def forget_password(package):
"""provess the request of forgetting the password
"""
session = package.get('session')
params = package.get('params')
username = params.get(ParamType.Username)
password = params.get(ParamType.Password)
captcha = params.get(ParamType.CAPTCHA)
user = UserHelper.get_user_by_username(username)
if user is None:
return Response.error_response('No User')
phone = user['phone']
code = VerifyHelper.get_latest_code(session, phone)
if code is None:
return Response.error_response('GUXYNB')
if code['code'] != captcha:
return Response.error_response('CAPTCHA Error')
info = {'password': password}
UserHelper.modify_user(user['id'], info)
return Response.success_response(None)
def set_phone(package):
"""process the request of modifying user's phone
"""
params = package.get('params')
phone = params.get(ParamType.Phone)
code = params.get(ParamType.CAPTCHA)
session = package.get('session')
user = package.get('user')
if not VerifyHelper.check_code(session, phone, code):
return Response.error_response("CAPTCHA Error")
UserHelper.modify_user(user['id'], {'phone': phone})
return Response.checked_response("Success")
def change_password(package):
"""process the request of changing password
"""
session = package.get('session')
params = package.get('params')
oldpassword = params.get(ParamType.OldPassword)
newpassword = params.get(ParamType.NewPassword)
user = UserHelper.get_user_by_session(session)
if user is None:
return Response.error_response('No User')
if not UserHelper.signin_check_password(user, oldpassword):
return Response.error_response('Old Password Error')
info = {'password': newpassword}
user_id = user.get('id')
UserHelper.modify_user(user_id, info)
return Response.success_response(None)
def modify_info(package):
# pylint: disable-msg=too-many-locals
# pylint: disable-msg=too-many-return-statements
# pylint: disable-msg=too-many-branches
# pylint: disable-msg=too-many-statements
"""Process the request of modyfying user's info
"""
user = package.get('user')
if user is None:
return Response.error_response('User Not Logged In')
user_id = user.get('id')
params = package.get('params')
username = params.get(ParamType.UsernameWithDefault)
realname = params.get(ParamType.RealnameForModify)
motto = params.get(ParamType.MottoForModify)
modify_private_permission = params.get(
ParamType.PermissionPrivateForModify)
modify_public_permission = params.get(ParamType.PermissionPublicForModify)
if modify_private_permission is not None:
modify_private_permission = int(modify_private_permission)
if modify_public_permission is not None:
modify_public_permission = int(modify_public_permission)
if username is None: #修改本人信息
if modify_private_permission is not None: #不能修改个人权限
return Response.error_response(
'Access Denied: Can\'t Modify Your Permission')
if modify_public_permission is not None:
return Response.error_response(
'Access Denied: Can\'t Modify Your Permission ')
UserHelper.modify_user(user_id, {
'realname': realname,
'motto': motto,
})
return Response.checked_response('Modify Success')
schoolid = PermissionHelper.get_user_school(user_id)
private_permission = PermissionHelper.get_permission(user_id, schoolid)
public_permission = user.get('permission')
if public_permission <= 1 and private_permission <= 1: #如果是屌丝
return Response.error_response('Access Denied')
if modify_private_permission == 4:
return Response.error_response('Can\'t Set Someone to Headmaster')
#现在修改人员有一个权限 >= 2
target_user = UserHelper.get_user_by_username(username)
target_userid = target_user.get('id')
target_schoolid = PermissionHelper.get_user_school(target_userid)
target_public_permission = target_user.get('permission')
target_private_permission = PermissionHelper.get_permission(
target_userid, target_schoolid)
if target_private_permission == 4 and modify_private_permission is not None: #如果更改人是校长
return Response.error_response('Cannot Modify Headmaster')
if modify_private_permission is not None:
if modify_private_permission >= private_permission: #不能越界
return Response.error_response(
'Access Denied: Cannot Promote Someone to Superior')
if modify_private_permission < 0: #不能直接退学
return Response.error_response(
'Access Denied: Cannot Tuixue Student Here')
if modify_public_permission is not None:
if modify_public_permission >= public_permission: #不能越界
return Response.error_response(
'Access Denied: Cannot Promote Someone to Superior')
if public_permission > 4: #现在是超级用户,可以随意修改
if target_public_permission >= public_permission: #超级用户也不能修改root权限
return Response.error_response(
'Access Denied: Can\'t modify your superior')
if target_private_permission == 4:
if modify_private_permission is not None:
return Response.error_response(
'Modify Denied: Cannot Demote or Promote Headmaster Here')
if target_schoolid == 0 and modify_private_permission is not None:
return Response.error_response(
'Access Denied: Cannot Modify Schoolless User\'s private permission'
)
UserHelper.modify_user(
target_userid, {
'permission': modify_public_permission,
'realname': realname,
'motto': motto
})
if modify_private_permission is not None:
PermissionHelper.set_permission(target_userid, target_schoolid,
modify_private_permission)
return Response.checked_response('Modify Success')
#之后都是管理员 这时候的权限 < 8
if realname is not None:
return Response.error_response(
'Access Denied: Cannot Modify User Realname')
if motto is not None:
return Response.error_response(
'Access Denied: Cannot Modify User Motto')
if schoolid == 0 and private_permission <= 1: #如果是在野管理员,在学校是屌丝, 则只能修改在野权限
if target_public_permission >= public_permission: #不能改领导权限 或者 同事s
return Response.error_response(
'Access Denied: Can\'t modify your superior')
if modify_private_permission is not None and schoolid == 0: #在野管理员不能修改学校权限
return Response.error_response(
'Access Denied: Not The Same School')
if modify_public_permission is not None: #只可修改在野权限
UserHelper.modify_user(target_userid,
{'permission': modify_public_permission})
return Response.checked_response('Modify Success')
if modify_private_permission is not None and modify_public_permission is not None:
if private_permission < 2 or public_permission < 2:
return Response.error_response('Access Denied: Permission Error')
if target_private_permission >= private_permission:
return Response.error_response(
'Access Denied: Cannot Modify Your Superior')
if target_public_permission >= public_permission:
return Response.error_response(
'Access Denied: Cannot Modify Your Superior')
UserHelper.modify_user(target_userid,
{'permission': modify_public_permission})
if modify_private_permission is not None:
PermissionHelper.set_permission(target_userid, target_schoolid,
modify_private_permission)
return Response.checked_response('Modify Success')
#现在完全是在野屌丝
if target_private_permission >= private_permission: #不能该领导权限 或者 同事
return Response.error_response(
'Access Denied: Can\'t modify your superior')
#现在是有学校的管理员
if target_schoolid != schoolid: #不是一个学校
return Response.error_response('Access Denied: Not The Same School')
if modify_public_permission is not None: #不能改变在野权限
return Response.error_response(
'Access Denied: Can\'t modify public permission')
if modify_private_permission is not None:
PermissionHelper.set_permission(target_userid, target_schoolid,
modify_private_permission)
return Response.checked_response('Modify Success')