第五课内容

lyy8510a · Aug 28, 2018 · d18c404 · d18c404
1 parent 0aa7a0b
commit d18c404
Show file tree

Hide file tree

Showing 15 changed files with 739 additions and 29 deletions.
diff --git a/backend/__init__.py b/backend/__init__.py
@@ -29,6 +29,7 @@ def create_app():
     login_manager.init_app(app)  #第三课增加内容
     # 将变量注册到jinja全局变量
     app.add_template_global(app.config['PROJECTNAME'], 'PROJECTNAME')
+    app.add_template_global(app.config['STATIC_URL'], 'STATIC_URL')
 
 
     # 钩子 在请求执行之前

diff --git a/backend/account/views.py b/backend/account/views.py
@@ -4,25 +4,47 @@
 Created by liaoyangyang1 on 2018/8/22 上午9:40.
 """
 from flask import Blueprint,request,render_template,jsonify,flash  #第二课增加内容
-from flask import redirect,url_for,current_app
-from backend.models.UserModel import User
+from flask import redirect,url_for,abort #第五课新增
+from backend.models.UserModel import User,Role #第五课新增
 from backend.models import db
-from flask_login import login_user,login_required,logout_user #第三课增加内容
-
+from flask_login import login_user,login_required,logout_user,current_user #第三课增加内容 #第五课新增
+from functools import wraps #第五课新增
+from backend.models.UserModel import Permission #第五课新增
+from utils.layout import layout
 
 #账户的蓝图  访问http://host:port/account 这个链接的子链接，都会跳到这里
 account = Blueprint('account', __name__)  #第二课增加内容
 
+
+def permission_required(permission): #第五课新增
+    """Restrict a view to users with the given permission."""
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            if not current_user.can(permission):
+                abort(403)
+            return f(*args, **kwargs)
+        return decorated_function
+    return decorator
+
+
+# 要求管理员权限
+def admin_required(f): #第五课新增
+    return permission_required(Permission.ADMINISTER)(f)
+
 # 访问http://host:port/account/register 这个链接，就会跳到这里
 @account.route('/register',methods=(["GET","POST"]))  #第二课增加内容
 #上面的链接，绑定的就是这个方法，我们给浏览器或者接口请求 一个json格式的返回
 def register():  #第二课增加内容
     if request.method == 'POST':
-        form = request.form
-        user = User(username=form['username'],email=form['email'],password=form['password'])
-        db.session.add(user)
-        db.session.commit()
-        return jsonify(form)
+        try:
+            form = request.form
+            user = User(username=form['username'],email=form['email'],password=form['password'])
+            db.session.add(user)
+            db.session.commit()
+            return redirect(url_for(request.args.get('next') or 'account.login'))
+        except Exception as e:
+            abort(403)
     return render_template('/account/register.html')
 
 @account.route('/login',methods=(["GET","POST"]))
@@ -45,3 +67,48 @@ def logout():
     flash('You have been logged out.', 'info')
     return redirect(url_for('admin.index'))
 
+
+@account.route('/users')
+@login_required
+def user_list(): #第五课新增
+    Role.insert_roles()
+    user_list = User.query.outerjoin(Role, User.role_id == Role.id).all()
+    return layout('/account/users.html',users=user_list)
+
+
+@account.route('/edituser',methods=(["GET","POST"]))
+@login_required
+def user_edit(): #第五课新增
+    if request.method == 'POST':
+        try:
+            form = request.form
+            use_info = User.query.filter(User.id == form['id']).first()
+            use_info.email = form['email']
+            use_info.role_id = form['role_id']
+            db.session.commit()
+            flash('修改用户信息成功！', 'success')
+        except Exception as e:
+            print(e)
+            flash('修改用户信息失败！', 'error')
+        return redirect(url_for(request.args.get('next') or 'account.user_list'))
+
+    id = request.values.get('id')
+    user_info = User.query.filter_by(id=id).first()
+    return layout('/account/edituser.html', user_info=user_info)
+
+@account.route('/deluser')
+@login_required
+def user_del(): #第五课新增
+    try:
+        id = request.values.get('id')
+        user = User.query.filter(User.id == id).first()
+        db.session.delete(user)
+        db.session.commit()
+        flash('删除用户成功！', 'success')
+    except Exception as e:
+        print(e)
+        flash('删除用户失败！', 'error')
+
+    return redirect(url_for(request.args.get('next') or 'account.user_list'))
+
+
diff --git a/backend/admin/views.py b/backend/admin/views.py
@@ -5,10 +5,11 @@
 """
 from flask import Blueprint,render_template
 from backend.account.views import login_required
-
+from utils.layout import layout
 admin = Blueprint('admin', __name__)
 
 
+
 @admin.route('/')
 def index():
-    return render_template('/base/index.html')
+    return layout('/base/index.html')
diff --git a/backend/models/UserModel.py b/backend/models/UserModel.py
@@ -7,13 +7,72 @@
 from werkzeug.security import check_password_hash, generate_password_hash  #第二课增加内容
 from backend.models import db  #第二课增加内容
 from backend.views import login_manager #第三课新增
+from flask import current_app #第五课内容
+
+
+class Permission: #第五课内容
+    GENERAL = 0x01
+    ADMINISTER = 0xff
+
+class Role(db.Model): #第五课内容
+    __tablename__ = 'roles'
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(64), unique=True)
+    index = db.Column(db.String(64))
+    default = db.Column(db.Boolean, default=False, index=True)
+    permissions = db.Column(db.Integer)
+    users = db.relationship('User', backref='role', lazy='dynamic')
+
+    @staticmethod
+    def insert_roles():
+        roles = {
+            'User': (Permission.GENERAL, 'main', True),
+            'Administrator': (
+                Permission.ADMINISTER,
+                'admin',
+                False  # grants all permissions
+            )
+        }
+        for r in roles:
+            role = Role.query.filter_by(name=r).first()
+            if role is None:
+                role = Role(name=r)
+            role.permissions = roles[r][0]
+            role.index = roles[r][1]
+            role.default = roles[r][2]
+            db.session.add(role)
+        db.session.commit()
+
+    def __repr__(self):
+        return '<Role \'%s\'>' % self.name
+
+
 
 class User(UserMixin, db.Model):  #第二课增加内容
     __tablename__ = 'users'  #这是我们将来建出来的表的表名，在这里定义，下面的都是字段名和字段类型长度这些
     id = db.Column(db.Integer, primary_key=True)
     username = db.Column(db.String(64), index=True)
     email = db.Column(db.String(64), unique=True, index=True)
     password_hash = db.Column(db.String(128))
+    role_id = db.Column(db.Integer, db.ForeignKey('roles.id'))  #第五课内容
+
+    def __init__(self, **kwargs): #第五课内容
+        super(User, self).__init__(**kwargs)
+        print(self)
+        if self.role is None:
+            if self.username == current_app.config['ADMIN_USER'] or self.email == current_app.config['ADMIN_EMAIL']:
+                self.role = Role.query.filter_by(
+                    permissions=Permission.ADMINISTER).first()
+            if self.role is None:
+                self.role = Role.query.filter_by(default=True).first()
+
+    def can(self, permissions): #第五课内容
+        return self.role is not None and \
+            (self.role.permissions & permissions) == permissions
+
+    def is_admin(self): #第五课内容
+        return self.can(Permission.ADMINISTER)
+
 
     #脱敏
     @property

diff --git a/config/config.py b/config/config.py
@@ -15,7 +15,8 @@ class Config(object):
     PROJECTNAME = 'MYPROJECT'
     # 端口
     PORT = 10101
-
+    ADMIN_USER = 'admin'
+    ADMIN_EMAIL = '51263921@qq.com'
     SECRET_KEY = '1234567890!@#$%^&*()'
 
 class ProdConfig(Config):
@@ -33,6 +34,7 @@ class SitConfig(Config):
     DEBUG = True
     # 主机ip地址
     HOST = '127.0.0.1'
+    STATIC_URL = "http://{0}:{1}/static".format(HOST,Config.PORT)
 
     # # 数据库配置
     MYSQL_HOST = '127.0.0.1'  #此处修改为您的mysql的主机IP

diff --git a/frontend/account/edituser.html b/frontend/account/edituser.html
@@ -0,0 +1,67 @@
+{% extends 'base/layout.html'  %}
+{% block content %}
+
+
+<div class="wrapper wrapper-content">
+    <div class="container-fluid">
+        <div class="row">
+            <div class="col-lg-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>编辑用户信息</h5>
+
+                    </div>
+                    <div class="ibox-content">
+                        <form action="/account/edituser" class="form-horizontal" enctype="multipart/form-data"  method="post" >
+
+                             <input type="hidden" name="id" value="{{ user_info.id }}">
+                             <div class="form-group">
+                                <label class="col-lg-2 control-label">id：</label>
+                                <div class="col-lg-6"><input type="text"  name="id" class="form-control" value="{{ user_info.id }}" disabled></div>
+                             </div>
+                             <div class="hr-line-dashed" ></div>
+                             <div class="form-group">
+                                <label class="col-lg-2 control-label">用户名：</label>
+                                <div class="col-lg-6"><input type="text"  name="username" class="form-control" value="{{ user_info.username }}" disabled></div>
+                             </div>
+                             <div class="hr-line-dashed" ></div>
+                             <div class="form-group">
+                                <label class="col-lg-2 control-label">EMAIL：</label>
+                                <div class="col-lg-6"><input type="text"  name="email" class="form-control" value="{{ user_info.email }}" ></div>
+                             </div>
+                            <div class="hr-line-dashed" ></div>
+                            <div class="form-group">
+                                <label class="col-lg-2 control-label">角色：</label>
+                                <div class="col-lg-6">
+                                    <select name="role_id" class="form-control">
+                                        {%  if user_info.role_id %}
+                                            <option value="{{user_info.role_id}}">{% if user_info.role_id ==1 %}普通用户{% else %}管理员{% endif %}</option>
+                                            <option value="1">普通用户</option>
+                                            <option value="2">管理员</option>
+                                        {% else %}
+                                            <option value="">请选择</option>
+                                            <option value="1">普通用户</option>
+                                            <option value="2">管理员</option>
+                                        {% endif %}
+                                    </select>
+                                </div>
+                             </div>
+                            <div class="hr-line-dashed" ></div>
+                             <div class="form-group">
+                                 <div class="col-lg-2">
+                                 </div>
+                                 <div class="col-lg-4">
+                                    <button type="submit" class="btn btn-primary" >保存</button>
+                                 </div>
+                             </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+
+        </div>
+    </div>
+</div>
+
+
+{% endblock %}
diff --git a/frontend/account/users.html b/frontend/account/users.html
@@ -0,0 +1,91 @@
+<!--第四课内容 -->
+{% extends 'base/layout.html' %}
+
+<!--第四课内容 下面是正文-->
+{% block content %}
+    <div class="wrapper wrapper-content">
+        <div class="row">
+            <div class="col-lg-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{{tag}}</h5>
+                    </div>
+                    <div class="ibox-content">
+                        <div class="row">
+
+                            <div class="table-responsive">
+                                <table class="table table-striped table-bordered table-hover dataTables-example">
+                                  <thead>
+                                     <tr>
+                                        <th>ID</th>
+                                        <th>用户名</th>
+                                        <th>Email</th>
+                                        <th>角色</th>
+                                        <th>操作</th>
+                                     </tr>
+                                  </thead>
+                                  <tbody>
+                                      {% if current_user.role_id == 2 %}
+                                          {% for user in users %}
+                                                <tr>
+                                                    <td>{{user.id}}</td>
+                                                    <td>{{user.username}}</td>
+                                                    <td>{{user.email}}</td>
+                                                    <td>{{user.role.name}}</td>
+                                                    <td><a href="">修改密码</a> | <a href="/account/edituser?id={{user.id}}">编辑</a> | <a href="/account/deluser?id={{user.id}}">删除</a></td>
+                                                </tr>
+                                          {% endfor %}
+                                      {% else %}
+                                          {% for user in users %}
+                                                {% if user.id == current_user.id %}
+                                                    <tr>
+                                                        <td>{{user.id}}</td>
+                                                        <td>{{user.username}}</td>
+                                                        <td>{{user.email}}</td>
+                                                        <td>{{user.role.name}}</td>
+                                                        <td><a href="">修改密码</a></td>
+                                                    </tr>
+                                                {% endif %}
+                                          {% endfor %}
+                                      {% endif %}
+                                  </tbody>
+                                </table>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+<script>
+    $(document).ready(function() {
+          $('.dataTables-example').DataTable({
+                dom: '<"html5buttons"B>lTfgitp',
+                buttons: [
+                    { extend: 'copy'},
+                    {extend: 'csv'},
+                    {extend: 'excel', title: 'ExampleFile'},
+                    {extend: 'pdf', title: 'ExampleFile'},
+
+                    {extend: 'print',
+                     customize: function (win){
+                            $(win.document.body).addClass('white-bg');
+                            $(win.document.body).css('font-size', '10px');
+
+                            $(win.document.body).find('table')
+                                    .addClass('compact')
+                                    .css('font-size', 'inherit');
+                    }
+                    }
+                ]
+            });
+    })
+
+
+</script>
+
+
+{% endblock %}
+
+