def POST(self):
if (web.config._session.roleid != 1):
raise web.seeother('/')
pdata = web.input(uname=None, action=None)
if pdata.action == "create":
users.add_user(pdata.uname, pdata.utype, pdata.pword)
elif pdata.action == "modify":
users.modify_user(pdata.uname, pdata.utype)
elif pdata.action == 'delete':
users.del_user(pdata.uname)
raise web.seeother('/manager')
def handle_users():
is_admin = current_user.has_group("admins")
if request.method == "POST":
action = get_dict_default(request.form, "action", "")
name = get_dict_default(request.form, "user", "")
pwd1 = get_dict_default(request.form, "password1", "")
pwd2 = get_dict_default(request.form, "password2", "")
groups = get_dict_default(request.form, "groups", "")
if action == "create" or action == "update":
if name != "" and pwd1 != "" and pwd2 != "":
if (not is_admin) and (name != current_user.name):
flash("Operation permitted only to Administrators", "error")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
else:
if pwd1 != pwd2:
flash("Passwords are different!", "error")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
else:
user = create_user(name, pwd1)
if is_admin:
grps = groups.split(',')
grps = map(stripstr, grps)
else:
grps = current_user.groups
for grp in grps:
user.add_group(grp)
add_or_modify_user(user)
if action == "create":
flash("User '%s' created" % name, "info")
else:
flash("User '%s' modified" % name, "info")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
else:
flash("All fields must be compiled!", "error")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
elif action == "delete":
if name != "":
if (not is_admin) and (name != current_user.name):
flash("Operation permitted only to Administrators", "error")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
else:
del_user(name)
flash("User '%s' deleted" % name, "info")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
else:
flash("User name missing!" % name, "error")
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
else:
return ("Internal Server Error", 500, {})
else:
return render_template("users.html", title=cfg_get("AppTitle"), users=get_users(is_admin))
def delUser():
if request.method == 'GET':
return render_template('del_user.html')
elif request.method == 'POST':
name = request.form.get('name')
if name == '':
return render_template('del_user.html', error=u'您必须输入要删除的用户名!')
else:
if del_user(name):
return render_template('del_user.html',
error=u'%s删除成功!' % (name))
else:
return render_template('del_user.html',
error=u'%s用户信息删除失败!' % (name))
def deluser():
#前端get请求,逻辑端通过request.args.get获取参数
uid=request.args.get("uid")
print uid
del_user(uid)
return redirect("/")
def test_delete_user(self):
uid = db.insert('Users', uname='kevin', role=1, password=self.passwd)
users.del_user('kevin')
ret = db.select('Users', where="id=$uid", vars=locals())
with self.assertRaises(IndexError):
print ret[0]
def deluser():
#前端get请求,逻辑端通过request.args.get获取参数
uid = request.args.get("uid")
print uid
del_user(uid)
return redirect("/")
