.roles=r
if userName!=None:
user.userName=userName
db.session.add(user)
db.session.commit()
elif requestMethod=="DELETE":
permission=Permission(ActionNeed("删除用户"))
if permission.can()is not True:
abort_if_unauthorized("删除用户")
user=User.query.filter(User.id==id).first()
abort_if_not_exist(user,"user")
db.session.delete(user)
db.session.commit()
else:
abort(404,message="api not found")
def inject_app_root():
admin_permission = Permission(RoleNeed('admin'))
debug_permission = Permission(RoleNeed('debug'))
statistics_permission = Permission(RoleNeed('statistics'))
return dict(
name = None if current_user.is_anonymous else \
current_user.name or current_user.email,
p_admin = admin_permission.can(),
p_debug = debug_permission.can(),
p_statistics = statistics_permission.can(),
)
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改新闻'))
if permission.can()is not True:
abort_if_unauthorized("修改新闻")
news = News.query.filter(News.id == id).first()
abort_if_not_exist(news, "news")
args = NewsSpec_parser.parse_args()
category = args['category']
detail = args['detail']
title = args['title']
editable = args['editable']
tags = args['tags']
try:
tags = list(eval(tags[0]))
except:
pass
if category != None:
news.category = []
news.addCategory(category)
if detail != None:
news.detail = detail
soup, imgUrlFirst = handle_html(detail)
news.img_url = imgUrlFirst
outline = soup.get_text()[:80]
news.outline = outline
if title != None:
news.title = title
if editable != None:
news.editable = editable
if tags != None:
news.tags = []
for tag in tags:
news.addTag(tag)
db.session.add(news)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除新闻'))
if permission.can()is not True:
abort_if_unauthorized("删除新闻")
news = News.query.filter(News.id == id).first()
abort_if_not_exist(news, "news")
db.session.delete(news)
db.session.commit()
else:
abort(404, message="api not found")
def decorator(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if not current_user.is_authenticated:
return abort(401)
if perm.can():
return f(*args, **kwargs)
return abort(403)
def post(post_id):
form = CommentForm()
if form.validate_on_submit():
new_comment = Comment()
new_comment.name = form.name.data
new_comment.text = form.text.data
new_comment.post_id = post_id
new_comment.date = datetime.now()
db.session.add(new_comment)
db.session.commit()
return redirect(url_for('.post', post_id=post_id))
post = Post.query.get_or_404(post_id)
# 添加阅读量
post.read = post.read + 1
db.session.add(post)
db.session.commit()
tags = post.tags
comments = post.comments.order_by(Comment.date.desc()).all()
# 是否有编辑权限
permission = Permission(UserNeed(post.user.id))
is_edit = permission.can() or admin_permission.can()
if g.is_login:
form.name.data = current_user.username
return render_template('post.html',
post=post,
tags=tags,
is_edit=is_edit,
comments=comments,
form=form)
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "POST":
permission = Permission(ActionNeed('添加用户'))
if permission.can()is not True:
abort_if_unauthorized("添加用户")
args = User_parser.parse_args()
try:
args['roleName'] = list(eval(args['roleName'][0]))
except:
pass
userName = args['userName']
passWord = args['passWord']
email = args['email']
roleName = args['roleName']
phone = args['phone']
user1 = User.query.filter(User.userName == userName).first()
abort_if_exist(user1, "userName")
try:
html = render_template(
"Admin/user_info.html", user_name=userName, password=passWord, flag="创建账号")
send_email("社团网账号信息", [email], html)
user = User(userName, passWord, email, phone)
for name in roleName:
role = Role.query.filter(Role.roleName == name).first()
abort_if_not_exist(role, "role")
user.roles.append(role)
db.session.add(user)
db.session.commit()
except:
pass
else:
abort(404, message="api not found")
def get(self, id):
permission = Permission(ActionNeed(('查看新闻')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻")
silder_show = SilderShow.query.filter(SilderShow.id == id).first()
abort_if_not_exist(silder_show, "silder_show")
return silder_show
def edit_post(id):
post = Post.query.get_or_404(id)
permission = Permission(UserNeed(post.author.id))
# 设置访问本视图的权限
if permission.can() or admin_permission.can():
# 判断Identity是否有要求的permission
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('blog.post', post_id=post.id))
form.text.data = post.text
return render_template('blog/edit.html', form=form, post=post)
abort(403)
def edit_post(id):
post = Post.query.get_or_404(id)
#保证用户市登录的
if not current_user:
return redirect(url_for('main.login'))
if current_user != post.users:
return redirect(url_for('blog.post', post_id=id))
#当user是poster或者admin,才可以编辑文章
permission = Permission(UserNeed(post.users.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.published_date = datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('blog.post', post_id=post.id))
else:
abort(403)
form.title.data = post.title
form.text.data = post.text
return render_template('edit_post.html', form=form, post=post)
def get(self, id):
permission = Permission(ActionNeed(('查看新闻')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻")
news = News.query.filter(News.id == id).first()
abort_if_not_exist(news, "news")
return news
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "POST":
permission = Permission(ActionNeed('添加新闻'))
if permission.can()is not True:
abort_if_unauthorized("添加新闻")
args = News_parser.parse_args()
category = args['category']
detail = args['detail']
title = args['title']
tags = args['tags']
try:
tags = list(eval(tags[0]))
except:
pass
soup, imgUrlFirst = handle_html(detail)
outline = soup.get_text()[:80]
news = News(soup.prettify(), title, outline, imgUrlFirst)
db.session.add(news)
db.session.commit()
news.addCategory(category)
for tag in tags:
t = Tag.query.filter_by(name=tag).first()
abort_if_not_exist(t, "tag")
news.tags.append(t)
db.session.add(news)
db.session.commit()
else:
abort(404, message="api not found")
def decorator(*args, **kwargs):
topicId = kwargs.get('topicId')
permission = Permission(EditTopicNeed(topicId))
if not permission.can():
flash(_('You have no permission'), 'warning')
return redirect(url_for('topic.topic', topicId=topicId))
return func(*args, **kwargs)
def post(self, restaurant_id, user_id):
identityPermission = Permission(UserNeed(user_id))
if not identityPermission.can():
abort(403)
#data = parser.parse_args()
data = request.get_json(force=True)
order = data['orders'][0]
order['status'] = "new"
order_items = data['order_items']
today = datetime.datetime.now()
#将request里面的json key转化为数据库model的key
'''
for i in order_items:
temp_item['id'] = i['order_history_item_id']
temp_item['number'] = i['number']
temp_item['name'] = i['name']
temp_item['description'] = i['description']
temp_item['image'] = i['image']
temp_item['price'] = i['price']
temp_item['order_history_id'] = i['order_history_id']
items.append(temp_item.copy())
order_items = items
'''
#用户自身的订单记录
OrderHistoryDao.add_order_history(today, order['desk_number'],
order['total_price'],
order['restaurant_id'],
order['user_id'], order_items)
#同时要发送到餐厅的订单记录
OrderDao.add_order(today, order['desk_number'], order['total_price'],
order['status'], order['restaurant_id'],
order_items)
DaoHelper.commit(db)
return 204
def post(self):
request_arg=RequestMethod_parser.parse_args()
requestMethod=request_arg['requestMethod']
if requestMethod=="POST":
permission=Permission(ActionNeed('添加用户'))
if permission.can()is not True:
abort_if_unauthorized("添加用户")
args=User_parser.parse_args()
try:
args['roleName']=list(eval(args['roleName'][0]))
except:
pass
userName=args['userName']
passWord=args['passWord']
email=args['email']
roleName=args['roleName']
phone=args['phone']
user1=User.query.filter(User.userName==userName).first()
abort_if_exist(user1,"userName")
user=User(userName,passWord,email,phone)
for name in roleName:
role=Role.query.filter(Role.roleName==name).first()
abort_if_not_exist(role,"role")
user.roles.append(role)
db.session.add(user)
db.session.commit()
else:
abort(404,message="api not found")
def edit_post(id):
# 此处验证用login_required装饰器代替
"""
if not g.current_user:
return redirect(url_for('main.login'))
"""
post = Post.query.get_or_404(id)
# 此处使用用户权限进行限制访问
"""
if current_user != post.user:
abort(403)
"""
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
if form.title.data == post.title and form.text.data == post.text:
flash('no changes detected!', category='message')
else:
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def get(self, id):
permission = Permission(ActionNeed(('查看新闻')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻")
news = News.query.filter(News.id == id).first()
abort_if_not_exist(news, "news")
return news
def _contact_handler(user_id, endpoint):
contact = Contact.query.get(user_id) if user_id else Contact()
contact_form = ContactForm(obj=contact)
admin_permisssion = Permission(RoleNeed('admin'))
if not admin_permisssion.can():
del contact_form.roles
credentials_form = CredentialsForm(obj=contact)
forms = {
'contact_details': contact_form,
'contact_credentials': credentials_form,
}
current_form = forms.get(request.form.get('action'))
if current_form and current_form.validate_on_submit():
contact = Contact.query.get(user_id) if user_id else Contact()
current_form.populate_obj(contact)
if not contact.id:
db.session.add(contact)
db.session.commit()
flash(_('User updated.'), 'success')
kwargs = {
'user_id': contact.id,
}
return redirect(url_for(endpoint, **kwargs))
context = {
'user_id': contact.id,
'contact': contact,
'contact_form': contact_form,
'credentials_form': credentials_form,
}
return render_template('admin/users/form.html', **context)
def status(self, value):
old_status = self._status
assert value in status_enum_list
if value == self._status:
return True
roles_accepted = self.roles_accepted.get(value, None)
if roles_accepted:
perm = Permission(*[RoleNeed(role) for role in roles_accepted])
if not perm.can():
raise RuntimeError("You're not authorized to set this status")
status_required = self.status_required.get(value, None)
if status_required and self._status != status_required:
raise ValueError("You cannot set status from {} to {}".format(self._status, value))
self._status = value
self.status_changed()
taxi = TaxiM.cache.get(self.taxi_id)
taxi.synchronize_status_with_hail(self)
client = influx_db.get_client(current_app.config['INFLUXDB_TAXIS_DB'])
try:
client.write_points([{
"measurement": "hails_status_changed",
"tags": {
"added_by": User.query.get(self.added_by).email,
"operator": self.operateur.email,
"zupc": taxi.ads.zupc.insee,
"previous_status": old_status,
"status": self._status
},
"time": datetime.utcnow().strftime('%Y%m%dT%H:%M:%SZ'),
"fields": {
"value": 1
}
}])
except Exception as e:
current_app.logger.error('Influxdb Error: {}'.format(e))
def article_edit(id):
article = BlogArticle.query.get_or_404(id)
if not current_user:
return redirect(url_for('site.login'))
if current_user != article.user:
return redirect(url_for('blog.article_one', id=id))
permission = Permission(UserNeed(article.user.id))
if permission.can() or permission_admin.can():
form = ArticleForm()
if form.validate_on_submit():
article.title = form.title.data
article.content = form.content.data
article.publish_time = datetime.datetime.now()
db.session.add(article)
db.session.commit()
return redirect(url_for('blog.article_one', id=article.id))
else:
abort(403)
form.title.data = article.title
form.content.data = article.content
return render_template('blog/article/edit.html',
obj_form=form,
article_one=article)
def edit_post(id):
post = Post.query.get_or_404(id)
if not current_user:
return redirect(url_for('main.login'))
if current_user != post.users:
return redirect(url_for('blog.post', post_id=id))
# 当 user 是 poster 或者 admin 时, 才能够编辑文章
permission = Permission(UserNeed(post.users.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
# Update the post
db.session.add(post)
db.session.commit()
return redirect(url_for('blog.post', post_id=post.id))
# Still retain the original content, if validate is false.
form.title.data = post.title
form.text.data = post.text
return render_template('edit_post.html', form=form, post=post)
else:
abort(403)
def edit_post(id):
if not current_user:
return redirect(url_for('main.login'))
post = Post.query.get_or_404(id)
if current_user != post.user:
abort(403)
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.add(post)
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def get(self,id):
permission=Permission(ActionNeed(('查看权限节点')))
if permission.can() is not True:
abort_if_unauthorized("查看权限节点")
node=Node.query.filter(Node.id==id).first()
abort_if_not_exist(node,"node")
return node
def edit_post(id):
post = Post.query.get_or_404(id)
# Ensure the user logged in.
if not current_user:
return redirect(url_for('main.login'))
# Only the post onwer can be edit this post.
if current_user != post.user:
return redirect(url_for('blog.post', post_id=id))
# Admin can be edit the post.
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.now()
# Update the post
db.session.add(post)
db.session.commit()
return redirect(url_for('blog.post', post_id=post.id))
else:
abort(403)
form.title.data = post.title
form.text.data = post.text
return render_template('edit_post.html', form=form, post=post)
def get(self, id):
permission = Permission(ActionNeed(('查看权限节点')))
if permission.can() is not True:
abort_if_unauthorized("查看权限节点")
node = Node.query.filter(Node.id == id).first()
abort_if_not_exist(node, "node")
return node
def post(self):
request_arg=RequestMethod_parser.parse_args()
requestMethod=request_arg['requestMethod']
print(requestMethod)
if requestMethod=="POST":
permission=Permission(ActionNeed('添加角色'))
if permission.can()is not True:
abort_if_unauthorized("添加角色")
args=Role_parser.parse_args()
roleName=args['roleName']
try:
nodeName=list(eval(args['nodeName'][0]))
except:
nodeName=args['nodeName']
role1=Role.query.filter(Role.roleName==roleName).first()
abort_if_exist(role1,"roleName")
role=Role(roleName)
db.session.add(role)
db.session.commit()
for name in nodeName:
node=Node.query.filter(Node.nodeName==name).first()
abort_if_not_exist(node,"node")
role.nodes.append(node)
db.session.add(role)
db.session.commit()
else:
abort(404,message="api not found")
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
print(requestMethod)
if requestMethod == "POST":
permission = Permission(ActionNeed('添加角色'))
if permission.can()is not True:
abort_if_unauthorized("添加角色")
args = Role_parser.parse_args()
roleName = args['roleName']
try:
nodeName = list(eval(args['nodeName'][0]))
except:
nodeName = args['nodeName']
role1 = Role.query.filter(Role.roleName == roleName).first()
abort_if_exist(role1, "roleName")
role = Role(roleName)
db.session.add(role)
db.session.commit()
for name in nodeName:
node = Node.query.filter(Node.nodeName == name).first()
abort_if_not_exist(node, "node")
role.nodes.append(node)
db.session.add(role)
db.session.commit()
else:
abort(404, message="api not found")
def get(self, id):
permission = Permission(ActionNeed(('查看新闻')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻")
silder_show = SilderShow.query.filter(SilderShow.id == id).first()
abort_if_not_exist(silder_show, "silder_show")
return silder_show
def before_request():
q_per = AuthManager.query.filter(
AuthManager.route_name == request.path).all()
if q_per:
role = set()
for p in q_per:
permission = p.permission
if permission:
roles = permission.split(',')
role.update(roles)
if role:
per = Permission()
for r in role:
if r:
per = per.union(Permission(RoleNeed(r)))
# print(per.can())
if current_user.username == 'god':
return
if not per.can():
abort(403)
else:
# print(request.path, "is not set auth.")
pass
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "POST":
permission = Permission(ActionNeed('添加新闻'))
if permission.can() is not True:
abort_if_unauthorized("添加新闻")
args = News_parser.parse_args()
category = args['category']
detail = args['detail']
title = args['title']
tags = args['tags']
try:
tags = list(eval(tags[0]))
except:
pass
soup = BeautifulSoup(detail, "html.parser")
k = 0
for img in soup.find_all('img'):
imgurl = img.get('src')
r = request.urlopen(imgurl)
data = r.read()
imgBuf = BytesIO(data)
i = Image.open(imgBuf)
filename = str(
int(random.uniform(1, 1000) + time.time())) + ".png"
path = os.path.join(app.config['BASEDIR'],
'aunet/static/Uploads/News', filename)
# return path;
i.save(path, quality="96")
f = open(path, "rb")
data = f.read()
data = base64.b64encode(data)
data = str(data)
data = data[2:-1]
data = "data:image/jpg;base64," + data
img['src'] = data
# return img
k = k + 1
if k > 1:
os.remove(path)
else:
imgUrlFirst = "static/Uploads/News/" + filename
if k == 0:
imgUrlFirst = "static/Uploads/News/1.jpg" #默认的新闻展示图片
# return imgUrlFirst
outline = soup.get_text()[:100]
news = News(soup.prettify(), title, outline, imgUrlFirst)
db.session.add(news)
db.session.commit()
news.addCategory(category)
for tag in tags:
t = Tag.query.filter_by(name=tag).first()
abort_if_not_exist(t, "tag")
news.tags.append(t)
db.session.add(news)
db.session.commit()
else:
abort(404, message="api not found")
def decorator(*args, **kwargs):
permission = Permission(RoleNeed('confirmed'))
if not permission.can():
flash(_("You haven't confirm your account,Please confirmed"),
'warning')
return redirect(
url_for('user.user', user_url=current_user.username))
return func(*args, **kwargs)
def get(self, id):
permission = Permission(ActionNeed(('查看角色')))
if permission.can() is not True:
abort_if_unauthorized("查看角色")
role = Role.query.filter(Role.id == id).first()
abort_if_not_exist(role, "role")
data = build_role_data(role)
return data
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改角色'))
if permission.can()is not True:
abort_if_unauthorized("修改角色")
role = Role.query.filter(Role.id == id).first()
abort_if_not_exist(role, "role")
args = RoleSpec_parser.parse_args()
roleName = args['roleName']
nodeName = args['nodeName']
status = args['status']
if roleName != None and roleName != role.roleName:
r = Role.query.filter_by(roleName=roleName).first()
abort_if_exist(r, "rolename")
role.roleName = roleName
if status != None:
if role.rolename != "超管": # 不能禁用超管角色
role.status = status
if nodeName != None:
try:
nodeName = list(eval(nodeName[0]))
except:
pass
n = list()
for name in nodeName:
node = Node.query.filter(Node.nodeName == name).first()
abort_if_not_exist(node, "node")
n.append(node)
role.nodes = n
db.session.add(role)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除角色'))
if permission.can()is not True:
abort_if_unauthorized("删除角色")
role = Role.query.filter(Role.id == id).first()
abort_if_not_exist(role, "role")
db.session.delete(role)
db.session.commit()
else:
abort(404, message="api not found")
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改角色'))
if permission.can() is not True:
abort_if_unauthorized("修改角色")
role = Role.query.filter(Role.id == id).first()
abort_if_not_exist(role, "role")
args = RoleSpec_parser.parse_args()
roleName = args['roleName']
nodeName = args['nodeName']
status = args['status']
if roleName != None and roleName != role.roleName:
r = Role.query.filter_by(roleName=roleName).first()
abort_if_exist(r, "rolename")
role.roleName = roleName
if status != None:
if role.rolename != "超管": # 不能禁用超管角色
role.status = status
if nodeName != None:
try:
nodeName = list(eval(nodeName[0]))
except:
pass
n = list()
for name in nodeName:
node = Node.query.filter(Node.nodeName == name).first()
abort_if_not_exist(node, "node")
n.append(node)
role.nodes = n
db.session.add(role)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除角色'))
if permission.can() is not True:
abort_if_unauthorized("删除角色")
role = Role.query.filter(Role.id == id).first()
abort_if_not_exist(role, "role")
db.session.delete(role)
db.session.commit()
else:
abort(404, message="api not found")
def decorated_function(*args, **kwargs):
if not current_user.is_authenticated():
return redirect(url_for('login_bp.login', next=request.path))
for key in role_keys:
permisssion = Permission(RoleNeed(key))
if permisssion.can():
return f(*args, **kwargs)
return abort(403)
def decorated_view(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
if _security._unauthorized_callback:
return _security._unauthorized_callback()
else:
return _get_unauthorized_view()
def put(self, topicId):
def callback():
return jsonify(judge=False, error=_('You have no permission'))
permission = Permission(EditTopicNeed(topicId))
if not permission.can():
self.callback = callback
return True
def decorated_view(*args, **kwargs):
perm = Permission(*[FsPermNeed(fsperm) for fsperm in fsperms])
if perm.can():
return fn(*args, **kwargs)
if _security._unauthorized_callback:
# Backwards compat - deprecated
return _security._unauthorized_callback()
return _security._unauthz_handler(permissions_accepted, list(fsperms))
def decorated_view(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
if _security._unauthorized_callback:
return _security._unauthorized_callback()
else:
return _get_unauthorized_view()
def decorated_view(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
if _security._unauthorized_callback:
# Backwards compat - deprecated
return _security._unauthorized_callback()
return _security._unauthz_handler(roles_accepted, list(roles))
def decorator(*args, **kwargs):
permission = Permission(RoleNeed('confirmed'))
if not permission.can():
flash(
_("You haven't confirm your account,Please confirmed"),
'warning')
return redirect(url_for('user.user',
user_url=current_user.username))
return func(*args, **kwargs)
def put(self, topicId):
def callback():
flash(_("You have no permission"), 'warning')
return redirect(url_for('topic.topic', topicId=topicId))
permission = Permission(EditTopicNeed(topicId))
if not permission.can():
self.callback = callback
return True
def can_access(endpoint):
""" Method used in templates only, it helps to validate endpoint access """
f = current_app.view_functions[endpoint]
if not hasattr(f, 'role_keys'):
return True
for role_key in f.role_keys:
permisssion = Permission(RoleNeed(role_key))
if permisssion.can():
return True
return False
def get(self):
permission = Permission(ActionNeed(('查看用户')))
if permission.can() is not True:
abort_if_unauthorized("查看用户")
datas = list()
users = User.query.all()
for user in users:
data = build_user_data(user)
datas.append(data)
return datas
def get(self, id):
permission = Permission(ActionNeed(('查看新闻栏目')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻栏目")
category = Category.query.filter_by(id=id).first()
abort_if_not_exist(category, "category")
data = dict()
data['name'] = category.name
data['id'] = category.id
return data
def get(self, id):
permission = Permission(ActionNeed(('查看新闻标签')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻标签")
tag = Tag.query.filter_by(id=id).first()
abort_if_not_exist(tag, "tag")
data = dict()
data['name'] = tag.name
data['id'] = tag.id
return data
def get(self):
permission = Permission(ActionNeed(('查看角色')))
if permission.can() is not True:
abort_if_unauthorized("查看角色")
roles = Role.query.all()
datas = list()
for role in roles:
data = build_role_data(role)
datas.append(data)
return datas
def post(self):
form = request.form.getlist('add-to-collect')
for collectId in form:
try:
collectId = int(collectId)
permission = Permission(PostCollect(collectId))
if not permission.can():
return True
except ValueError:
abort(403)
def post(self, id):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "PUT":
permission = Permission(ActionNeed('修改新闻'))
if permission.can()is not True:
abort_if_unauthorized("修改新闻")
silder_show = SilderShow.query.filter(SilderShow.id == id).first()
abort_if_not_exist(silder_show, "silder_show")
args = SilderShowSpec_parser.parse_args()
title = args['title']
imgUrl = args['imgUrl']
try:
imgUrl = dataurl_to_img(imgUrl)
except:
imgUrl = args['imgUrl']
outline = args['outline']
editable = args['editable']
link = args['link']
if title != None:
silder_show.title = title
if imgUrl != None:
silder_show.img_url = imgUrl
if outline != None:
silder_show.outline = outline
if editable != None:
silder_show.editable = editable
if link != None:
silder_show.link = link
db.session.add(silder_show)
db.session.commit()
elif requestMethod == "DELETE":
permission = Permission(ActionNeed('删除新闻'))
if permission.can()is not True:
abort_if_unauthorized("删除新闻")
silder_show = SilderShow.query.filter(SilderShow.id == id).first()
abort_if_not_exist(silder_show, "silder_show")
db.session.delete(silder_show)
db.session.commit()
else:
abort(404, message="api not found")
def get(self):
permission = Permission(ActionNeed(('查看新闻标签')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻标签")
tags = Tag.query.all()
datas = list()
for tag in tags:
data = dict()
data['name'] = tag.name
data['id'] = tag.id
datas.append(data)
return datas
def get(self):
permission = Permission(ActionNeed(('查看新闻栏目')))
if permission.can() is not True:
abort_if_unauthorized("查看新闻栏目")
categorys = Category.query.all()
datas = list()
for category in categorys:
data = dict()
data['name'] = category.name
data['id'] = category.id
datas.append(data)
return datas
def post(self):
def callback():
flash(
_("You haven't confirm your account,Please confirmed"),
'warning')
return redirect(url_for('user.user',
user_url=current_user.username))
permission = Permission(RoleNeed('confirmed'))
if not permission.can():
self.callback = callback
return True
def status(self, value):
assert value in status_enum_list
if value == self.__status:
return True
roles_accepted = self.roles_accepted.get(value, None)
if roles_accepted:
perm = Permission(*[RoleNeed(role) for role in roles_accepted])
if not perm.can():
raise RuntimeError("You're not authorized to set this status")
status_required = self.status_required.get(value, None)
if status_required and self.__status != status_required:
raise ValueError("You cannot set status from {} to {}".format(self.__status, value))
self.__status = value
self.status_changed()
TaxiM.query.get(self.taxi_id).synchronize_status_with_hail(self)
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "POST":
permission = Permission(ActionNeed('修改新闻标签'))
if permission.can()is not True:
abort_if_unauthorized("修改新闻标签")
args = parser.parse_args()
name = args['name']
t = Tag.query.filter(Tag.name == name).first()
abort_if_exist(t, "tag")
tag = Tag(name)
db.session.add(tag)
db.session.commit()
else:
abort(404, message="api not found")
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "POST":
permission = Permission(ActionNeed("添加新闻属性"))
if permission.can()is not True:
abort_if_unauthorized("添加新闻属性")
args = parser.parse_args()
name = args['name']
c = Category.query.filter(Category.name == name).first()
abort_if_exist(c, "category")
category = Category(name)
db.session.add(category)
db.session.commit()
else:
abort(404, message="api not found")
