def admin_auth(user_id): if get_admin_count() > 0: admin_redirect() form = AuthForm() remove = request.args.get('remove') if not User.query.get(user_id): return abort(404) if form.validate_on_submit(): if remove != 'True': return redirect_after_verification( user_id=user_id, password=form.code.data, auth_func='admin_auth', redirect_to='verification.handle_new_admin', salt='make-auth') else: return redirect_after_verification( user_id=user_id, password=form.code.data, auth_func='admin_auth', redirect_to='verification.handle_admin_removal', salt='remove-auth') return render_template('admin-form.html', form=form, authorization=True, user_id=user_id, category='admin', remove=remove)
def auth_add(): # 权限添加 form = AuthForm() is_flag = True if form.validate_on_submit(): if Auth.query.filter_by(name=form.name.data).first(): is_flag = False flash(u'您输入的权限已存在', 'err') if Auth.query.filter_by(url=form.url.data).first(): is_flag = False flash(u'您输入的路由已存在', 'err') if is_flag == False: return render_template('admin/auth_add.html', form=form) auth = Auth(name=form.name.data, level=1, url=form.url.data, html_id=form.html_id.data) oplog = Oplog(user_id=session['user_id'], ip=request.remote_addr, reason=u'添加权限:%s' % form.name.data) objects = [auth, oplog] db.session.add_all(objects) db.session.commit() flash(u'权限添加成功', 'ok') return redirect(url_for('admin.auth_add')) return render_template('admin/auth_add.html', form=form)
def auth_edit(id=None): # 权限修改 form = AuthForm() form.submit.label.text = u'修改' auth = Auth.query.filter_by(id=id).first_or_404() is_flag = True if request.method == 'GET': form.name.data = auth.name form.url.data = auth.url form.html_id.data = auth.html_id if form.validate_on_submit(): if auth.name != form.name.data and Auth.query.filter_by( name=form.name.data).first(): is_flag = False flash(u'您输入的权限已存在', 'err') if auth.url != form.url.data and Auth.query.filter_by( url=form.url.data).first(): is_flag = False flash(u'您输入的路由已存在', 'err') if is_flag == False: return render_template('admin/auth_edit.html', form=form) auth.name = form.name.data auth.url = form.url.data auth.html_id = form.html_id.data db.session.add(auth) oplog = Oplog(user_id=session['user_id'], ip=request.remote_addr, reason=u'修改权限:%s' % form.name.data) db.session.add(oplog) db.session.commit() flash(u'权限修改成功', 'ok') return redirect(url_for('admin.auth_list')) return render_template('admin/auth_edit.html', form=form)
def auth(): form = AuthForm() if not form.validate_on_submit(): return send_json_response(message=form.errors, status_code=400) if not is_valid_api_key(api_key=form.api_key.data): return send_json_response(message={'message': 'Ошибка аутентификации'}, status_code=401)
def authorization(user_id): form = AuthForm() user = User.query.get(user_id) if not user: return abort(400) if form.validate_on_submit(): return redirect_after_verification( user_id=user_id, auth_func='authorization', redirect_to='user_operations.delete_user', salt='delete-auth', password=form.code.data) return render_template('delete.html', form=form, authorization=True, user_id=user_id)
def auth_add(): form = AuthForm() if form.validate_on_submit(): data = form.data auth_num = Auth.query.filter_by(name=data["auth_name"]).count() if auth_num == 1: flash("权限名称已经存在!", "err") return redirect(url_for("admin.auth_add")) auth_url_num = Auth.query.filter_by(url=data["auth_url"]).count() if auth_url_num == 1: flash("权限地址已经存在!", "err") return redirect(url_for("admin.auth_add")) auth = Auth(name=data["auth_name"], url=data["auth_url"]) db.session.add(auth) db.session.commit() flash("添加权限成功!", "ok") #return redirect(url_for("admin.auth_add")) return redirect(url_for("admin.auth_list", page=1)) return render_template("admin/auth_add.html", form=form)
def auth_edit(id=None): form = AuthForm() auth = Auth.query.get_or_404(id) if form.validate_on_submit(): data = form.data auth_num = Auth.query.filter_by(name=data["auth_name"]).count() print auth.name print data["auth_name"] print auth_num if auth.name != data["auth_name"] and auth_num == 1: flash("权限名称已经存在!", "err") return redirect(url_for("admin.auth_edit", id=id)) auth_url_num = Auth.query.filter_by(url=data["auth_url"]).count() if auth.url != data["auth_url"] and auth_url_num == 1: flash("权限地址已经存在!", "err") return redirect(url_for("admin.auth_edit", id=id)) auth.name = data["auth_name"] auth.url = data["auth_url"] db.session.add(auth) db.session.commit() flash("修改权限成功!", "ok") #return redirect(url_for("admin.auth_edit",id=id)) return redirect(url_for("admin.auth_list", page=1)) return render_template("admin/auth_edit.html", form=form, auth=auth)