def delete(request):
weibo_id = int(request.query['id'])
weibo = Weibo.find_by(id=weibo_id)
weibo.delete_weibo_comment()
d = dict(message="成功删除 weibo")
return json_response(d)
def comment_add():
log('添加评论')
form = request.get_json()
u = current_user()
w = Weibo.find_by(id=int(form['weibo_id']))
c = Comment.add(form, u.id, u.username, w.id)
# log('c---', c)
return jsonify(c.json())
def replsce_weibo(request):
"""
通过下面这样的链接来删除一个 weibo
/edit?id=1
"""
weibo_id = int(request.query.get('id'))
model = Weibo.find_by(id=weibo_id)
return json_response(model.json())
def index(request):
weibo_id = int(request.query['id'])
w = Weibo.find_by(id=weibo_id)
log('api_comment_w', w)
cs = w.comments()
# 注意这里返回的不是cs对象,而是cs的数据,所以要进行转换。
log('api_comment_cs', cs)
cs = [c.json() for c in cs]
return json_response(cs)
def update(request):
user = current_user(request)
form = request.form()
weibo = Weibo.find_by(id=int(form.get('id', None)))
if user.id != weibo.user_id:
return redirect('/login')
weibo.content = form.get('content')
weibo.save()
return redirect('/weibo/index?user_id={}'.format(user.id))
def edit(request):
"""
更新 weibo 的主页, 前往路径为 /weibo/edit?user_id=1
"""
weibo_id = int(request.query.get('id', -1))
weibo = Weibo.find_by(id=weibo_id)
# 找到 user 发布的所有 weibo
body = j_template('weibo_edit.html', weibo=weibo)
return http_response(body)
def comment_add(request):
u = current_user(request)
form = request.json()
w = Weibo.find_by(id=int(form['weibo_id']))
comment = Comment.add(form, u.id, w.id)
comment.username = u.username
log('comment add', comment)
return json_response(comment.json())
def comment_add(request):
u = current_user(request)
form = request.form()
weibo = Weibo.find_by(id=int(form['weibo_id']))
user_id = weibo.user_id
c = Comment(form)
c.user_id = u.id
c.weibo_id = weibo.id
c.save()
return redirect('/weibo/index?user_id={}'.format(user_id))
def f(request):
u = current_user(request)
if 'id' in request.query:
weibo_id = request.query['id']
else:
weibo_id = request.json()['id']
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function(request)
else:
result = dict(message="fail")
return json_response(result)
def f(request):
log('comment_owner_required')
u = current_user(request)
comment = request.json()
w = Weibo.find_by(id=int(comment['weibo_id']))
c = Comment.find_by(id=int(comment['id']))
if u.id != w.user_id and u.id != c.user_id:
d = dict(message="无权操作")
return json_response(d)
else:
log('评论更新', route_function)
return route_function(request)
def comment_delete(request):
u = current_user(request)
comment_id = int(request.query.get('id', -1))
comment = Comment.find_by(id=comment_id)
weibo = Weibo.find_by(id=comment.weibo_id)
# 若当前用户为 comment 作者 或 相应的微博作者,允许删除
if u.id in (comment.user_id, weibo.user_id):
comment.delete(comment.id)
return redirect('/weibo/index?user_id={}'.format(u.id))
# 否则直接重定向到当前用户微博页面
else:
return redirect('/weibo/index?user_id={}'.format(u.id))
def comment_add(request):
u = current_user(request)
form = request.form()
weibo = Weibo.find_by(id=int(form['weibo_id']))
c = Comment(form)
c.user_id = u.id
c.weibo_id = weibo.id
c.save()
log('comment add', c, u, form)
return redirect('/weibo/index')
def f(request):
log('same_user_required')
u = current_user(request)
if 'id' in request.query:
weibo_id = request.query['id']
else:
weibo_id = request.form()['id']
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function(request)
else:
return redirect('/weibo/index')
def f(request):
log('weibo_update_required')
u = current_user(request)
weibo = request.json()
w = Weibo.find_by(id=int(weibo['id']))
if u.id != w.user_id:
d = dict(
message="无权操作"
)
return json_response(d)
else:
log('weibo更新', route_function)
return route_function(request)
def f():
log('same_user_required')
u = current_user()
if 'id' in request.args:
weibo_id = request.args['id']
else:
weibo_id = request.get_json()['id']
w = Weibo.find_by(id=int(weibo_id))
log(weibo_id, u.id, w.user_id)
if w.user_id == u.id:
return route_function()
else:
return redirect(url_for('weibo.index'))
def f(request):
log('weibo_owner_required')
u = current_user(request)
if 'id' in request.query:
weibo_id = request.query['id']
else:
weibo_id = request.json()['id']
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function(request)
else:
return error(request)
def f():
log('same_user_required')
u = current_user()
if 'id' in request.args:
weibo_id = request.args['id']
else:
weibo_id = request.get_json()['id']
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function()
else:
d = dict(message="用户无权限")
return jsonify(d)
def f(request):
u = current_user(request)
if 'id' in request.query:
weibo_id = request.query['id']
else:
weibo_id = request.json()['id']
log('what weibo_id', weibo_id)
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function(request)
else:
d = dict(message="403")
return json_response(d)
def f(request):
u = current_user(request)
if 'id' in request.query:
weibo_id = request.query['id']
else:
weibo_id = request.json()['id']
w = Weibo.find_by(id=int(weibo_id))
error = {}
if w.user_id == u.id:
return route_function(request)
else:
error['error_message'] = "权限不足:不是此微博用户"
return json_response(error)
def f():
log('same_user_required')
u = current_user()
if 'id' in request.args:
comment_id = request.args['id']
else:
comment_id = request.get_json()['id']
c = Comment.find_by(id=int(comment_id))
w = Weibo.find_by(id=int(c.weibo_id))
log(comment_id, u.id, c.user_id)
if c.user_id == u.id or w.user_id == u.id:
return route_function()
else:
return redirect(url_for('weibo.index'))
def f(request):
log('weibo_owner_required')
u = current_user(request)
id_key = 'weibo_id'
if id_key in request.query:
weibo_id = request.query[id_key]
else:
weibo_id = request.form()[id_key]
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function(request)
else:
return redirect('/weibo/index')
def f(request):
# 从请求中获取comment和weibo的id
form = request.form()
if 'wid' in request.query and 'cid' in request.query:
w_id = request.query['wid']
c_id = request.query['cid']
elif 'wid' in form and 'cid' in form:
w_id = form['wid']
c_id = form['cid']
else:
return redirect('/weibo/index')
# 根据id找到对应的weibo和comment
w = Weibo.find_by(id=int(w_id))
c = Weibo.find_by(id=int(c_id))
# 比较当前用户的id是否和comment或weibo的user id一致
# 如果一致,说明当前用户有权限
u = current_user(request)
if w.user_id == u.id or c.user_id == u.id:
return route_function(request)
else:
return redirect('/weibo/index')
def f(request):
log('same_user_required_update')
u = current_user(request)
if 'id' in request.query:
comment_id = request.query['id']
else:
comment_id = request.form()['id']
c = Comment.find_by(id=int(comment_id))
w = Weibo.find_by(id=c.weibo_id)
# comment的拥有者或者comment所属weibo的发布者可删
if u.id in [c.user_id, w.user_id]:
return route_function(request)
else:
return redirect('/weibo/index')
def f():
u = current_user()
if 'id' in request.args:
comment_id = request.args['id']
else:
comment_id = request.get_json()['id']
c = Comment.find_by(id=int(comment_id))
w = Weibo.find_by(id=c.weibo_id)
if c.user_id == u.id:
return route_function()
elif w.user_id == u.id:
return route_function()
else:
d = dict(message="用户无权限")
return jsonify(d)
def comment_add(request):
u = current_user(request)
form = request.json()
log('api comment_add form', form)
w = Weibo.find_by(id=int(form['weibo_id']))
c = Comment(form)
c.user_id = u.id
c.weibo_id = w.id
c.save()
c = c.json()
# 在comment数据里加上评论用户名
c['username'] = u.username
return json_response(c)
def f(request):
log('weibo_owner_required')
u = current_user(request)
if 'id' in request.query:
weibo_id = int(request.query['id'])
else:
form = request.json()
weibo_id = int(form['id'])
t = Weibo.find_by(id=weibo_id)
if t.user_id == u.id:
return route_function(request)
else:
d = dict(message="还想改别人的微博?")
return json_response(d)
def f(request):
u = current_user(request)
if 'id' in request.query:
weibo_id = request.query['id']
else:
# weibo_id = request.form()['id']
form = request.json()
weibo_id = form['id']
w = Weibo.find_by(id=int(weibo_id))
if w.user_id == u.id:
return route_function(request)
else:
d = dict(message="权限不足")
return json_response(d)
def f(request):
u = current_user(request)
if 'id' in request.query:
comment_id = request.query['id']
else:
comment_id = request.json()['id']
c = Comment.find_by(id=int(comment_id))
weibo_id = c.weibo_id
w = Weibo.find_by(id=int(weibo_id))
if c.user_id == u.id or w.user_id == u.id:
return route_function(request)
else:
d = dict(message="403")
return json_response(d)
def f():
if 'id' in request.args:
log('if true', request.args)
comment_id = int(request.args['id'])
else:
log('if false')
form: dict = request.json
comment_id = int(form.get('id'))
u = current_user()
c = Comment.find_by(id=comment_id)
w = Weibo.find_by(id=c.weibo_id)
if c.user_id == u.id or w.user_id == u.id:
return route_function()
else:
d = dict(remove=False, message="权限不足")
return jsonify(d)
def f(request):
if 'id' in request.query:
weibo_id = int(request.query['id'])
else:
form = request.json()
weibo_id = int(form['id'])
weibo = Weibo.find_by(id=weibo_id)
u = current_user(request)
if u.id == weibo.user_id:
return api_function(request)
else:
d = dict(
status=410,
message="权限不足,请求无法执行",
)
return json_response(d)
