Пример #1
0
def delete_comment(id):
    user_id = get_jwt_identity()
    is_admin = get_jwt()['is_admin']
    query = {"_id": id}
    comment = mongo.db.comment.find_one_or_404(query)
    print(comment)
    if is_admin or comment['user_id'] == user_id:
        count = mongo.db.comment.delete_one(query).deleted_count
        print(count)
        if count != 0:
            return "ok"
        else:
            raise ApiError(NOT_FOUND, 404)
    return ApiError(NO_AUTH, 403)
Пример #2
0
def get_article(id):
    articles = mongo.db.article.find_one_or_404({'_id': id})
    article = Article(entries=articles)
    if article.access_level == 0:
        return article.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #3
0
def cancel_like(id):
    user_id = get_jwt_identity()
    is_admin = get_jwt()['is_admin']
    like_query = {"$and": [{"user_id": user_id}, {"article_id": id}]}
    query = {"_id": id}
    articles = mongo.db.article.find_one_or_404({'_id': id})
    article = Article(entries=articles)
    if check_article_like_auth(article, is_admin, user_id):
        count = mongo.db.like.delete_one(like_query).deleted_count
        print(count)
        if count != 0:
            update_data = {"$inc": {"like_num": -1}}
            mongo.db.article.update_one(query, update_data)
            return "ok"
        else:
            raise ApiError(NOT_FOUND, 404)
    raise ApiError(NO_AUTH, 403)
Пример #4
0
def get_family(id):
    currentUserId = get_jwt_identity()
    is_admin = get_jwt()['is_admin']
    family = mongo.db.family.find_one_or_404({'_id': id})
    family = Family(entries=family)
    # todo: judge special jwt,public family
    if check_family_read_auth(family, currentUserId, is_admin):
        return family.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #5
0
def add_like(id):
    user_id = get_jwt_identity()
    is_admin = get_jwt()['is_admin']
    like_query = {"$and": [{"user_id": user_id}, {"article_id": id}]}
    like = mongo.db.like.find_one(like_query)
    if like != None:
        raise ApiError(REPETITIVE_OPERATION)
    query = {"_id": id}
    articles = mongo.db.article.find_one_or_404({'_id': id})
    article = Article(entries=articles)
    if check_article_like_auth(article, is_admin, user_id):
        update_data = {"$inc": {"like_num": 1}}
        mongo.db.article.update_one(query, update_data)
        like = dict()
        like['_id'] = generateID()
        like['user_id'] = user_id
        like['article_id'] = article.id
        like['time'] = currentTime()
        mongo.db.like.insert_one(like)
        return like
    raise ApiError(NO_AUTH, 403)
Пример #6
0
def delete_family(id):
    is_admin = get_jwt()['is_admin']
    currentUserId = get_jwt_identity()
    query = {"_id": id}
    family = mongo.db.family.find_one_or_404({'_id': id})
    family = Family(entries=family)
    if check_family_read_auth(family, currentUserId, is_admin):
        result = mongo.db.family.delete_one(query).deleted_count
    ## todo:maybe need to delete the connection between family & person
    if result != 0:
        return "ok"
    else:
        raise ApiError(NOT_FOUND, 404)
Пример #7
0
def get_relation(id):
    is_admin = get_jwt()['is_admin']
    currentUserId = get_jwt_identity()
    relation = mongo.db.relation.find_one_or_404({'_id': id})
    family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
    family = Family(entries=family)

    if relation['user_id'] == currentUserId or check_family_read_auth(
            family, currentUserId, is_admin):
        relation = Relation(entries=relation)
        return relation.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #8
0
def delete_relation(id):
    is_admin = get_jwt()['is_admin']
    query = {"_id": id}
    currentUserId = get_jwt_identity()
    relation = mongo.db.relation.find_one_or_404(query)
    family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
    family = Family(entries=family)
    if relation['user_id'] == currentUserId or check_family_edit_auth(
            family, currentUserId, is_admin):
        result = mongo.db.relation.delete_one(query).deleted_count
        print(result)
        return "ok"
    else:
        raise ApiError(NO_AUTH, 403)
Пример #9
0
def update_family(id):
    is_admin = get_jwt()['is_admin']
    currentUserId = get_jwt_identity()
    query = {"_id": id}
    data = json.loads(request.get_data())
    data = check_data(FamilySchema, data)
    family = mongo.db.family.find_one_or_404({'_id': id})
    family = Family(entries=family)
    if check_family_edit_auth(family, currentUserId, is_admin):
        update_data = {"$set": data}
        mongo.db.family.update_one(query, update_data)
        family = Family(entries=data)
        return family.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #10
0
def get_family(id):
    currentUserId = get_jwt_identity()
    is_admin = get_jwt()['is_admin']
    family = mongo.db.family.find_one_or_404({'_id': id})
    family = Family(entries=family)
    # todo: judge special jwt,public family
    if check_family_read_auth(family, currentUserId, is_admin):
        memberList = []
        for member in family.members:
            person = mongo.db.person.find_one_or_404({'_id': member})
            memberList.append(person)
        family.members = memberList

        return family.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #11
0
def query_person(id):
    is_admin = get_jwt()['is_admin']
    print(is_admin)
    currentUserId = get_jwt_identity()
    persons = mongo.db.person.find_one_or_404({'_id': id})
    person = Person(entries=persons)
    print(person.family)
    family = mongo.db.family.find_one_or_404({"_id": person.family})

    family = Family(entries=family)
    print(currentUserId)
    if person.user_id == currentUserId or check_family_read_auth(
            family, currentUserId, is_admin):
        return person.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #12
0
def update_relation(id):
    is_admin = get_jwt()['is_admin']
    query = {"_id": id}
    data = json.loads(request.get_data())
    data = check_data(RelationSchema, data)
    currentUserId = get_jwt_identity()
    relation = mongo.db.relation.find_one_or_404(query)
    family = mongo.db.family.find_one_or_404({'_id': relation['family_id']})
    family = Family(entries=family)
    if relation.user_id == currentUserId or check_family_edit_auth(
            family, currentUserId, is_admin):
        update_data = {"$set": data}
        mongo.db.relation.update_one(query, update_data)
        relation = Relation(entries=data)
    else:
        raise ApiError(NO_AUTH, 403)
    return relation.serialize()
Пример #13
0
def add_relation():
    is_admin = get_jwt()['is_admin']
    data = json.loads(request.get_data())
    data = check_data(RelationSchema, data)
    current_user_id = get_jwt_identity()
    relation = Relation(entries=data)
    family = mongo.db.family.find_one_or_404({'_id': relation.family_id})
    family = Family(entries=family)

    if check_family_edit_auth(family, current_user_id,
                              is_admin):  # todo:need to add admins
        relation.id = generateID()
        relation.user_id = current_user_id
        mongo.db.relation.insert_one(relation)
        return relation.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #14
0
def register_user():
    data = json.loads(request.get_data())
    data = check_data(RegisterUserSchema, data)
    if list(mongo.db.user.find({"email": data['email']}))!=[]:
        raise ApiError(EMAIL_ALREADY_EXIST)
    user = User(entries=data)
    user.type = 0
    #设定注册时间
    user.register_time = currentTime()
    #加密
    user.passwordHash()
    #生成ID
    user.id = generateID()
    print(user.id)
    print(user.serialize())
    mongo.db.user.insert_one(user.serialize())
    return user.serialize()
Пример #15
0
def login():
    data = json.loads(request.get_data())
    check_data(LoginUsersSchema, data)
    user = mongo.db.user.find_one_or_404({'email': data['email']})
    user = User(user)
    result = user.check_password(data['password'])
    # no need to use jwt_claim now
    additional_claims = {"is_admin": False}
    if result:
        if user.type == 1:
            additional_claims['is_admin'] = True
        access_token = create_access_token(identity=user.id,
                                           additional_claims=additional_claims)
        # add admin special jwt
        # add logout
        return jsonify(access_token=access_token)
    else:
        raise ApiError(WRONG_PASSWORD)
Пример #16
0
def add_comment(id):
    data = json.loads(request.get_data())
    data = check_data(CommentSchema, data)
    user_id = get_jwt_identity()
    is_admin = get_jwt()['is_admin']
    query = {"_id": id}
    articles = mongo.db.article.find_one_or_404({'_id': id})
    article = Article(entries=articles)
    #TODO: 权限校验
    if check_article_like_auth(article, is_admin, user_id):
        comment = dict()
        comment['_id'] = generateID()
        comment['user_id'] = user_id
        comment['article_id'] = id
        comment['content'] = data['content']
        comment['time'] = currentTime()
        mongo.db.comment.insert_one(comment)
        return comment
    raise ApiError(NO_AUTH, 403)
Пример #17
0
def update_person(id):
    print(id)
    is_admin = get_jwt()['is_admin']
    currentUserId = get_jwt_identity()
    query = {"_id": id}
    data = json.loads(request.get_data())
    data = check_data(PersonSchema, data)

    person = mongo.db.person.find_one_or_404({'_id': id})
    family = mongo.db.family.find_one_or_404({"_id": person['family']})
    family = Family(entries=family)

    if person['user_id'] == currentUserId or check_family_edit_auth(
            family, currentUserId, is_admin):
        update_data = {"$set": data}
        mongo.db.person.update_one(query, update_data)
        person = Person(entries=data)
        return person.serialize()
    else:
        raise ApiError(NO_AUTH, 403)
Пример #18
0
 async def put(self, request):
     raise ApiError(['Test API error'], 400)
Пример #19
0
 def _authed(*args, **kwargs):
     if not is_authed():
         raise ApiError("Unauthorized")
     return func(*args, **kwargs)
Пример #20
0
def get_family_detail(id):
    is_admin = get_jwt()['is_admin']
    '''首先 构建出所有的用户信息dict
    id最后应该统一化为string 目前使用的测试数据不统一,因此用了多于代码进行处理
    # dict['id':[dict(person),relation]]
    # person:
    # type:dict
    familyTree[id]:personDict
    # personDict['name']=string
    personDict['mates']:list[person]
    personDict['children']:list[person]
    '''
    currentUserId = get_jwt_identity()
    familyMembersDict = dict()
    # 构建一个由id persondict组成的列表, 并且root是id号即可
    familyTree = dict()
    root = None
    familyMemberQuery = {"family": id}
    family = mongo.db.family.find_one_or_404({'_id': id})
    family = Family(entries=family)
    if check_family_read_auth(family, currentUserId, is_admin):
        familyMebers = list(mongo.db.person.find(familyMemberQuery))
        print(familyMebers)
        # 以id为key建立索引,方便之后查找
        for person in familyMebers:
            # 用id为key建立familyMembers字典,属性为(当前角色,当前角色的孩子id,当前角色的matesId),采用这些信息构建familyTree
            familyMembersDict[person["_id"]] = [person]
            childrenQuery = {"from_person": str(person["_id"]), "type": 1}
            mateQuery = {
                "from_person": str(person["_id"]),
                "$or": [{
                    "type": 3
                }, {
                    "type": 4
                }]
            }
            childrenRelations = list(mongo.db.relation.find(childrenQuery))
            mateRelations = list(mongo.db.relation.find(mateQuery))
            childIds = [r['to_person'] for r in childrenRelations]
            mateIds = [r['to_person'] for r in mateRelations]
            familyMembersDict[person["_id"]].append(childIds)
            familyMembersDict[person["_id"]].append(mateIds)

            # personDict为最终输出时需要用到的数据
            personDict = dict()
            personDict['name'] = person['name']
            personDict['mates'] = []
            personDict['children'] = []
            personDict['image_url'] = ""
            familyTree[person["_id"]] = personDict
        for k, v in familyTree.items():
            if root == None:
                root = k
            childIds = familyMembersDict[k][1]
            for id in childIds:
                # 如果根节点是当前节点的孩子,那么当前节点是根节点
                if root == id:
                    root = k
                familyTree[k]['children'].append(familyTree[id])
            mateIds = familyMembersDict[k][2]
            for mateid in mateIds:
                query = {"_id": mateid}
                mate = mongo.db.person.find_one(query)
                mateDict = dict()
                mateDict['name'] = mate['name']
                mateDict['image_url'] = ""
                familyTree[k]['mates'].append(mateDict)
        print(familyMembersDict)
        return familyTree[root]
    else:
        raise ApiError(NO_AUTH, 403)
Пример #21
0
 def _admin_only(*args, **kwargs):
     if Users.query.filter_by(id=session['id'], is_admin=1).first() is None:
         raise ApiError("Unauthorized")
     return func(*args, **kwargs)