diff --git a/project/auth.py b/project/auth.py
index f8c6bb9..d27713f 100644
--- a/project/auth.py
+++ b/project/auth.py
@@ -87,28 +87,35 @@ def logout():
@auth.route('/manage', methods=['POST'])
@login_required
def manage_post():
+ method = request.form.get('method')
+ id = request.form.get('id')
+ email = request.form.get('email')
+ name = request.form.get('name')
+ role = request.form.get('role')
+ isActivated = True if request.form.get(
+ 'isActivated') == "true" else False
if current_user.role == "admin":
- method = request.form.get('method')
- id = request.form.get('id')
- email = request.form.get('email')
- name = request.form.get('name')
- role = request.form.get('role')
- isActivated = True if request.form.get(
- 'isActivated') == "true" else False
if method == "update":
account = User.query.filter_by(
id=id, email=email, name=name).first()
if account:
- print(account)
+ if current_user.id != 1 and account.role == "admin" and role == "user":
+ return "fail 您无权移除管理员!"
+ if current_user.id != 1 and account.isActivated and not isActivated:
+ return "fail 您无权禁用管理员!"
+
if db.session.query(User).filter(User.id == id).update({"role": role, "isActivated": isActivated}) and not db.session.commit():
time.sleep(0.05)
return "success"
else:
- time.sleep(0.1)
+ time.sleep(0.05)
return "fail db_commit"
time.sleep(1)
return "fail no account"
if method == "delete":
+ if role == "admin" and id != current_user.id:
+ return "fail 无法直接删除管理员"
+
account = User.query.filter_by(
id=id, email=email, name=name, role=role, isActivated=isActivated).first()
if account:
@@ -121,5 +128,9 @@ def manage_post():
time.sleep(1)
return "fail no account"
+ if current_user.id == id and current_user.role == "user":
+ flash("暂时无法更改信息")
+ return redirect(url_for('main.index'))
+
flash("您无权管理其他账户")
return redirect(url_for('main.index'))
diff --git a/project/templates/manage.html b/project/templates/manage.html
index fed8b3b..0644078 100644
--- a/project/templates/manage.html
+++ b/project/templates/manage.html
@@ -75,8 +75,12 @@
data: data,
success: null,
dataType: null
- });
- location.reload();
+ }).always(function (data) {
+ if (data.startsWith("fail")) {
+ alert(data);
+ }
+ location.reload();
+ });
}
function delete_account(obj) {
@@ -89,16 +93,31 @@
role: account?.children[3]?.children[0].value,
isActivated: account?.children[4].children[0].checked
}
- $.ajax({
- type: 'POST',
- url: "{{ url_for('main.manage') }}",
- data: data,
- success: null,
- dataType: null
- });
- location.reload();
+ var ret = confirm("确认删除用户\"" + data.name + "\"吗?")
+ if (ret == true) {
+ $.ajax({
+ type: 'POST',
+ url: "{{ url_for('main.manage') }}",
+ data: data,
+ success: null,
+ dataType: null
+ }).always(function (data) {
+ if (data.startsWith("fail")) {
+ alert(data);
+ }
+ location.reload();
+ });
+ }
}
+{% with messages = get_flashed_messages() %}
+{% if messages %}
+
+ {{ messages[0] }}
+
+{% endif %}
+{% endwith %}
+
{% endblock %}
\ No newline at end of file
diff --git a/project/templates/profile.html b/project/templates/profile.html
index 75fae8f..67a9d63 100644
--- a/project/templates/profile.html
+++ b/project/templates/profile.html
@@ -45,4 +45,13 @@
您的账号暂未激活,请等待管理员激活此账号。
{% endif %}
+
+{% with messages = get_flashed_messages() %}
+{% if messages %}
+
+ {{ messages[0] }}
+
+{% endif %}
+{% endwith %}
+
{% endblock %}
\ No newline at end of file