refine account managing
This commit is contained in:
parent
1306eea0bd
commit
2556570fc9
@ -87,7 +87,6 @@ def logout():
|
|||||||
@auth.route('/manage', methods=['POST'])
|
@auth.route('/manage', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
def manage_post():
|
def manage_post():
|
||||||
if current_user.role == "admin":
|
|
||||||
method = request.form.get('method')
|
method = request.form.get('method')
|
||||||
id = request.form.get('id')
|
id = request.form.get('id')
|
||||||
email = request.form.get('email')
|
email = request.form.get('email')
|
||||||
@ -95,20 +94,28 @@ def manage_post():
|
|||||||
role = request.form.get('role')
|
role = request.form.get('role')
|
||||||
isActivated = True if request.form.get(
|
isActivated = True if request.form.get(
|
||||||
'isActivated') == "true" else False
|
'isActivated') == "true" else False
|
||||||
|
if current_user.role == "admin":
|
||||||
if method == "update":
|
if method == "update":
|
||||||
account = User.query.filter_by(
|
account = User.query.filter_by(
|
||||||
id=id, email=email, name=name).first()
|
id=id, email=email, name=name).first()
|
||||||
if account:
|
if account:
|
||||||
print(account)
|
if current_user.id != 1 and account.role == "admin" and role == "user":
|
||||||
|
return "fail 您无权移除管理员!"
|
||||||
|
if current_user.id != 1 and account.isActivated and not isActivated:
|
||||||
|
return "fail 您无权禁用管理员!"
|
||||||
|
|
||||||
if db.session.query(User).filter(User.id == id).update({"role": role, "isActivated": isActivated}) and not db.session.commit():
|
if db.session.query(User).filter(User.id == id).update({"role": role, "isActivated": isActivated}) and not db.session.commit():
|
||||||
time.sleep(0.05)
|
time.sleep(0.05)
|
||||||
return "success"
|
return "success"
|
||||||
else:
|
else:
|
||||||
time.sleep(0.1)
|
time.sleep(0.05)
|
||||||
return "fail db_commit"
|
return "fail db_commit"
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
return "fail no account"
|
return "fail no account"
|
||||||
if method == "delete":
|
if method == "delete":
|
||||||
|
if role == "admin" and id != current_user.id:
|
||||||
|
return "fail 无法直接删除管理员"
|
||||||
|
|
||||||
account = User.query.filter_by(
|
account = User.query.filter_by(
|
||||||
id=id, email=email, name=name, role=role, isActivated=isActivated).first()
|
id=id, email=email, name=name, role=role, isActivated=isActivated).first()
|
||||||
if account:
|
if account:
|
||||||
@ -121,5 +128,9 @@ def manage_post():
|
|||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
return "fail no account"
|
return "fail no account"
|
||||||
|
|
||||||
|
if current_user.id == id and current_user.role == "user":
|
||||||
|
flash("暂时无法更改信息")
|
||||||
|
return redirect(url_for('main.index'))
|
||||||
|
|
||||||
flash("您无权管理其他账户")
|
flash("您无权管理其他账户")
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
|
@ -75,8 +75,12 @@
|
|||||||
data: data,
|
data: data,
|
||||||
success: null,
|
success: null,
|
||||||
dataType: null
|
dataType: null
|
||||||
});
|
}).always(function (data) {
|
||||||
|
if (data.startsWith("fail")) {
|
||||||
|
alert(data);
|
||||||
|
}
|
||||||
location.reload();
|
location.reload();
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function delete_account(obj) {
|
function delete_account(obj) {
|
||||||
@ -89,16 +93,31 @@
|
|||||||
role: account?.children[3]?.children[0].value,
|
role: account?.children[3]?.children[0].value,
|
||||||
isActivated: account?.children[4].children[0].checked
|
isActivated: account?.children[4].children[0].checked
|
||||||
}
|
}
|
||||||
|
var ret = confirm("确认删除用户\"" + data.name + "\"吗?")
|
||||||
|
if (ret == true) {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
url: "{{ url_for('main.manage') }}",
|
url: "{{ url_for('main.manage') }}",
|
||||||
data: data,
|
data: data,
|
||||||
success: null,
|
success: null,
|
||||||
dataType: null
|
dataType: null
|
||||||
});
|
}).always(function (data) {
|
||||||
|
if (data.startsWith("fail")) {
|
||||||
|
alert(data);
|
||||||
|
}
|
||||||
location.reload();
|
location.reload();
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
{% with messages = get_flashed_messages() %}
|
||||||
|
{% if messages %}
|
||||||
|
<div class="notification is-danger">
|
||||||
|
{{ messages[0] }}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
{% endwith %}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
@ -45,4 +45,13 @@
|
|||||||
<!-- 未激活 -->
|
<!-- 未激活 -->
|
||||||
<p class="text-warning">您的账号暂未激活,请等待管理员激活此账号。</p>
|
<p class="text-warning">您的账号暂未激活,请等待管理员激活此账号。</p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% with messages = get_flashed_messages() %}
|
||||||
|
{% if messages %}
|
||||||
|
<div class="notification is-danger">
|
||||||
|
{{ messages[0] }}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
{% endwith %}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
Reference in New Issue
Block a user