修复令牌验证逻辑,修改管理员dashboard,增加退出登录功能
Change-Id: I6a832763126dffd28733269044a1b1956c5b1106
diff --git a/Merge/back_trm/app/routes.py b/Merge/back_trm/app/routes.py
index 20cf99c..b1d1fd6 100644
--- a/Merge/back_trm/app/routes.py
+++ b/Merge/back_trm/app/routes.py
@@ -17,9 +17,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行修改用户角色的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -27,12 +27,12 @@
res=f.giveadmin(data['targetid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f"尝试修改用户{data['targetid']}角色为admin失败,用户不存在",
request.remote_addr)
return jsonify({'status': 'error', 'message': 'User not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'用户角色为admin修改成功,用户ID: {data["targetid"]} 被修改为管理员',
request.remote_addr)
@@ -46,9 +46,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行修改用户角色的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -56,12 +56,12 @@
res=f.giveuser(data['targetid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f"尝试修改用户{data['targetid']}为user失败,用户不存在",
request.remote_addr)
return jsonify({'status': 'error', 'message': 'User not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'用户角色修改成功,用户ID: {data["targetid"]} 被修改为普通用户',
request.remote_addr)
@@ -76,9 +76,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行修改用户角色的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -86,12 +86,12 @@
res=f.givesuperadmin(data['targetid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试修改用户{data["targetid"]}角色为superadmin失败,用户不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'User not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'用户角色修改成功,用户ID: {data["targetid"]} 被修改为超级管理员',
request.remote_addr)
@@ -105,9 +105,11 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
+ print("+++++++++++++++++++++++++++++++++++++++++++++++++")
+ print(checres)
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行获取用户列表的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -121,7 +123,7 @@
'role': datai[2]
})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取用户列表成功',
request.remote_addr)
@@ -135,9 +137,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取帖子列表的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -150,7 +152,7 @@
'title': datai[1],
'status': datai[2]
})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取帖子列表成功',
request.remote_addr)
@@ -163,21 +165,21 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取帖子详情的操作,但是当前用户不是管理员',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Unauthorized'})
res=f.getpost(data['postid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试获取帖子{data["postid"]}失败,帖子不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Post not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
f'获取帖子详情成功,帖子ID: {data["postid"]}',
request.remote_addr)
@@ -190,9 +192,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行帖子审核的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -200,12 +202,12 @@
res=f.review(data['postid'],data['status'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试审核帖子{data["postid"]}失败,帖子不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Post not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'帖子审核成功,帖子ID: {data["postid"]} 状态更新为 {data["status"]}',
request.remote_addr)
@@ -220,9 +222,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行Nginx认证的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -230,12 +232,12 @@
res=f.nginxauth(data['postid'],data['status'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试更新Nginx认证状态失败,帖子{data["postid"]}不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Post not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'Nginx认证状态更新成功,帖子ID: {data["postid"]} 状态更新为 {data["status"]}',
request.remote_addr)
@@ -248,9 +250,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取系统性能消耗的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -258,13 +260,13 @@
res=f.getsyscost()
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'尝试获取系统性能消耗数据失败,数据不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'No performance data found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取系统性能消耗数据成功',
request.remote_addr)
@@ -287,9 +289,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取日志的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -297,13 +299,13 @@
res=f.getrecordlog()
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'尝试获取日志失败,日志不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'No logs found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取日志成功',
request.remote_addr)