def user_update():
'''更新用户信息
PUT /api/user
'''
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
schema = UserUpdateSchema()
data, errors = schema.load(request.json)
if errors:
return jsonify({"msg": errors}), 400
current_user = get_jwt_claims()
if current_user['email'] == data['email']:
# data.pop('email', None)
pass
elif user.findOneByEmail(data['email']):
return jsonify({"msg": ('email', '邮箱已存在')}), 400
if current_user['username'] == data['username']:
# data.pop('username', None)
pass
elif user.findOneByName(data['username']):
return jsonify({"msg": ('username', '用户名已存在')}), 400
data['id'] = get_jwt_identity()
user.update(data)
data.pop('password', None)
access_token = create_access_token(identity=data, fresh=True)
resp = jsonify({'access_token': access_token})
set_access_cookies(resp, access_token)
session['user_id'] = data['id']
return resp
def post(self):
try:
id = self.request.GET['user_id']
except:
id = None
if not id:
self.redirect("/error?msg=missing id for modification")
return
user = users.get_current_user()
if user:
usr_info = usr_mgt.retrieve(user)
if not (usr_info.is_admin()):
self.redirect("/error?msg=user " + usr_info.email +
" not allowed to modify other users")
# Get user by key
try:
user_to_modify = ndb.Key(urlsafe=id).get()
except:
self.redirect("/error?msg=key #" + id + " does not exist")
return
user_to_modify.email = self.request.get("email", "").strip()
user_to_modify.nick = self.request.get("nick", "").strip()
user_to_modify.level = User.Level.value_from_str(
self.request.get("level", "Client").strip())
# Chk
if len(user_to_modify.email) < 1:
self.redirect("/error?msg=Aborted modification: missing email")
return
if len(user_to_modify.nick) < 1:
self.redirect("/error?msg=Aborted modification: missing nick")
return
# Save
usr_mgt.update(user_to_modify)
self.redirect("/info?url=/manage_users&msg=User modified: " +
user_to_modify.email.encode("ascii", "replace"))
else:
self.redirect("/")
def on_put(self, req, resp):
data = req.context['doc']
userid = req.context['userid']
if userid == data['id']:
resp.body = utils.sendMessage(False, 'No es posible cambiar datos del mismo usuario')
return
if user.update(data):
resp.body = utils.sendOk('ok')
else:
resp.body = utils.sendMessage(False, 'Error al momento de registrar')
def test_user_model():
username = ''.join(random.sample('abcdefghijklmnopqrstuvwxyz', 6))
email = username + '@' + 'qq.com'
password = username
user.save({'username': username, 'email': email, 'password': password})
account = user.findOneByName(username)
assert account['username'] == username
id = account['id']
password = ''.join(random.sample('abcdefghijklmnopqrstuvwxyz', 6))
user.change_password(id, password)
username = ''.join(random.sample('abcdefghijklmnopqrstuvwxyz', 6))
email = username + '@' + 'qq.com'
user.update({'username': username, 'email': email, 'id': id})
assert user.findOneById(id)['password'] == password
assert user.findOneByEmail(email)['email'] == email
def on_put(self, req, resp):
data = req.context['doc']
userid = req.context['userid']
if userid == data['id']:
resp.body = utils.sendMessage(
False, 'No es posible cambiar datos del mismo usuario')
return
if user.update(data):
resp.body = utils.sendOk('ok')
else:
resp.body = utils.sendMessage(False,
'Error al momento de registrar')
def get(self):
user = users.get_current_user()
usr_info = usr_mgt.retrieve(user)
if user and usr_info:
if not (usr_info.is_admin()):
self.redirect("/error?msg=user " + usr_info.email +
"not allowed to add new users")
return
key = usr_mgt.update(usr_mgt.create(user, User.Level.Staff))
self.redirect("/users/modify?user_id=" + key.urlsafe())
else:
self.redirect("/")
return