def deleteComment(id): comment = Comment.query.get_or_404(id) if not current_user.is_administrator(): abort(403) db.session.delete(comment) db.session.commit() return redirect(url_for('.post', id=comment.post_id))
def delete(id): post = Post.query.get_or_404(id) if not current_user.is_administrator(): abort(403) db.session.delete(post) db.session.commit() return redirect(url_for('.index'))
def delete_comment(id): comment = Comment.query.get_or_404(id) group = comment.group if comment.author == current_user or current_user.is_administrator(): db.session.delete(comment) flash('评论已被删除') return redirect(url_for('main.carpool', id=group.id))
def ban(): flag=current_user.is_administrator(g.user) if flag is True: form=BanKeywordForm() p = Page() jsondata=request.get_json() if request.method == 'POST': if jsondata: keyword = jsondata['keyword'] p.DelBan(keyword) flash('成功删除关键词') location=url_for('.ban') return jsonify({"status":302,"location":location}) if form.validate(): keyword = form.keyword.data p.AddBan(keyword) flash('成功添加关键词') return redirect('ban') banlist = p.GetBan() keywords = [] total = len(banlist) page = request.args.get('page', 1, type=int) per_page = 10 offset = (page - 1) * per_page for i in range(len(banlist)): if i < per_page and (offset+i) < len(banlist): keywords.append(banlist[offset+i]) else: break pagination=Pagination(css_framework='bootstrap3',link_size='sm',show_single_page=False,page=page,per_page=per_page,total=total,format_total=True,format_number=True) return render_template('ban.html',keywords=keywords,page=page,per_page=per_page,pagination=pagination,form=form) else: abort(403)
def question(id): """ Shows question description etc, and maybe also creator info. Also has answer question form Todo: Delete button. Should it be a simple button with a POST and refresh, or should it be a form? :param id: :return: """ form = CreateAnswerForm() question = Question.query.get_or_404(id) # get gets things based on primary key, otherwise use .filter_by if form.validate_on_submit() and current_user.can(Permission.CREATE): # Add answer answer = Answer(author=current_user._get_current_object(), question=question, content=form.answer.data) db.session.add(answer) db.session.commit() return redirect(url_for('main.question', id=id)) elif form.validate_on_submit() and current_app.has_answered(id=id): # just in case flash("Sorry, you can't answer a question more than once") return redirect(url_for('main.question', id=id)) elif not question.visible and not current_user.is_administrator(): # just in case flash("That page isn't ready for the public yet, sorry!") return redirect(url_for("main.index")) else: creator = User.query.filter_by(id=question.creator_id).first() if question.solved: accepted = Answer.query.get_or_404(question.accepted_id) else: accepted = None # some way to find if a user has already answered the question return render_template("question.html", creator=creator, id=id, form=form, Permission=Permission, question=question, a=accepted)
def log(): flag = current_user.is_administrator(g.user) if flag is True: p = Page() record = p.GetRecord() records = {} records = OrderedDict() total = len(record) page = request.args.get('page', 1, type=int) per_page = 10 keys = record.keys() offset = (page - 1) * per_page for i in range(len(keys)): if i < per_page and (offset + i) < len(keys): records[keys[offset + i]] = record[keys[offset + i]] else: break pagination = Pagination(css_framework='bootstrap3', link_size='sm', show_single_page=False, page=page, per_page=per_page, total=total, format_total=True, format_number=True) return render_template('log.html', records=records, page=page, per_page=per_page, pagination=pagination) else: abort(403)
def admin_edit_profile(username): u = User() form = AdminEditProfileForm() flag = current_user.is_administrator(g.user) if request.method == 'POST' and form.validate(): if flag is True: pwd = u.GetPassword(g.user) if u.verify_password(form.oripassword.data): email = form.email.data aboutme = form.about_me.data role = form.role.data if form.password.data is not u'': u.ChangePassword(username, form.password.data) u.AdminChangeProfile(username, email, role, aboutme) flash('成功更新资料') return redirect(url_for('.user', username=username)) else: flash('管理员密码输入错误!') else: abort(403) u.GetUserInfo(username) form.email.data = u.email form.about_me.data = u.aboutme form.role.data = u.role return render_template('admin_edit_profile.html', form=form, u=u)
def detail(book_id): the_book = Book.query.get_or_404(book_id) if the_book.hidden and (not current_user.is_authenticated or not current_user.is_administrator()): abort(404) show = request.args.get('show', 0, type=int) page = request.args.get('page', 1, type=int) form = CommentForm() if show in (1, 2): pagination = the_book.logs.filter_by(returned=show - 1) \ .order_by(Log.borrow_timestamp.desc()).paginate(page, per_page=5) else: pagination = the_book.comments.filter_by(deleted=0) \ .order_by(Comment.edit_timestamp.desc()).paginate(page, per_page=5) data = pagination.items return render_template("book_detail.html", book=the_book, data=data, pagination=pagination, form=form, title=the_book.title)
def userlist(): u = User() form = AddUserForm() flag = current_user.is_administrator(g.user) if flag is True: userlist = u.GetUserList() jsondata = request.get_json() if request.method == 'POST' and jsondata: if jsondata['action'] == u'edit': username = jsondata['username'] location = url_for('.admin_edit_profile', username=username) return jsonify({"status": 302, "location": location}) else: username = jsondata['username'] u.RemUser(username) return redirect('userlist') elif request.method == 'POST' and form.validate(): pwd = u.GetPassword(g.user) if u.verify_password(form.oripassword.data): u.AddUser(form.username.data, form.password.data, form.role.data, form.email.data) return redirect('userlist') else: return render_template('userlist.html', userlist=userlist, form=form) else: abort(403)
def delete(id): post = Post.query.get_or_404(id) if not current_user.is_administrator() : abort(403) db.session.delete(post) db.session.commit() return redirect(url_for('.index'))
def delete_user_profile(): request_info = json.loads(request.data) if current_user.is_administrator(): user = User.query.filter_by(id=request_info['id']).first() if not user: json_str = {'status': 'fail', 'message': 'user does not exist!'} return jsonify(json_str) user.alive = False db.session.add(user) db.session.commit() logout_user() json_str = { 'status': 'success', 'message': 'Delete the user successfully.' } return jsonify(json_str) else: current_user.alive = False db.session.add(current_user) db.session.commit() logout_user() json_str = { 'status': 'success', 'message': 'Delete your user successfully.' } return jsonify(json_str)
def change_password(): request_info = json.loads(request.data) if current_user.is_administrator(): user = User.query.filter_by(id=request_info['id']).first() if not user: json_str = {'status': 'fail', 'message': 'user does not exist!'} return jsonify(json_str) else: user = current_user valid, errors = ChangePasswordForm.check(request_info, user) if valid: user.password = request_info['password'] db.session.add(user) db.session.commit() json_str = { 'status': 'success', 'message': 'Password has been updated.' } return jsonify(json_str) else: json_str = { 'status': 'fail', 'message': 'edit password unseccessfully', 'errors': errors } return jsonify(json_str)
def page_links(): over = [] if current_user.is_soker(): over = [ { "title": u"Mine søknader", "path": "/soknader" }, { "title": u"Min profil", "path": "/profil" } ] if current_user.is_saksbehandler() or current_user.is_godkjenner(): over.append({ "title": u"Min arbeidsliste", "path": "/soknader" }) if current_user.is_administrator(): over.append({ "title": u"Admin", "path": "/admin" }) links = { "over": over, "under": [] } return links
def password_reset_request(): request_info = json.loads(request.data) if current_user.is_administrator(): user = User.query.filter_by(id=request_info['id']).first() if not user: json_str = {'status': 'fail', 'message': 'user does not exist!'} return jsonify(json_str) else: user = current_user valid, errors = PasswordResetForm.check(user, request_info) if valid: password = hashlib.md5(os.urandom(21)).hexdigest()[10] user.password = password send_email(user.email, 'Reset Your Password', 'auth/email/reset_password', user=user, password=password) db.session.add(user) db.session.commit() json_str = { 'status': 'success', 'message': 'Password has been updated.' } return jsonify(json_str) else: json_str = { 'status': 'fail', 'message': 'edit password unseccessfully', 'errors': errors } return jsonify(json_str)
def deleteComment(id): comment = Comment.query.get_or_404(id) if not current_user.is_administrator() : abort(403) db.session.delete(comment) db.session.commit() return redirect(url_for('.post', id=comment.post_id))
def admin_only(): ''' Restrict access to this blueprint for admin users only If non-admin users try to access it, return 403 forbidden error ''' if not current_user.is_administrator(): return abort(403)
def userlist(): u=User() form=AddUserForm() flag=current_user.is_administrator(g.user) if flag is True: userlist=u.GetUserList() jsondata=request.get_json() if request.method == 'POST' and jsondata: if jsondata['action'] == u'edit': username=jsondata['username'] location=url_for('.admin_edit_profile',username=username) return jsonify({"status":302,"location":location}) else: username=jsondata['username'] u.RemUser(username) return redirect('userlist') elif request.method == 'POST' and form.validate(): pwd=u.GetPassword(g.user) if u.verify_password(form.oripassword.data): u.AddUser(form.username.data,form.password.data,form.role.data,form.email.data) return redirect('userlist') else: return render_template('userlist.html',userlist=userlist,form=form) else: abort(403)
def admin_edit_profile(username): u=User() form=AdminEditProfileForm() flag=current_user.is_administrator(g.user) if request.method == 'POST' and form.validate(): if flag is True: pwd=u.GetPassword(g.user) if u.verify_password(form.oripassword.data): email=form.email.data aboutme=form.about_me.data role=form.role.data if form.password.data is not u'': u.ChangePassword(username,form.password.data) u.AdminChangeProfile(username,email,role,aboutme) flash('成功更新资料') return redirect(url_for('.user',username=username)) else: flash('管理员密码输入错误!') else: abort(403) u.GetUserInfo(username) form.email.data=u.email form.about_me.data=u.aboutme form.role.data=u.role return render_template('admin_edit_profile.html',form=form,u=u)
def del_comment(): comment_id = request.args.get('id', type=int) comment = Comment.query.get_or_404(comment_id) if current_user == comment.post.author or current_user.is_administrator(): db.session.delete(comment) return redirect(url_for('main.post', id = comment.post.id)) flash('你没有删除权限') return redirect(url_for('main.index'))
def delete(id): post_auther = Post.query.get_or_404(id) current_auther = current_user.get_id() if post_auther.author_id == int(current_auther) or current_user.is_administrator(): post_auther.delTag(post_auther.getTagByArry()) db.session.delete(post_auther) flash("删除成功!") return redirect(url_for('.post'))
def delete_post(id): """文章删除视图函数。用request.referrer重定向到来源网页""" post = Post.query.get_or_404(id) if current_user != post.author and \ not current_user.is_administrator(): abort(403) db.session.delete(post) flash('文章已经删除') return redirect(request.referrer)
def delete(id): post_auther = Post.query.get_or_404(id) current_auther = current_user.get_id() if post_auther.author_id == int( current_auther) or current_user.is_administrator(): post_auther.delTag(post_auther.getTagByArry()) db.session.delete(post_auther) flash("删除成功!") return redirect(url_for('.post'))
def show_quiz_list(): form = None if current_user.is_administrator(): quiz_list = Quiz.query.all() else: quiz_list = current_user.quiz_list.all() if current_user.can(Permission.MANAGE_QUIZ): form = CreateQuizForm() return render_template("quiz_list.html", quiz_list=quiz_list, form=form)
def home(): if current_user.is_soker(): return redirect('soknader') elif current_user.is_saksbehandler() or current_user.is_godkjenner(): return redirect('soknader') elif current_user.is_administrator(): return redirect('admin') # Hvis vi ikke finner passende autentiseringstype el rolle. abort(401, 'Ugyldig innlogging.')
def get(self, code_id): code = CodeModel.query.get_or_404(code_id) if current_user.id != code.solution.user_id and not current_user.is_administrator( ): abort(404) SOLUTION_RESULT = current_app.config['SOLUTION_RESULT'] return render_template(self.template, code=code, solution=code.solution, SOLUTION_RESULT=SOLUTION_RESULT)
def user(username): u = User() adminflag = current_user.is_administrator(g.user) if g.user == username or adminflag is True: flag = u.CheckUser(username) if flag is False: abort(404) u.GetUserInfo(username) return render_template('user.html', u=u, username=username) else: abort(403)
def book_borrow(): book_id = request.args.get('book_id') the_book = Book.query.get_or_404(book_id) if the_book.hidden and not current_user.is_administrator(): abort(404) result, message = current_user.borrow_book(the_book) flash(message, 'success' if result else 'danger') db.session.commit() return redirect( request.args.get('next') or url_for('book.detail', book_id=book_id))
def user(username): u=User() adminflag=current_user.is_administrator(g.user) if g.user == username or adminflag is True: flag=u.CheckUser(username) if flag is False: abort(404) u.GetUserInfo(username) return render_template('user.html',u=u,username=username) else: abort(403)
def show_applys(): page = request.args.get('page', 1, type=int) if current_user.is_administrator(): query = Apply.query else: query = Apply.query.filter_by(author_id=current_user.id) pagination = query.order_by(Apply.apply_time.desc()).paginate( page, per_page=current_app.config['FLASKY_POSTS_PER_PAGE'], error_out=False) applys = pagination.items return render_template('apply/show_applys.html', applys=applys, pagination=pagination)
def get_user_mode(): if current_user.is_soker(): return 'tilskudd_soker' elif current_user.is_saksbehandler(): return 'tilskudd_saksbehandler' elif current_user.is_godkjenner(): return 'tilskudd_godkjenner' elif current_user.is_administrator(): return 'tilskudd_admin' else: # Hvis vi ikke finner passende autentiseringstype el rolle. abort(401, 'Ugyldig innlogging.')
def edit(id): post = Post.query.get_or_404(id) if not current_user.is_administrator() : abort(403) form = PostForm() if form.validate_on_submit(): post.body = form.body.data post.kind = form.kind.data db.session.add(post) flash('The post has been updated.') return redirect(url_for('.post', id=post.id)) form.body.data = post.body return render_template('edit_post.html', form=form)
def edit_article(post_id): p = Post.query.get_or_404(post_id) if current_user != p.author and not (current_user.is_administrator() or current_user.is_moderator()): abort(403) edit_article_form = EditArticleForm(prefix='edit_article') if edit_article_form.validate_on_submit(): p.title = edit_article_form.title.data.strip() p.body_html = edit_article_form.body_html.data.strip() if p.my_author is not p.my_album.my_creator: p.confirmed = False return redirect(url_for('main.post', post_id=p.id)) return render_template('auth/articles/edit-article.html', post=p, editArticleForm=edit_article_form)
def edit(id): post = Post.query.get_or_404(id) if current_user != post.author and \ not current_user.is_administrator(): abort(403) form = PostForm() if form.validate_on_submit(): post.body = form.body.data db.session.add(post) flash('这篇文章已经更新') return redirect(url_for('.post', id=post.id)) form.body.data = post.body return render_template('edit_post.html', form=form)
def edit(id): post = Post.query.get_or_404(id) if not current_user.is_administrator(): abort(403) form = PostForm() if form.validate_on_submit(): post.body = form.body.data post.kind = form.kind.data db.session.add(post) flash('The post has been updated.') return redirect(url_for('.post', id=post.id)) form.body.data = post.body return render_template('edit_post.html', form=form)
def admin(): if not current_user.is_administrator(): abort(401) if request.method == 'POST': messages = do_admin_actions() # Redirect so refreshing the page won't redo the action return redirect(request.args.get('next') or url_for('admin', **messages)) else: messages = {k.decode('utf8'): v.decode('utf8') for k,v in request.args.items()} users = User.getall() status = get_daemon_status() return render_template('admin.html', users=users, daemon_running=status, **messages)
def editpost(id): post = Post.query.get_or_404(id) form = EditPostForm() if post is not None: if not current_user.is_administrator() and post.author != current_user._get_current_object(): flash('you do not have permission to edit this article') return redirect(url_for('main.index')) if form.validate_on_submit(): post.body = form.body.data db.session.add(post) db.session.commit() return redirect(url_for('main.post',id=id)) form.body.data = post.body return render_template('main/editpost.html', post=post, form=form)
def profile(username): user = get_or_404(User, User.username == username) forms = {} you = user == current_user admin = current_user.is_administrator() if you: forms['name'] = NameForm(user) forms['url'] = UrlForm(user) if admin and not you: forms['role'] = RoleForm(user) if user.get_role() == "Guest": forms['delete'] = DeleteForm(user) return render_template('profile.html', user=user, forms=forms, you=you, admin=admin)
def add(book_id): form = CommentForm() the_book = Book.query.get_or_404(book_id) if the_book.hidden and not current_user.is_administrator(): abort(404) if form.validate_on_submit(): the_comment = Comment(user=current_user, book=the_book, comment=form.comment.data) db.session.add(the_comment) db.session.commit() flash(u'书评已成功发布', 'success') return redirect( request.args.get('next') or url_for('book.detail', book_id=book_id))
def delete_carpool(id): group = Group.query.get_or_404(id) if group.build_user == current_user or current_user.is_administrator(): comments = group.comments users = group.users applications = group.applications for comment in comments: db.session.delete(comment) for user in users: group.users.remove(user) for application in applications: db.session.delete(application) db.session.delete(group) flash('拼车信息已被删除') return redirect(url_for('main.index'))
def editpost(id): post = Post.query.get_or_404(id) form = EditPostForm() if post is not None: if not current_user.is_administrator( ) and post.author != current_user._get_current_object(): flash('you do not have permission to edit this article') return redirect(url_for('main.index')) if form.validate_on_submit(): post.body = form.body.data db.session.add(post) db.session.commit() return redirect(url_for('main.post', id=id)) form.body.data = post.body return render_template('main/editpost.html', post=post, form=form)
def edit_user_profile(): request_info = json.loads(request.data) if current_user.is_administrator(): user = User.query.filter_by(id=request_info['id']).first() if not user: json_str = {'status': 'fail', 'message': 'user does not exist!'} return jsonify(json_str) valid, errors = EditProfileAdminForm.check(request_info, user) if valid: user.email = request_info['email'] user.username = request_info['username'] user.confirmed = request_info['confirmed'] user.about_me = request_info['about_me'] db.session.add(user) db.session.commit() user.set_roles(request_info['roles']) user.set_permissions(request_info['permissions']) json_str = { 'status': 'success', 'message': 'The profile has been updated.' } return jsonify(json_str) else: json_str = { 'status': 'fail', 'message': 'edit profile unseccessfully', 'errors': errors } return jsonify(json_str) else: valid, errors = EditProfileForm.check(request_info) if valid: current_user.username = request_info['username'] current_user.about_me = request_info['about_me'] db.session.add(current_user) db.session.commit() json_str = { 'status': 'success', 'message': 'Your profile has been updated.' } return jsonify(json_str) else: json_str = { 'status': 'fail', 'message': 'edit profile unseccessfully', 'errors': errors } return jsonify(json_str)
def edit_profile(): if check_token(request.form['token']): if current_user.is_administrator(): request_info = json.loads(request.data) user = User.query.filter_by(request_info['id']).first() if not user: json_str = { 'status': 'fail', 'status_code': 1, 'message': 'user doesn`t exist!' } return jsonify(json_str) image = request.files['avatar'] avatar_name = hashlib.md5(os.urandom(21)).hexdigest() for size in current_app.config['AVATAR_SIZE']: Picture(image, name=avatar_name, type='avatar', size=size) user.avatar = avatar_name db.session.add(user) db.session.commit() json_str = { 'status': 'success', 'status_code': 0, 'message': 'the avatar has been updated.' } return jsonify(json_str) image = request.files['avatar'] avatar_name = hashlib.md5(os.urandom(21)).hexdigest() for size in current_app.config['AVATAR_SIZE']: Picture(image, name=avatar_name, type='avatar', size=size) current_user.avatar = avatar_name db.session.add(current_user) db.session.commit() json_str = { 'status': 'success', 'status_code': 0, 'message': 'Your avatar has been updated.' } return jsonify(json_str) else: json_str = { 'status': 'fail', 'status_code': 3, 'message': 'please login again' } return jsonify(json_str)
def ban(): flag = current_user.is_administrator(g.user) if flag is True: form = BanKeywordForm() p = Page() jsondata = request.get_json() if request.method == 'POST': if jsondata: keyword = jsondata['keyword'] p.DelBan(keyword) flash('成功删除关键词') location = url_for('.ban') return jsonify({"status": 302, "location": location}) if form.validate(): keyword = form.keyword.data p.AddBan(keyword) flash('成功添加关键词') return redirect('ban') banlist = p.GetBan() keywords = [] total = len(banlist) page = request.args.get('page', 1, type=int) per_page = 10 offset = (page - 1) * per_page for i in range(len(banlist)): if i < per_page and (offset + i) < len(banlist): keywords.append(banlist[offset + i]) else: break pagination = Pagination(css_framework='bootstrap3', link_size='sm', show_single_page=False, page=page, per_page=per_page, total=total, format_total=True, format_number=True) return render_template('ban.html', keywords=keywords, page=page, per_page=per_page, pagination=pagination, form=form) else: abort(403)
def write_article(album_id): a = Album.query.get_or_404(album_id) if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()): abort(403) article_form = ArticleForm(prefix='article') if article_form.validate_on_submit(): if current_user._get_current_object() is a.creator: p = Post(title=article_form.title.data.strip(), body_html=article_form.body_html.data.strip(), album=a, author=current_user._get_current_object(), confirmed=True) else: p = Post(title=article_form.title.data.strip(), body_html=article_form.body_html.data.strip(), album=a, author=current_user._get_current_object()) db.session.add(p) current_user.send_message(user=a.creator, title=u'新文章需经过您的审核', content=u'<p>《%s》已由%s提交与专辑《%s》发表,</p>' % (p.title, current_user, a.title)) return redirect(url_for('main.album', album_id=a.id)) return render_template('auth/articles/write-article.html', articleForm=article_form)
def get_user(): user = User.query.filter_by(username=request.args.get('username')).first() if user is None: json_str = {'status': 'fail', 'message': 'User doesn`t exist.'} return jsonify(json_str) if (current_user.is_administrator() or current_user.is_authenticated and current_user.id == user.id) and request.args.get('lazy') == 'False': user_content = user.to_json() else: user_content = user.to_json(lazy=True) json_str = { 'status': 'success', 'message': 'get user successfully', 'result': { 'user': user_content } } return jsonify(json_str)
def edit_album(album_id): a = Album.query.get_or_404(album_id) if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()): abort(403) edit_album_form = EditAlbumForm(obj=a, prefix='edit_album') if edit_album_form.validate_on_submit(): app = current_app._get_current_object() if edit_album_form.picture.data.filename is not u'': if a.picture_url and \ os.path.isfile(os.path.join(app.config['UPLOAD_FOLDER'], 'album', a.picture_url)): os.remove(os.path.join(app.config['UPLOAD_FOLDER'], 'album', a.picture_url)) a.picture_url = upload(f=edit_album_form.picture.data, folder='album') a.title = edit_album_form.title.data.strip() a.percentage = float(edit_album_form.percentage.data) a.introduction = edit_album_form.introduction.data.strip() a.confirmed = False return redirect(url_for('auth.my_albums')) return render_template('auth/albums/edit-album.html', album=a, editAlbumForm=edit_album_form)
def get_page_params(view=None): is_admin = current_user.is_administrator(private=True) is_manager = current_user.is_manager(private=True) is_operator = current_user.is_operator(private=True) page = 0 per_page = int( get_request_item('per_page') or get_request_item('per-page') or 0) default_per_page = view and current_user.get_pagesize(view) or ( #view in ('admin',) and DEFAULT_ADMIN_PER_PAGE or is_manager and DEFAULT_MANAGER_PER_PAGE or #is_operator and DEFAULT_OPER_PER_PAGE or view in ('cards', ) and DEFAULT_PER_PAGE * 2 or DEFAULT_PER_PAGE) try: if not per_page: per_page = default_per_page else: current_user.set_pagesize(view, per_page) page = int(get_request_item('page') or DEFAULT_PAGE) except: if IsPrintExceptions: print_exception() per_page = default_per_page page = DEFAULT_PAGE finally: if per_page <= 0 or per_page > 1000: per_page = default_per_page if page <= 0: page = DEFAULT_PAGE next = get_request_item('next') and True or False prev = get_request_item('prev') and True or False if next: page += 1 if prev and page > 1: page -= 1 return page, per_page
def log(): flag=current_user.is_administrator(g.user) if flag is True: p=Page() record=p.GetRecord() records={} records=OrderedDict() total=len(record) page = request.args.get('page',1,type=int) per_page=10 keys=record.keys() offset=(page - 1) * per_page for i in range(len(keys)): if i < per_page and (offset+i) < len(keys): records[keys[offset+i]]=record[keys[offset+i]] else: break pagination=Pagination(css_framework='bootstrap3',link_size='sm',show_single_page=False,page=page,per_page=per_page,total=total,format_total=True,format_number=True) return render_template('log.html',records=records,page=page,per_page=per_page,pagination=pagination) else: abort(403)
def edit(id): apply = Apply.query.get_or_404(id) if current_user.id != apply.author_id and \ not current_user.is_administrator(): abort(403) form = EditApplyForm() if form.close.data: return redirect(url_for('apply.show_applys')) if form.validate_on_submit(): apply.id = id apply.real_name = form.real_name.data apply.gender = form.gender.data apply.home_address = form.home_address.data apply.middle_school = form.middle_school.data apply.mobile = form.mobile.data apply.id_card = form.id_card.data apply.point = form.point.data apply.ticket_number = form.ticket_number.data apply.apply_profession = form.apply_profession.data apply.apply_time = form.apply_time.data db.session.add(apply) flash('报名信息修改成功.') return redirect(url_for('apply.show_applys')) form.apply_id.data = apply.id form.real_name.data = apply.real_name form.gender.data = apply.gender form.home_address.data = apply.home_address form.middle_school.data = apply.middle_school form.mobile.data = apply.mobile form.id_card.data = apply.id_card form.point.data = apply.point form.ticket_number.data = apply.ticket_number form.apply_profession.data = apply.apply_profession form.apply_profession_category.data = apply.apply_profession_category form.apply_time.data = apply.apply_time form.status.data = apply.status if form.status.data == u'已处理': rr(form.submit) rr(form.status) return render_template('apply/edit_apply.html', form=form)
def album_manage(album_id): a = Album.query.get_or_404(album_id) if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()): abort(403) adopt_album_form = AdoptAlbumForm(prefix='adopt_album') if adopt_album_form.validate_on_submit(): a.confirmed = True current_user.send_message(user=a.creator, title=u'《%s》审核成功,已公开发表' % a.title, content=u'<p>尊敬的<strong>%s</strong></p><p><a href="%s">《%s》</a>经 %s 审核成功,已公开发表。</p>' % (a.creator.username, url_for('main.album', album_id=a.id), a.title, current_user.username)) return redirect(request.args.get('next') or url_for('auth.albums')) reject_album_form = RejectAlbumForm(prefix='reject_album') if reject_album_form.validate_on_submit(): a.confirmed = False current_user.send_message(user=a.creator, title=reject_album_form.title.data.strip(), content=u'<p>尊敬的<strong>%s</strong></p><p>很遗憾,您的<a href="%s">《%s》</a>经 %s 审核后,发表请求被驳回,原因如下:</p><p>%s</p>' % (a.creator.username, url_for('main.album', album_id=a.id), a.title, current_user.username, reject_album_form.content.data.strip())) return redirect(request.args.get('next') or url_for('auth.albums')) return render_template('auth/albums/album-manage.html', album=a, adoptAlbumForm=adopt_album_form, rejectAlbumForm=reject_album_form)
def post_manage(post_id): p = Post.query.get_or_404(post_id) if current_user != p.author and not (current_user.is_administrator() or current_user.is_moderator()): abort(403) adopt_post_form = AdoptPostForm(prefix='adopt_post') if adopt_post_form.validate_on_submit(): p.confirmed = True current_user.send_message(user=p.author, title=u'《%s》审核成功,已公开发表' % p.title, content=u'<p>尊敬的<strong>%s</strong></p><p><a href="%s">《%s》</a>经 %s 审核成功,已公开发表。</p>' % (p.author.username, url_for('main.post', post_id=p.id), p.title, current_user.username)) return redirect(request.args.get('next') or url_for('auth.manage_articles', album_id=p.album.id)) reject_post_form = RejectPostForm(prefix='reject_post') if reject_post_form.validate_on_submit(): p.confirmed = False current_user.send_message(user=p.author, title=reject_post_form.title.data.strip(), content=u'<p>尊敬的<strong>%s</strong></p><p>很遗憾,您的<a href="%s">《%s》</a>经 %s 审核后,发表请求被驳回,原因如下:</p><p>%s</p>' % (p.author.username, url_for('main.post', post_id=p.id), p.title, current_user.username, reject_post_form.content.data.strip())) return redirect(request.args.get('next') or url_for('auth.manage_articles', album_id=p.album.id)) return render_template('auth/articles/post-manage.html', post=p, adoptPostForm=adopt_post_form, rejectPostForm=reject_post_form)
def edit(id): group = Group.query.get_or_404(id) if current_user != group.build_user and \ not current_user.is_administrator(): abort(403) form = EditCarpoolInfoForm() if form.validate_on_submit(): group.description = form.description.data group.start_time = form.start_time.data group.start_place = form.start_place.data group.end_place = form.end_place.data group.people_amount = form.people_amount.data db.session.add(group) flash('信息已修改!') return redirect(url_for('main.carpool', id=group.id)) form.description.data = group.description form.start_time.data = group.start_time + timedelta(hours=8) form.start_place.data = group.start_place form.end_place.data = group.end_place form.people_amount.data = group.people_amount return render_template('edit_carpool.html', form=form)
def is_accessible(self): return current_user.is_authenticated() and current_user.is_administrator()
def is_accessible(self): return current_user.is_administrator()
def manage_articles(album_id): a = Album.query.get_or_404(album_id) if current_user != a.creator and not (current_user.is_administrator() or current_user.is_moderator()): abort(403) return render_template('auth/articles/album-articles-manage.html', album=a)
def index(self): if not current_user.is_administrator(): abort(403) # ## return self.render('admin/index.html') return super(MyAdminIndexView, self).index()