def delete(self, uid): user = g.current_user lid = user.selecting_library_id attribute = Attribute.query.filter_by(lid=lid, uid=uid).first_or_404() with db.auto_commit(): db.session.delete(attribute) return DeleteSuccess()
def generate_test_can(self): with db.auto_commit(): for role_name, permission_names in role_permission_map.items(): role = Role.query.filter_by(name=role_name).first() for permission_name in permission_names: permission = Permission.query.filter_by(name=permission_name).first() role.permissions.append(permission)
def generate_test_borrows(self): with db.auto_commit(): borrow_date = datetime.utcnow() borrow = Borrow(uid=self.creator.id, lid=self.library.id, bid=self.borrowed_book.id, borrow_date=borrow_date, deadtime=borrow_date+timedelta(3), state=BorrowState.A) db.session.add(borrow)
def test_can(self): @self.app.route("/nothing") @auth_required @select_library @can("nothing") def nothing(): return "nothing" @self.app.route("/testing") @auth_required @select_library @can("BORROW") def func(): return "hello world" token = self.get_token() with db.auto_commit(): user = User.query.filter_by(email="*****@*****.**").first() library = Library.query.filter_by(name="test_library").first() user.selecting_library = library response = self.client.get(url_for("nothing"), token=token) self.assertEqual(response.status_code, 403) response = self.client.get(url_for("func"), token=token) self.assertEqual(response.status_code, 200) self.assertTrue(b"hello world" in response.data)
def get(self, lid): user = g.current_user if not user.can("SELECT_LIBRARY", lid): return PermissionDenied() with db.auto_commit(): user.selecting_library_id = lid return Success()
def register(): """ 用户注册 :param email:用户邮箱 :param phone:用户手机号 :param password:用户明文密码 :return: """ form = RegisterForm().validate_for_api() email = form.email.data phone = form.phone.data password = form.password.data user = User.query.filter_by(email=email).first() if user is not None: return EmailAlreadyExist() user = User.query.filter_by(phone=phone).first() if user is not None: return PhoneAlreadyExist() with db.auto_commit(): user = User(email=email, phone=phone) user.set_password(password) db.session.add(user) return Success()
def generate_test_rtype(self): with db.auto_commit(): self.golden = RType(name="golden reader", date=100, num=10) self.sliver = RType(name="sliver reader", date=50, num=5) self.copper = RType(name="copper reader", date=25, num=3) db.session.add(self.golden) db.session.add(self.sliver) db.session.add(self.copper)
def put(self, lid): # 更改图书馆信息 if not g.current_user.can("UPDATE_LIBRARY_INFO", lid): return PermissionDenied() form = LibraryForm().validate_for_api() name = form.name.data library = Library.query.get(lid) with db.auto_commit(): library.name = name return Success()
def put(self, uid): form = MemberForm().validate_for_api() type = form.type.data rid = form.type.data user = g.current_user lid = user.selecting_library_id attribute = Attribute.query.filter_by(uid=uid, lid=lid).first_or_404() with db.auto_commit(): attribute.rid = rid or attribute.rid attribute.type = type or attribute.type return Success()
def initdb(drop): if drop: click.confirm("This operation will drop the database, do you want to continue?", abort=True) db.drop_all() click.echo("Drop databases") db.create_all() if drop: with db.auto_commit(): init_rtype() init_permission() init_role() init_can() click.echo("Create databases")
def get(self, lid): user = g.current_user attribute = Attribute.query.filter_by(uid=user.id, lid=lid).first() if attribute is not None: return AlreadyJoin() role = Role.query.filter_by(name="under_review").first() copper = RType.query.filter_by(name="copper reader").first() with db.auto_commit(): attribute = Attribute(uid=user.id, lid=lid, rid=role.id, type=copper.id) db.session.add(attribute) return Success()
def put(self, bid): book = Book.query.get_or_404(bid) user = g.current_user lid = user.selecting_library_id # 判断是否有权限 if book.lid != lid: return PermissionDenied() # 查找在借图书,如果没有则返回404错误 borrow = Borrow.query.filter_by(bid=bid, state=BorrowState.A).first_or_404() with db.auto_commit(): borrow.return_date = datetime.utcnow() borrow.state = BorrowState.B book.status = BookStatus.A return Success()
def generate_test_sample(self): self.generate_test_users() self.generate_test_libraries() self.generate_test_rtype() self.generate_test_attributes() self.generate_test_books() self.generate_test_borrows() self.generate_test_roles() self.generate_test_permissions() self.generate_test_can() with db.auto_commit(): self.creator.selecting_library_id = self.library.id self.admin.selecting_library_id = self.library.id self.user.selecting_library_id = self.library.id
def generate_test_books(self): with db.auto_commit(): self.normal_book = Book(lid=self.library.id, status=BookStatus.A, title="test1", author="nobody", isbn="1234567891011") self.borrowed_book = Book(lid=self.library.id, status=BookStatus.B, title="test2", author="nobody", isbn="1234567891011") self.destroyed_book = Book(lid=self.library.id, status=BookStatus.C, title="test3", author="nobody", isbn="1234567891011") self.lost_book = Book(lid=self.library.id, status=BookStatus.D, title="test4", author="nobody", isbn="1234567891011") db.session.add(self.normal_book) db.session.add(self.borrowed_book) db.session.add(self.destroyed_book) db.session.add(self.lost_book)
def delete(self, bid): book = Book.query.get_or_404(bid) lid = book.lid user = g.current_user # 搜索对应order,没有则直接404 order = Borrow.query.filter_by(uid=user.id, lid=lid, bid=bid, state=BorrowState.C).first_or_404() # 搜索到则更改对应状态 with db.auto_commit(): order.state = BorrowState.D book.status = BookStatus.A return DeleteSuccess()
def generate_test_users(self): with db.auto_commit(): self.creator = User(email="*****@*****.**", phone="13912345678", gender="m", name="creator") self.admin = User(email="*****@*****.**", phone="13812345678", gender="m", name="admin") self.user = User(email="*****@*****.**", phone="13712345678", gender="m", name="user") self.under_review = User(email="*****@*****.**", phone="13612345678", gender="m", name="under_review") self.creator.set_password("123456") self.admin.set_password("123456") self.user.set_password("123456") self.under_review.set_password("123456") db.session.add(self.creator) db.session.add(self.admin) db.session.add(self.user) db.session.add(self.under_review)
def post(self): # 创建图书馆 form = LibraryForm().validate_for_api() name = form.name.data with db.auto_commit(): new_library = Library(name=name, status=LibraryStatus.A) db.session.add(new_library) db.session.flush() golden = RType.query.filter_by(name="golden reader").first() creator = Role.query.filter_by(name="creator").first() creator_attribute = Attribute(lid=new_library.id, uid=g.current_user.id, type=golden.id, rid=creator.id) db.session.add(creator_attribute) return Success()
def put(self, bid): book = self.get_book(bid) form = BookUpdateForm().validate_for_api() isbn = form.isbn.data status = form.status.data title = form.title.data author = form.author.data image_urls = form.image_urls.data with db.auto_commit(): book.isbn = isbn or book.isbn book.status = status or book.status book.title = title or book.title book.author = author or book.author book.image_urls = image_urls or book.image_urls return Success()
def post(self): form = BookForm().validate_for_api() isbn = form.isbn.data title = form.title.data author = form.author.data image_urls = form.image_urls.data lid = g.current_user.selecting_library_id with db.auto_commit(): book = Book(lid=lid, isbn=isbn, status=BookStatus.A, title=title, author=author, image_urls=image_urls) db.session.add(book) return Success()
def test_select_library(self): self.assertEqual(self.admin.selecting_library_id, self.library.id) token = self.get_token(self.admin) lid = self.library2.id response = self.client.get(url_for("api_v1.select_library", lid=lid), headers=[("Authorization", "Bearer " + token)]) self.assertEqual(response.status_code, 201) self.assertEqual(self.admin.selecting_library_id, lid) with db.auto_commit(): library = Library(name="test_library2", status=LibraryStatus.A) db.session.add(library) response = self.client.get(url_for("api_v1.select_library", lid=library.id), headers=[("Authorization", "Bearer " + token)]) self.assertEqual(response.status_code, 403)
def generate_test_attributes(self): with db.auto_commit(): creator_attribute = Attribute(uid=self.creator.id, lid=self.library.id, rid=1, type=self.golden.id) admin_attribute = Attribute(uid=self.admin.id, lid=self.library.id, rid=2, type=self.sliver.id) user_attribute = Attribute(uid=self.user.id, lid=self.library.id, rid=3, type=self.copper.id) under_review_attribute = Attribute(uid=self.under_review.id, lid=self.library.id, rid=4, type=self.copper.id) admin_attribute2 = Attribute(uid=self.admin.id, lid=self.library2.id, rid=2, type=self.golden.id) db.session.add(creator_attribute) db.session.add(admin_attribute) db.session.add(user_attribute) db.session.add(under_review_attribute) db.session.add(admin_attribute2)
def post(self, bid): book = Book.query.get_or_404(bid) user = g.current_user lid = user.selecting_library_id # 非本图书馆图书 if book.lid != lid: return PermissionDenied() # 图书不在库 if book.status != BookStatus.A and book.status != BookStatus.C: return CanNotBorrow() attribute = Attribute.query.filter_by(lid=lid, uid=user.id).first() borrow_num = attribute.rtype.num # todo: optimize sql borrow_count = Borrow.query.filter_by(uid=user.id, lid=lid, state=BorrowState.A).count() order_count = Borrow.query.filter_by(uid=user.id, lid=lid, state=BorrowState.C).count() # 超出可借阅数量 if borrow_count + order_count >= borrow_num: return CanNotBorrow() borrow_date = attribute.rtype.date # todo: 预约情况 with db.auto_commit(): now = datetime.utcnow() book.status = BookStatus.B borrow = Borrow.query.filter_by(uid=user.id, lid=lid, bid=bid, state=BorrowState.C).first() if borrow is None: borrow = Borrow(uid=user.id, lid=lid, bid=bid, borrow_date=now, deadtime=now+timedelta(borrow_date), create_date=now, state=BorrowState.A) db.session.add(borrow) else: borrow.borrow_date = now borrow.deadtime = now+timedelta(borrow_date) borrow.state = BorrowState.A return Success()
def post(self, bid): book = Book.query.get_or_404(bid) user = g.current_user lid = user.selecting_library_id if book.lid != lid: return PermissionDenied() if book.status != BookStatus.A: return CanNotOrder() with db.auto_commit(): now = datetime.utcnow() book.status = BookStatus.E order = Borrow(uid=user.id, lid=lid, bid=bid, create_date=now, state=BorrowState.C) db.session.add(order) return Success()
def test_get_book_info(self): response = self.client.get(url_for("api_v1.book_api", bid=self.normal_book.id), token=self.get_token(self.under_review)) self.assertEqual(response.status_code, 400) with db.auto_commit(): self.under_review.selecting_library_id = self.library.id response = self.client.get(url_for("api_v1.book_api", bid=self.normal_book.id), token=self.get_token(self.under_review)) self.assertEqual(response.status_code, 403) response = self.client.get(url_for("api_v1.book_api", bid=self.normal_book.id), token=self.get_token()) self.assertEqual(response.status_code, 200) data = response.get_json() self.assertEqual(data["id"], self.normal_book.id) self.assertEqual(data["lid"], self.normal_book.lid) self.assertEqual(data["isbn"], self.normal_book.isbn) self.assertEqual(data["status"], self.normal_book.status.value) self.assertEqual(data["title"], self.normal_book.title) self.assertEqual(data["author"], self.normal_book.author)
def test_join_library(self): token = self.get_token() lid = self.creator.selecting_library_id response = self.client.get(url_for("api_v1.join_library", lid=lid), headers=[("Authorization", "Bearer " + token)]) self.assertEqual(response.status_code, 403) with db.auto_commit(): user = User(name="testUser", gender="m", phone="13412345678", email="*****@*****.**") user.set_password("123456") db.session.add(user) token = self.get_token(user) lid = self.library.id response = self.client.get(url_for("api_v1.join_library", lid=lid), headers=[("Authorization", "Bearer " + token)]) self.assertEqual(response.status_code, 201) attribute = Attribute.query.filter_by(uid=user.id, lid=lid).first() self.assertIsNotNone(attribute) self.assertEqual(attribute.type, self.copper.id)
def delete(self, bid): book = self.get_book(bid) with db.auto_commit(): db.session.delete(book) return DeleteSuccess()
def generate_test_roles(self): with db.auto_commit(): for role in ROLES: r = Role(name=role) db.session.add(r)
def generate_test_permissions(self): with db.auto_commit(): for permission in PERMISSIONS: p = Permission(name=permission) db.session.add(p)
def generate_test_libraries(self): with db.auto_commit(): self.library = Library(name="test_library", status=LibraryStatus.A) self.library2 = Library(name="test_library2", status=LibraryStatus.A) db.session.add(self.library) db.session.add(self.library2)