refine account managing
This commit is contained in:
parent
1306eea0bd
commit
2556570fc9
@ -87,7 +87,6 @@ def logout():
|
||||
@auth.route('/manage', methods=['POST'])
|
||||
@login_required
|
||||
def manage_post():
|
||||
if current_user.role == "admin":
|
||||
method = request.form.get('method')
|
||||
id = request.form.get('id')
|
||||
email = request.form.get('email')
|
||||
@ -95,20 +94,28 @@ def manage_post():
|
||||
role = request.form.get('role')
|
||||
isActivated = True if request.form.get(
|
||||
'isActivated') == "true" else False
|
||||
if current_user.role == "admin":
|
||||
if method == "update":
|
||||
account = User.query.filter_by(
|
||||
id=id, email=email, name=name).first()
|
||||
if account:
|
||||
print(account)
|
||||
if current_user.id != 1 and account.role == "admin" and role == "user":
|
||||
return "fail 您无权移除管理员!"
|
||||
if current_user.id != 1 and account.isActivated and not isActivated:
|
||||
return "fail 您无权禁用管理员!"
|
||||
|
||||
if db.session.query(User).filter(User.id == id).update({"role": role, "isActivated": isActivated}) and not db.session.commit():
|
||||
time.sleep(0.05)
|
||||
return "success"
|
||||
else:
|
||||
time.sleep(0.1)
|
||||
time.sleep(0.05)
|
||||
return "fail db_commit"
|
||||
time.sleep(1)
|
||||
return "fail no account"
|
||||
if method == "delete":
|
||||
if role == "admin" and id != current_user.id:
|
||||
return "fail 无法直接删除管理员"
|
||||
|
||||
account = User.query.filter_by(
|
||||
id=id, email=email, name=name, role=role, isActivated=isActivated).first()
|
||||
if account:
|
||||
@ -121,5 +128,9 @@ def manage_post():
|
||||
time.sleep(1)
|
||||
return "fail no account"
|
||||
|
||||
if current_user.id == id and current_user.role == "user":
|
||||
flash("暂时无法更改信息")
|
||||
return redirect(url_for('main.index'))
|
||||
|
||||
flash("您无权管理其他账户")
|
||||
return redirect(url_for('main.index'))
|
||||
|
@ -75,8 +75,12 @@
|
||||
data: data,
|
||||
success: null,
|
||||
dataType: null
|
||||
});
|
||||
}).always(function (data) {
|
||||
if (data.startsWith("fail")) {
|
||||
alert(data);
|
||||
}
|
||||
location.reload();
|
||||
});
|
||||
}
|
||||
|
||||
function delete_account(obj) {
|
||||
@ -89,16 +93,31 @@
|
||||
role: account?.children[3]?.children[0].value,
|
||||
isActivated: account?.children[4].children[0].checked
|
||||
}
|
||||
var ret = confirm("确认删除用户\"" + data.name + "\"吗?")
|
||||
if (ret == true) {
|
||||
$.ajax({
|
||||
type: 'POST',
|
||||
url: "{{ url_for('main.manage') }}",
|
||||
data: data,
|
||||
success: null,
|
||||
dataType: null
|
||||
});
|
||||
}).always(function (data) {
|
||||
if (data.startsWith("fail")) {
|
||||
alert(data);
|
||||
}
|
||||
location.reload();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
</script>
|
||||
|
||||
{% with messages = get_flashed_messages() %}
|
||||
{% if messages %}
|
||||
<div class="notification is-danger">
|
||||
{{ messages[0] }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endwith %}
|
||||
|
||||
{% endblock %}
|
@ -45,4 +45,13 @@
|
||||
<!-- 未激活 -->
|
||||
<p class="text-warning">您的账号暂未激活,请等待管理员激活此账号。</p>
|
||||
{% endif %}
|
||||
|
||||
{% with messages = get_flashed_messages() %}
|
||||
{% if messages %}
|
||||
<div class="notification is-danger">
|
||||
{{ messages[0] }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endwith %}
|
||||
|
||||
{% endblock %}
|
Reference in New Issue
Block a user