From f5ea16489bb9574af70321d135bc3ada52dc12f4 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Tue, 25 Jun 2024 14:30:37 +0100 Subject: [PATCH 01/12] =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E7=BC=96?= =?UTF-8?q?=E8=BE=91=E7=94=A8=E6=88=B7=E5=B1=9E=E6=80=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back_end/saolei/userprofile/urls.py | 2 + back_end/saolei/userprofile/views.py | 33 +++++++++++- back_end/saolei/utils/response.py | 33 ++++++++++++ front_end/src/App.vue | 2 +- front_end/src/i18n/locales/zh-cn.ts | 9 ++++ front_end/src/router/index.ts | 5 ++ front_end/src/store/index.ts | 1 + front_end/src/utils/system/status.ts | 25 +++++++++ front_end/src/views/SettingView.vue | 8 ++- front_end/src/views/StaffView.vue | 80 ++++++++++++++++++++++++++++ 10 files changed, 195 insertions(+), 3 deletions(-) create mode 100644 back_end/saolei/utils/response.py create mode 100644 front_end/src/utils/system/status.ts create mode 100644 front_end/src/views/StaffView.vue diff --git a/back_end/saolei/userprofile/urls.py b/back_end/saolei/userprofile/urls.py index 822508bf..1365e4f8 100644 --- a/back_end/saolei/userprofile/urls.py +++ b/back_end/saolei/userprofile/urls.py @@ -16,6 +16,8 @@ path('get_email_captcha/',views.get_email_captcha), path('modify_realname/',views.modify_realname_n), path('modify/',views.modify_n), + path('get/',views.get_userProfile), + path('set/',views.set_userProfile), # path('captcha/captcha', views.captcha, name='captcha'), # path('edit//', views.profile_edit, name='edit'), diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index b980d140..5d6ddf91 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -14,7 +14,7 @@ from django.utils import timezone from django.conf import settings from config.flags import EMAIL_SKIP - +from utils.response import * # Create your views here. @@ -334,3 +334,34 @@ def modify_n(request): else: return HttpResponse("别瞎玩") +get_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "is_banned"] + +def get_userProfile(request): + if request.user.is_staff and request.method == 'GET': + response = UserProfile.objects.filter(id=request.GET["id"]).values(*get_userProfile_fields)[0] + return JsonResponse(response) + else: + return HttpResponse("别瞎玩") + +set_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "is_banned"] +def set_userProfile(request): + try: + if request.method == 'GET': + if not request.user.is_staff: + return PermissionDeniedResponse() # 非管理员不能使用该api + userid = request.GET.get("id") + user = UserProfile.objects.get(id=userid) + if user.is_staff and user != request.user: + return PermissionDeniedResponse() # 不能修改除自己以外管理员的信息 + field = request.GET.get("field") + if field not in set_userProfile_fields: + return PermissionDeniedResponse() # 只能修改特定的域 + value = request.GET.get("value") + logger.info(f'{request.user.id}(staff) changes {userid}.{field} from {getattr(user, field)} to {value}') + setattr(user, field, value) + user.save() + return SuccessResponse() + else: + return UnrecognisedRequestResponse() + except: + return BackendErrorResponse() \ No newline at end of file diff --git a/back_end/saolei/utils/response.py b/back_end/saolei/utils/response.py new file mode 100644 index 00000000..e59d3e5f --- /dev/null +++ b/back_end/saolei/utils/response.py @@ -0,0 +1,33 @@ +from django.http import JsonResponse + +def StatusResponse(status, msg=""): + if msg == "": + JsonResponse({'status': status}) + else: + JsonResponse({'status': status, 'message': msg}) + +### List of Statuses ### + +## 1xx - Success +# 100 - General Success + +## 2xx - Error +# 200 - General Error +# 201 - Permission Denied +# 202 - Backend Error +# 203 - Unrecognised Request + +def SuccessResponse(msg=""): + StatusResponse(100, msg) + +def ErrorResponse(msg=""): + StatusResponse(200, msg) + +def PermissionDeniedResponse(msg=""): + StatusResponse(201, msg) + +def BackendErrorResponse(msg=""): + StatusResponse(202, msg) + +def UnrecognisedRequestResponse(msg=""): + StatusResponse(203, msg) \ No newline at end of file diff --git a/front_end/src/App.vue b/front_end/src/App.vue index 9f4e014e..34ab5bce 100644 --- a/front_end/src/App.vue +++ b/front_end/src/App.vue @@ -214,7 +214,7 @@ body { height: v-bind("local.menu_height + 'px'"); position: fixed; width: 100%; - z-index: 2010; + z-index: 1010; //message的z索引为2015 user-select: none; overflow-x: auto; overflow-y: hidden; diff --git a/front_end/src/i18n/locales/zh-cn.ts b/front_end/src/i18n/locales/zh-cn.ts index 8c2f5867..d31e625d 100644 --- a/front_end/src/i18n/locales/zh-cn.ts +++ b/front_end/src/i18n/locales/zh-cn.ts @@ -4,6 +4,9 @@ export const zhCn = { local: 'zh-cn', name: '简体中文', common: { + action: { + setUserProfile: '修改用户', + }, hide: '隐藏', level: { b: '初级', @@ -17,7 +20,10 @@ export const zhCn = { dg: '递归' }, msg: { + actionFail: '{0}失败!', + actionSuccess: '{0}成功', agreeTAC: '请同意用户协议!', + backendError: '后端发生错误', confirmPasswordFail: '两次输入的密码不一致!', connectionFail: '无法连接到服务器!', emailCodeSent: '获取验证码成功,请至邮箱查看!', @@ -31,6 +37,9 @@ export const zhCn = { invalidUsername: '用户名格式不正确!长度不超过20位。', logoutFail: '退出失败!', logoutSuccess: '退出成功!', + permissionDenied: '权限不足', + unknownError: '发生未知错误', + unrecognisedRequest: '无法识别的请求', }, prop: { action: '操作', diff --git a/front_end/src/router/index.ts b/front_end/src/router/index.ts index 42a043aa..e2e02a65 100644 --- a/front_end/src/router/index.ts +++ b/front_end/src/router/index.ts @@ -52,6 +52,11 @@ const routes: Array = [ name: 'upload', component: () => import('../views/UploadView.vue') }, + { + path: '/staff', + name: 'staff', + component: () => import('../views/StaffView.vue') + }, ] const router = createRouter({ diff --git a/front_end/src/store/index.ts b/front_end/src/store/index.ts index c141e5fc..47bd1291 100644 --- a/front_end/src/store/index.ts +++ b/front_end/src/store/index.ts @@ -36,6 +36,7 @@ export const useLocalStore = defineStore('local', { menu_font_size: 18, menu_height: 60, menu_icon: false, + notification_duration: 4500, }), persist: true, }) \ No newline at end of file diff --git a/front_end/src/utils/system/status.ts b/front_end/src/utils/system/status.ts new file mode 100644 index 00000000..38597ef3 --- /dev/null +++ b/front_end/src/utils/system/status.ts @@ -0,0 +1,25 @@ +import { useLocalStore } from "@/store"; +import { ElNotification } from "element-plus" +import { useI18n } from 'vue-i18n'; +const local = useLocalStore(); +const t = useI18n(); + +const notificationType = ['', 'success', 'error']; +const notificationTitle = ['', 'common.msg.actionSuccess', 'common.msg.actionFail']; +const notificationMessage: { [code: number]: string} = { + 100: '', + 200: 'common.msg.unknownError', + 201: 'common.msg.permissionDenied', + 202: 'common.msg.backendError', + 203: 'common.msg.unrecognisedRequest', +}; + +export function generalNotification(status: number, action: string) { + let type = Math.floor(status / 100); + ElNotification({ + title: t.t(notificationTitle[type], [action]), + message: t.t(notificationMessage[status]), + type: notificationType[type], + duration: local.notification_duration, + }) +} \ No newline at end of file diff --git a/front_end/src/views/SettingView.vue b/front_end/src/views/SettingView.vue index 3d078497..7212091c 100644 --- a/front_end/src/views/SettingView.vue +++ b/front_end/src/views/SettingView.vue @@ -7,7 +7,13 @@ - + + + + + {{ store.user.id }} diff --git a/front_end/src/views/StaffView.vue b/front_end/src/views/StaffView.vue new file mode 100644 index 00000000..51e02192 --- /dev/null +++ b/front_end/src/views/StaffView.vue @@ -0,0 +1,80 @@ + + + \ No newline at end of file From d181478a5aa967b07c576685d650d47a9c374d2b Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Tue, 25 Jun 2024 14:31:01 +0100 Subject: [PATCH 02/12] Update package.json --- front_end/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/front_end/package.json b/front_end/package.json index ac89545f..289f01a3 100644 --- a/front_end/package.json +++ b/front_end/package.json @@ -19,7 +19,7 @@ "@types/node": "^20.5.1", "axios": "^1.7.2", "echarts": "^5.5.0", - "element-plus": "^2.2.32", + "element-plus": "^2.7.0", "flag-icon-css": "^4.1.7", "highlight.js": "^11.9.0", "image-conversion": "^2.1.1", From 2621967cb04c5652e7a42f2d8fd4c2764988ed05 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 07:23:20 +0100 Subject: [PATCH 03/12] change to POST --- back_end/saolei/userprofile/views.py | 8 ++++---- back_end/saolei/utils/response.py | 14 +++++++------- front_end/src/utils/system/status.ts | 4 +--- front_end/src/views/StaffView.vue | 8 ++++---- 4 files changed, 16 insertions(+), 18 deletions(-) diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index 5d6ddf91..935b7b69 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -346,17 +346,17 @@ def get_userProfile(request): set_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "is_banned"] def set_userProfile(request): try: - if request.method == 'GET': + if request.method == 'POST': if not request.user.is_staff: return PermissionDeniedResponse() # 非管理员不能使用该api - userid = request.GET.get("id") + userid = request.POST.get("id") user = UserProfile.objects.get(id=userid) if user.is_staff and user != request.user: return PermissionDeniedResponse() # 不能修改除自己以外管理员的信息 - field = request.GET.get("field") + field = request.POST.get("field") if field not in set_userProfile_fields: return PermissionDeniedResponse() # 只能修改特定的域 - value = request.GET.get("value") + value = request.POST.get("value") logger.info(f'{request.user.id}(staff) changes {userid}.{field} from {getattr(user, field)} to {value}') setattr(user, field, value) user.save() diff --git a/back_end/saolei/utils/response.py b/back_end/saolei/utils/response.py index e59d3e5f..99e383e2 100644 --- a/back_end/saolei/utils/response.py +++ b/back_end/saolei/utils/response.py @@ -2,9 +2,9 @@ def StatusResponse(status, msg=""): if msg == "": - JsonResponse({'status': status}) + return JsonResponse({'status': status}) else: - JsonResponse({'status': status, 'message': msg}) + return JsonResponse({'status': status, 'message': msg}) ### List of Statuses ### @@ -18,16 +18,16 @@ def StatusResponse(status, msg=""): # 203 - Unrecognised Request def SuccessResponse(msg=""): - StatusResponse(100, msg) + return StatusResponse(100, msg) def ErrorResponse(msg=""): - StatusResponse(200, msg) + return StatusResponse(200, msg) def PermissionDeniedResponse(msg=""): - StatusResponse(201, msg) + return StatusResponse(201, msg) def BackendErrorResponse(msg=""): - StatusResponse(202, msg) + return StatusResponse(202, msg) def UnrecognisedRequestResponse(msg=""): - StatusResponse(203, msg) \ No newline at end of file + return StatusResponse(203, msg) \ No newline at end of file diff --git a/front_end/src/utils/system/status.ts b/front_end/src/utils/system/status.ts index 38597ef3..7e492f6e 100644 --- a/front_end/src/utils/system/status.ts +++ b/front_end/src/utils/system/status.ts @@ -1,8 +1,6 @@ import { useLocalStore } from "@/store"; import { ElNotification } from "element-plus" -import { useI18n } from 'vue-i18n'; const local = useLocalStore(); -const t = useI18n(); const notificationType = ['', 'success', 'error']; const notificationTitle = ['', 'common.msg.actionSuccess', 'common.msg.actionFail']; @@ -14,7 +12,7 @@ const notificationMessage: { [code: number]: string} = { 203: 'common.msg.unrecognisedRequest', }; -export function generalNotification(status: number, action: string) { +export function generalNotification(t: any, status: number, action: string) { let type = Math.floor(status / 100); ElNotification({ title: t.t(notificationTitle[type], [action]), diff --git a/front_end/src/views/StaffView.vue b/front_end/src/views/StaffView.vue index 51e02192..23d8c751 100644 --- a/front_end/src/views/StaffView.vue +++ b/front_end/src/views/StaffView.vue @@ -11,7 +11,7 @@ 值
- 修改 + 修改
{{ userprofile[item] }} @@ -68,10 +68,10 @@ const getUser = () => { ) } -const updateUser = (id: number, field: string, value: string) => { - proxy.$axios.get('userprofile/set', {params: {id: id, field: field, value: value}}).then( +const setUser = (id: number, field: string, value: string) => { + proxy.$axios.post('userprofile/set/', {id: id, field: field, value: value}).then( function (response: any) { - generalNotification(response.data.status, t.t('common.action.setUserProfile')); + generalNotification(t, response.data.status, t.t('common.action.setUserProfile')); getUser(); } ) From c5042c8e51a32a3f21631070b14b5be63bff6022 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 12:59:21 +0100 Subject: [PATCH 04/12] =?UTF-8?q?=E5=AF=B9=E4=B8=89=E4=B8=AA=E4=BF=AE?= =?UTF-8?q?=E6=94=B9=E6=AC=A1=E6=95=B0=E7=9A=84=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back_end/saolei/userprofile/views.py | 4 ++-- front_end/src/views/StaffView.vue | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index 935b7b69..953f3c0b 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -334,7 +334,7 @@ def modify_n(request): else: return HttpResponse("别瞎玩") -get_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "is_banned"] +get_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "left_realname_n", "left_avatar_n", "left_signature_n", "is_banned"] def get_userProfile(request): if request.user.is_staff and request.method == 'GET': @@ -343,7 +343,7 @@ def get_userProfile(request): else: return HttpResponse("别瞎玩") -set_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "is_banned"] +set_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "left_realname_n", "left_avatar_n", "left_signature_n", "is_banned"] def set_userProfile(request): try: if request.method == 'POST': diff --git a/front_end/src/views/StaffView.vue b/front_end/src/views/StaffView.vue index 23d8c751..b371d18e 100644 --- a/front_end/src/views/StaffView.vue +++ b/front_end/src/views/StaffView.vue @@ -32,7 +32,7 @@ const { proxy } = useCurrentInstance(); const userid = ref(0); const userfield = ref(""); const uservalue = ref(""); -const descriptionitems = ["username", "first_name", "last_name", "email", "realname", "country", "is_banned"] +const descriptionitems = ["username", "first_name", "last_name", "email", "realname", "country", "is_banned", "left_realname_n", "left_avatar_n", "left_signature_n"] interface UserProfile { userms__designators: Array; @@ -45,6 +45,9 @@ interface UserProfile { signature: String; country: String; is_banned: Boolean; + left_realname_n: Number; + left_avatar_n: Number; + left_signature_n: Number; } const userprofile = ref({ @@ -58,6 +61,9 @@ const userprofile = ref({ signature: "", country: "", is_banned: false, + left_realname_n: 0, + left_avatar_n: 0, + left_signature_n: 0, }); const getUser = () => { From 6757a575e8024526607c1d8bfffc98792e7af581 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 12:59:49 +0100 Subject: [PATCH 05/12] =?UTF-8?q?=E7=A7=BB=E9=99=A4=E6=97=A7=E7=9A=84?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=AC=A1=E6=95=B0=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back_end/saolei/userprofile/urls.py | 3 -- back_end/saolei/userprofile/views.py | 48 ---------------------------- 2 files changed, 51 deletions(-) diff --git a/back_end/saolei/userprofile/urls.py b/back_end/saolei/userprofile/urls.py index 1365e4f8..6a62d96f 100644 --- a/back_end/saolei/userprofile/urls.py +++ b/back_end/saolei/userprofile/urls.py @@ -8,14 +8,11 @@ path('register/', views.user_register, name='register'), path('retrieve/', views.user_retrieve, name='retrieve'), path('set_staff/', views.set_staff, name='set_staff'), - path('set_banned/', views.set_banned, name='set_banned'), path('del_user_info/', views.del_user_info, name='del_user_info'), # path('delete//', views.user_delete, name='delete'), path('captcha/', include('captcha.urls')), path('refresh_captcha/',views.refresh_captcha), path('get_email_captcha/',views.get_email_captcha), - path('modify_realname/',views.modify_realname_n), - path('modify/',views.modify_n), path('get/',views.get_userProfile), path('set/',views.set_userProfile), diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index 953f3c0b..e103682a 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -204,29 +204,6 @@ def set_staff(request): else: return HttpResponse("别瞎玩") -# 【管理员】封禁用户。封禁后,用户可以登录,但不能上传录像、不能改任何个人信息 -# http://127.0.0.1:8000/userprofile/set_banned/?id=1&is_banned=True -def set_banned(request): - if request.user.is_staff and request.method == 'GET': - user = UserProfile.objects.get(id=request.GET["id"]) - if user.is_staff and not request.user.is_superuser: - return HttpResponse("没有封禁管理员的权限!") - # user.is_banned = request.GET["is_banned"] - logger.info(f'{request.user.id} set_banned {request.GET["id"]} {request.GET["is_banned"]}') - if request.GET["is_banned"] == "True": - user.is_banned = True - user.save() - return HttpResponse(f'封禁用户"{user.realname}"成功!') - elif request.GET["is_banned"] == "False": - user.is_banned = False - user.save() - return HttpResponse(f'解封用户"{user.realname}"成功!') - else: - return HttpResponse('失败!is_banned需要为"True"或"False"') - else: - return HttpResponse("别瞎玩") - - # 【管理员】删除用户的个人信息,从服务器磁盘上完全删除,但不影响是否封禁 # http://127.0.0.1:8000/userprofile/del_user_info/?id=1 def del_user_info(request): @@ -309,31 +286,6 @@ def judge_captcha(captchaStr, captchaHashkey): return False -# 【管理员】给用户增加1次修改姓名的机会 -# http://127.0.0.1:8000/userprofile/modify_realname?id=1 -def modify_realname_n(request): - if request.user.is_staff and request.method == 'GET': - user = UserProfile.objects.get(id=request.GET["id"]) - user.left_realname_n += 1 - logger.info(f'{request.user.id} add left_realname_n for {request.GET["id"]} ({user.left_realname_n})') - return HttpResponse(f"为用户\"{user.realname}\"(id: {user.id})增加一次修改姓名的次数成功!") - else: - return HttpResponse("别瞎玩") - - -# 【站长】给用户增加x、y、z次(对应)修改姓名、头像和签名的机会 -# http://127.0.0.1:8000/userprofile/modify?id=1&x=0&y=1&z=200 -def modify_n(request): - if request.user.is_superuser and request.method == 'GET': - user = UserProfile.objects.get(id=request.GET["id"]) - user.left_realname_n += request.GET["x"] - user.left_avatar_n += request.GET["y"] - user.left_signature_n += request.GET["z"] - logger.info(f'{request.user.id}(superuser) modify_n for {request.GET["id"]} ({user.left_realname_n}, {user.left_avatar_n}, {user.left_signature_n})') - return HttpResponse(f"为用户\"{user.realname}\"(id: {user.id})增加修改姓名、头像、签名的次数成功!目前剩余({user.left_realname_n}, {user.left_avatar_n}, {user.left_signature_n})") - else: - return HttpResponse("别瞎玩") - get_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "left_realname_n", "left_avatar_n", "left_signature_n", "is_banned"] def get_userProfile(request): From 5a0a16b260c4abc74d63e5f5ef1c0c0bdf3a2115 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 13:02:10 +0100 Subject: [PATCH 06/12] =?UTF-8?q?=E7=AB=99=E9=95=BF=E4=B8=8D=E5=8F=AF?= =?UTF-8?q?=E8=A2=AB=E5=B0=81=E7=A6=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back_end/saolei/userprofile/views.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index e103682a..839c2da6 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -308,6 +308,8 @@ def set_userProfile(request): field = request.POST.get("field") if field not in set_userProfile_fields: return PermissionDeniedResponse() # 只能修改特定的域 + if field == "is_banned" and user.is_superuser: + return PermissionDeniedResponse() # 站长不可被封禁 value = request.POST.get("value") logger.info(f'{request.user.id}(staff) changes {userid}.{field} from {getattr(user, field)} to {value}') setattr(user, field, value) From d756b0729d08c48c707969fb3aa2b02103c1ce9f Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 15:19:35 +0100 Subject: [PATCH 07/12] =?UTF-8?q?=E6=94=B9=E7=94=A8=E6=A0=87=E5=87=86?= =?UTF-8?q?=E7=9A=84http=20response=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back_end/saolei/userprofile/views.py | 49 ++++++++++++++-------------- front_end/src/i18n/locales/zh-cn.ts | 10 +++--- front_end/src/utils/system/status.ts | 13 ++++---- front_end/src/views/StaffView.vue | 3 +- 4 files changed, 38 insertions(+), 37 deletions(-) diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index 839c2da6..c12349a5 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -1,7 +1,7 @@ import logging logger = logging.getLogger(__name__) from django.contrib.auth import authenticate, login, logout -from django.http import HttpResponse, JsonResponse +from django.http import HttpResponse, JsonResponse, HttpResponseBadRequest, HttpResponseForbidden from .forms import UserLoginForm, UserRegisterForm, UserRetrieveForm, EmailForm from captcha.models import CaptchaStore import json @@ -289,33 +289,32 @@ def judge_captcha(captchaStr, captchaHashkey): get_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "left_realname_n", "left_avatar_n", "left_signature_n", "is_banned"] def get_userProfile(request): - if request.user.is_staff and request.method == 'GET': + if request.method != 'GET': + return HttpResponseBadRequest() + if request.user.is_staff: response = UserProfile.objects.filter(id=request.GET["id"]).values(*get_userProfile_fields)[0] return JsonResponse(response) else: - return HttpResponse("别瞎玩") + return HttpResponseForbidden() set_userProfile_fields = ["id", "userms__designators", "userms__video_num_limit", "username", "first_name", "last_name", "email", "realname", "signature", "country", "left_realname_n", "left_avatar_n", "left_signature_n", "is_banned"] def set_userProfile(request): - try: - if request.method == 'POST': - if not request.user.is_staff: - return PermissionDeniedResponse() # 非管理员不能使用该api - userid = request.POST.get("id") - user = UserProfile.objects.get(id=userid) - if user.is_staff and user != request.user: - return PermissionDeniedResponse() # 不能修改除自己以外管理员的信息 - field = request.POST.get("field") - if field not in set_userProfile_fields: - return PermissionDeniedResponse() # 只能修改特定的域 - if field == "is_banned" and user.is_superuser: - return PermissionDeniedResponse() # 站长不可被封禁 - value = request.POST.get("value") - logger.info(f'{request.user.id}(staff) changes {userid}.{field} from {getattr(user, field)} to {value}') - setattr(user, field, value) - user.save() - return SuccessResponse() - else: - return UnrecognisedRequestResponse() - except: - return BackendErrorResponse() \ No newline at end of file + if request.method == 'POST': + if not request.user.is_staff: + return HttpResponseForbidden() # 非管理员不能使用该api + userid = request.POST.get("id") + user = UserProfile.objects.get(id=userid) + if user.is_staff and user != request.user: + return HttpResponseForbidden() # 不能修改除自己以外管理员的信息 + field = request.POST.get("field") + if field not in set_userProfile_fields: + return HttpResponseForbidden() # 只能修改特定的域 + if field == "is_banned" and user.is_superuser: + return HttpResponseForbidden() # 站长不可被封禁 + value = request.POST.get("value") + logger.info(f'{request.user.id}(staff) changes {userid}.{field} from {getattr(user, field)} to {value}') + setattr(user, field, value) + user.save() + return HttpResponse() + else: + return HttpResponseBadRequest() \ No newline at end of file diff --git a/front_end/src/i18n/locales/zh-cn.ts b/front_end/src/i18n/locales/zh-cn.ts index d31e625d..aa675a98 100644 --- a/front_end/src/i18n/locales/zh-cn.ts +++ b/front_end/src/i18n/locales/zh-cn.ts @@ -23,7 +23,6 @@ export const zhCn = { actionFail: '{0}失败!', actionSuccess: '{0}成功', agreeTAC: '请同意用户协议!', - backendError: '后端发生错误', confirmPasswordFail: '两次输入的密码不一致!', connectionFail: '无法连接到服务器!', emailCodeSent: '获取验证码成功,请至邮箱查看!', @@ -37,9 +36,6 @@ export const zhCn = { invalidUsername: '用户名格式不正确!长度不超过20位。', logoutFail: '退出失败!', logoutSuccess: '退出成功!', - permissionDenied: '权限不足', - unknownError: '发生未知错误', - unrecognisedRequest: '无法识别的请求', }, prop: { action: '操作', @@ -55,6 +51,12 @@ export const zhCn = { timems: '用时', upload_time: '上传时间', }, + response: { + OK: '', + BadRequest: '无法识别的请求', + Forbidden: '权限不足', + InternalServerError: '后端发生错误', + }, show: '显示', toDo: '敬请期待', }, diff --git a/front_end/src/utils/system/status.ts b/front_end/src/utils/system/status.ts index 7e492f6e..9dc8f850 100644 --- a/front_end/src/utils/system/status.ts +++ b/front_end/src/utils/system/status.ts @@ -2,14 +2,13 @@ import { useLocalStore } from "@/store"; import { ElNotification } from "element-plus" const local = useLocalStore(); -const notificationType = ['', 'success', 'error']; -const notificationTitle = ['', 'common.msg.actionSuccess', 'common.msg.actionFail']; +const notificationType = ['', '', 'success', '', 'error', 'error']; +const notificationTitle = ['', '', 'common.msg.actionSuccess', '', 'common.msg.actionFail', 'common.msg.actionFail']; const notificationMessage: { [code: number]: string} = { - 100: '', - 200: 'common.msg.unknownError', - 201: 'common.msg.permissionDenied', - 202: 'common.msg.backendError', - 203: 'common.msg.unrecognisedRequest', + 200: 'common.response.OK', + 400: 'common.response.BadRequest', + 403: 'common.msg.Forbidden', + 500: 'common.msg.InternalServerError', }; export function generalNotification(t: any, status: number, action: string) { diff --git a/front_end/src/views/StaffView.vue b/front_end/src/views/StaffView.vue index b371d18e..f14415ac 100644 --- a/front_end/src/views/StaffView.vue +++ b/front_end/src/views/StaffView.vue @@ -77,7 +77,8 @@ const getUser = () => { const setUser = (id: number, field: string, value: string) => { proxy.$axios.post('userprofile/set/', {id: id, field: field, value: value}).then( function (response: any) { - generalNotification(t, response.data.status, t.t('common.action.setUserProfile')); + console.log(response) + generalNotification(t, response.status, t.t('common.action.setUserProfile')); getUser(); } ) From 28fe442b95a14aa8c37c7c0f508f3c31b818beb0 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 17:08:38 +0100 Subject: [PATCH 08/12] Update status.ts --- front_end/src/utils/system/status.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/front_end/src/utils/system/status.ts b/front_end/src/utils/system/status.ts index 9dc8f850..437741bc 100644 --- a/front_end/src/utils/system/status.ts +++ b/front_end/src/utils/system/status.ts @@ -7,8 +7,8 @@ const notificationTitle = ['', '', 'common.msg.actionSuccess', '', 'common.msg.a const notificationMessage: { [code: number]: string} = { 200: 'common.response.OK', 400: 'common.response.BadRequest', - 403: 'common.msg.Forbidden', - 500: 'common.msg.InternalServerError', + 403: 'common.response.Forbidden', + 500: 'common.response.InternalServerError', }; export function generalNotification(t: any, status: number, action: string) { From 59d633fb1b02aef66d69a83c33060e1bdc7ea58f Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 17:08:46 +0100 Subject: [PATCH 09/12] Update StaffView.vue --- front_end/src/views/StaffView.vue | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/front_end/src/views/StaffView.vue b/front_end/src/views/StaffView.vue index f14415ac..c7233f35 100644 --- a/front_end/src/views/StaffView.vue +++ b/front_end/src/views/StaffView.vue @@ -71,13 +71,14 @@ const getUser = () => { function (response: any) { userprofile.value = response.data; } - ) + ).catch(error => { + generalNotification(t, error.response.status, t.t('common.action.getUserProfile')) + }) } const setUser = (id: number, field: string, value: string) => { proxy.$axios.post('userprofile/set/', {id: id, field: field, value: value}).then( function (response: any) { - console.log(response) generalNotification(t, response.status, t.t('common.action.setUserProfile')); getUser(); } From 7a6ac71bb2dd89a366e5fbaf2341ad7b5d46139d Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 18:05:06 +0100 Subject: [PATCH 10/12] update --- front_end/src/i18n/locales/zh-cn.ts | 2 ++ front_end/src/utils/system/status.ts | 1 + front_end/src/views/StaffView.vue | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/front_end/src/i18n/locales/zh-cn.ts b/front_end/src/i18n/locales/zh-cn.ts index aa675a98..69857fd1 100644 --- a/front_end/src/i18n/locales/zh-cn.ts +++ b/front_end/src/i18n/locales/zh-cn.ts @@ -5,6 +5,7 @@ export const zhCn = { name: '简体中文', common: { action: { + getUserProfile: '查询用户', setUserProfile: '修改用户', }, hide: '隐藏', @@ -56,6 +57,7 @@ export const zhCn = { BadRequest: '无法识别的请求', Forbidden: '权限不足', InternalServerError: '后端发生错误', + NotFound: '找不到数据', }, show: '显示', toDo: '敬请期待', diff --git a/front_end/src/utils/system/status.ts b/front_end/src/utils/system/status.ts index 437741bc..e26177e6 100644 --- a/front_end/src/utils/system/status.ts +++ b/front_end/src/utils/system/status.ts @@ -8,6 +8,7 @@ const notificationMessage: { [code: number]: string} = { 200: 'common.response.OK', 400: 'common.response.BadRequest', 403: 'common.response.Forbidden', + 404: 'common.response.NotFound', 500: 'common.response.InternalServerError', }; diff --git a/front_end/src/views/StaffView.vue b/front_end/src/views/StaffView.vue index c7233f35..922deeec 100644 --- a/front_end/src/views/StaffView.vue +++ b/front_end/src/views/StaffView.vue @@ -5,7 +5,9 @@ 查询
- 域 + 域 + +
From 791d0d653cad405666ee30af23c48ea7d80a766f Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 18:05:53 +0100 Subject: [PATCH 11/12] Delete response.py --- back_end/saolei/utils/response.py | 33 ------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 back_end/saolei/utils/response.py diff --git a/back_end/saolei/utils/response.py b/back_end/saolei/utils/response.py deleted file mode 100644 index 99e383e2..00000000 --- a/back_end/saolei/utils/response.py +++ /dev/null @@ -1,33 +0,0 @@ -from django.http import JsonResponse - -def StatusResponse(status, msg=""): - if msg == "": - return JsonResponse({'status': status}) - else: - return JsonResponse({'status': status, 'message': msg}) - -### List of Statuses ### - -## 1xx - Success -# 100 - General Success - -## 2xx - Error -# 200 - General Error -# 201 - Permission Denied -# 202 - Backend Error -# 203 - Unrecognised Request - -def SuccessResponse(msg=""): - return StatusResponse(100, msg) - -def ErrorResponse(msg=""): - return StatusResponse(200, msg) - -def PermissionDeniedResponse(msg=""): - return StatusResponse(201, msg) - -def BackendErrorResponse(msg=""): - return StatusResponse(202, msg) - -def UnrecognisedRequestResponse(msg=""): - return StatusResponse(203, msg) \ No newline at end of file From 2a772b3d856f0915cbf19321db75832f78bf3001 Mon Sep 17 00:00:00 2001 From: Tianyi Pu <912396513@qq.com> Date: Thu, 27 Jun 2024 18:19:29 +0100 Subject: [PATCH 12/12] Update views.py --- back_end/saolei/userprofile/views.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/back_end/saolei/userprofile/views.py b/back_end/saolei/userprofile/views.py index c12349a5..cd3b94a7 100644 --- a/back_end/saolei/userprofile/views.py +++ b/back_end/saolei/userprofile/views.py @@ -1,7 +1,7 @@ import logging logger = logging.getLogger(__name__) from django.contrib.auth import authenticate, login, logout -from django.http import HttpResponse, JsonResponse, HttpResponseBadRequest, HttpResponseForbidden +from django.http import HttpResponse, JsonResponse, HttpResponseBadRequest, HttpResponseForbidden, HttpResponseNotFound from .forms import UserLoginForm, UserRegisterForm, UserRetrieveForm, EmailForm from captcha.models import CaptchaStore import json @@ -14,7 +14,6 @@ from django.utils import timezone from django.conf import settings from config.flags import EMAIL_SKIP -from utils.response import * # Create your views here. @@ -292,8 +291,10 @@ def get_userProfile(request): if request.method != 'GET': return HttpResponseBadRequest() if request.user.is_staff: - response = UserProfile.objects.filter(id=request.GET["id"]).values(*get_userProfile_fields)[0] - return JsonResponse(response) + list = UserProfile.objects.filter(id=request.GET["id"]).values(*get_userProfile_fields) + if len(list) == 0: + return HttpResponseNotFound() + return JsonResponse(list[0]) else: return HttpResponseForbidden()