添加预告
视图函数
@admin.route('/preview/add/', methods=['GET', 'POST'])
@admin_login_req
def preview_add():
form = PreviewForm()
if form.validate_on_submit():
data = form.data
file_logo = secure_filename(form.logo.data.filename)
if not os.path.exists(app.config['UP_DIR']):
os.makedirs(app.config['UP_DIR'])
os.chmod(app.config['UP_DIR'], 6)
logo = change_filename(file_logo)
form.logo.data.save(app.config['UP_DIR']+logo)
preview = Preview(
title=data['title'],
logo=logo
)
db.session.add(preview)
db.session.commit()
flash("预告添加成功!", 'info')
return redirect(url_for('admin.preview_add'))
return render_template('admin/preview_add.html', form = form)
app/templates/admin/preview_add.html
{% extends 'admin/admin.html' %}
{% block content %}
<section class="content-header">
<h1>微电影管理系统</h1>
<ol class="breadcrumb">
<li><a href="#"><i class="fa fa-dashboard"></i> 预告管理</a></li>
<li class="active">添加预告</li>
</ol>
</section>
<section class="content" id="showcontent">
<div class="row">
<div class="col-md-12">
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">添加预告</h3>
</div>
<form role="form" method="post" enctype="multipart/form-data">
<div class="box-body">
{% for message in get_flashed_messages(category_filter=['info']) %}
<div class="alert alert-success alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
</button>
<h4><i class="icon fa fa-check"></i> 操作成功!</h4>
{{ message }}
</div>
{% endfor %}
{% for message in get_flashed_messages(category_filter=['error']) %}
<div class="alert alert-danger alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
</button>
<h4><i class="icon fa fa-ban"></i> 操作失败!</h4>
{{ message }}
</div>
{% endfor %}
<div class="form-group">
<label for="input_title">{{ form.title.label }}</label>
{{ form.title }}
{% for err in form.title.errors %}
<div class="col-md-12" id="input_user" style="color: red">{{ err }}</div>
{% endfor %}
</div>
<div class="form-group">
<label for="input_logo">{{ form.logo.label }}</label>
{{ form.logo }}
{% for err in form.logo.errors %}
<div class="col-md-12" id="input_user" style="color: red">{{ err }}</div>
{% endfor %}
<img data-src="holder.js/700x320" style="margin-top:5px;" class="img-responsive"
alt="">
</div>
</div>
<div class="box-footer">
{{ form.csrf_token }}
{{ form.submit }}
</div>
</form>
</div>
</div>
</div>
</section>
{% endblock %}
{% block js %}
<script>
$(document).ready(function () {
$('#g-4').addClass('active');
$('#g-4-1').addClass('active');
})
</script>
{% endblock %}
预告列表
视图函数
@admin.route('/preview/list/<int:page>/')
@admin_login_req
def preview_list(page=1):
if page <= 0:
page = 1
page_data = Preview.query.order_by(
Preview.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/preview_list.html', page_data=page_data)
app/templates/admin/preview_list.html
{% extends 'admin/admin.html' %}
{% from 'ui/admin_page.html' import pagination %}
{% block content %}
<section class="content-header">
<h1>微电影管理系统</h1>
<ol class="breadcrumb">
<li><a href="#"><i class="fa fa-dashboard"></i> 预告管理</a></li>
<li class="active">预告列表</li>
</ol>
</section>
<section class="content" id="showcontent">
<div class="row">
<div class="col-md-12">
<div class="box box-primary">
<div class="box-header">
<h3 class="box-title">预告列表</h3>
<div class="box-tools">
<div class="input-group input-group-sm" style="width: 150px;">
<input type="text" name="table_search" class="form-control pull-right"
placeholder="请输入关键字...">
<div class="input-group-btn">
<button type="submit" class="btn btn-default"><i class="fa fa-search"></i>
</button>
</div>
</div>
</div>
</div>
<div class="box-body table-responsive no-padding">
{% for message in get_flashed_messages(category_filter=['info']) %}
<div class="alert alert-success alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
</button>
<h4><i class="icon fa fa-check"></i> 操作成功!</h4>
{{ message }}
</div>
{% endfor %}
<table class="table table-hover">
<tbody>
<tr>
<th>编号</th>
<th>预告标题</th>
<th>预告封面</th>
<th>添加时间</th>
<th>操作事项</th>
</tr>
{% for data in page_data.items %}
<tr>
<td>{{ data.id }}</td>
<td>{{ data.title }}</td>
<td>
<img src="{{ url_for('static', filename='uploads/'+data.logo) }}"
class="img-responsive center-block" alt="" style="width: 140px">
</td>
<td>{{ data.addtime }}</td>
<td>
<a href="{{ url_for('admin.preview_edit', id=data.id) }}" class="label label-success">编辑</a>
<a href="{{ url_for('admin.preview_del', id=data.id) }}"
class="label label-danger">删除</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<div class="box-footer clearfix">
{{ pagination(page_data, 'admin.preview_list') }}
</div>
</div>
</div>
</div>
</section>
{% endblock %}
{% block js %}
<script>
$(document).ready(function () {
$('#g-4').addClass('active');
$('#g-4-2').addClass('active');
})
</script>
{% endblock %}
修改app/templates/admin/grid.html
<li id="g-4-2">
<a href="{{ url_for('admin.preview_list', page=1) }}">
<i class="fa fa-circle-o"></i> 预告列表
</a>
</li>
删除预告
视图函数
@admin.route('/preview/del/<int:id>/')
@admin_login_req
def preview_del(id=None):
preview = Preview.query.get_or_404(int(id))
db.session.delete(preview)
db.session.commit()
flash('预告删除成功!', 'info')
return redirect(url_for('admin.preview_list', page=1))
修改预告
视图函数
@admin.route('/preview/edit/<int:id>/', methods=['GET', 'POST'])
@admin_login_req
def preview_edit(id=None):
form = PreviewForm()
preview = Preview.query.get_or_404(int(id))
if request.method == 'GET':
form.title.data = preview.title
if form.validate_on_submit():
data = form.data
if not os.path.exists(app.config['UP_DIR']):
os.makedirs(app.config['UP_DIR'])
os.chmod(app.config['UP_DIR'], 6)
if form.logo.data.filename != '':
file_logo = secure_filename(form.logo.data.filename)
preview.logo = change_filename(file_logo)
form.logo.data.save(app.config['UP_DIR'] + preview.logo)
preview.title=data['title']
db.session.add(preview)
db.session.commit()
flash('预告修改成功!', 'info')
return redirect(url_for('admin.preview_edit', id=id))
return render_template('admin/preview_edit.html', form=form, preview=preview)
app/templates/admin/preview_edit.html,代码拷贝添加预告,修改部分
<div class="form-group">
<label for="input_title">{{ form.title.label }}</label>
{{ form.title(value=preview.title) }}
{% for err in form.title.errors %}
<div class="col-md-12" id="input_user" style="color: red">{{ err }}</div>
{% endfor %}
</div>
<div class="form-group">
<label for="input_logo">{{ form.logo.label }}</label>
{{ form.logo }}
{% for err in form.logo.errors %}
<div class="col-md-12" id="input_user" style="color: red">{{ err }}</div>
{% endfor %}
<img src="{{ url_for('static', filename='uploads/'+preview.logo) }}" style="margin-top:5px;" class="img-responsive"
alt="">
</div>
会员管理
会员列表
@admin.route('/user/list/<int:page>/')
@admin_login_req
def user_list(page=1):
if page <= 0:
page = 1
page_data = User.query.order_by(
User.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/user_list.html', page_data=page_data)
app/templates/admin/user_list.html
{% extends 'admin/admin.html' %}
{% from 'ui/admin_page.html' import pagination %}
{% block content %}
<section class="content-header">
<h1>微电影管理系统</h1>
<ol class="breadcrumb">
<li><a href="#"><i class="fa fa-dashboard"></i> 会员管理</a></li>
<li class="active">会员列表</li>
</ol>
</section>
<section class="content" id="showcontent">
<div class="row">
<div class="col-md-12">
<div class="box box-primary">
<div class="box-header">
<h3 class="box-title">会员列表</h3>
<div class="box-tools">
<div class="input-group input-group-sm" style="width: 150px;">
<input type="text" name="table_search" class="form-control pull-right"
placeholder="请输入关键字...">
<div class="input-group-btn">
<button type="submit" class="btn btn-default"><i class="fa fa-search"></i>
</button>
</div>
</div>
</div>
</div>
<div class="box-body table-responsive no-padding">
{% for message in get_flashed_messages(category_filter=['info']) %}
<div class="alert alert-success alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
</button>
<h4><i class="icon fa fa-check"></i> 操作成功!</h4>
{{ message }}
</div>
{% endfor %}
<table class="table table-hover">
<tbody>
<tr>
<th>编号</th>
<th>昵称</th>
<th>邮箱</th>
<th>手机</th>
<th>头像</th>
{# <th>状态</th>#}
<th>注册时间</th>
<th>操作事项</th>
</tr>
{% for data in page_data.items %}
<tr>
<td>{{ data.id }}</td>
<td>{{ data.name }}</td>
<td>{{ data.email }}</td>
<td>{{ data.phone }}</td>
<td>
<img src="{{ url_for('static', filename='uploads/users/'+data.face) }}"
style="width: 50px" class="img-responsive center-block" alt="">
</td>
{# <td>正常/冻结</td>#}
<td>{{ data.addtime }}</td>
<td>
<a class="label label-success"
href="{{ url_for('admin.user_view', id=data.id) }}">查看</a>
{# #}
{# <a class="label label-info">解冻</a>#}
{# #}
{# <a class="label label-warning">冻结</a>#}
<a href="{{ url_for('admin.user_del', id=data.id) }}"
class="label label-danger">删除</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<div class="box-footer clearfix">
{{ pagination(page_data, 'admin.preview_list') }}
</div>
</div>
</div>
</div>
</section>
{% endblock %}
{% block js %}
<script>
$(document).ready(function () {
$('#g-5').addClass('active');
$('#g-5-1').addClass('active');
})
</script>
{% endblock %}
查看会员
@admin.route('/user/view/<int:id>/')
@admin_login_req
def user_view(id=None):
user = User.query.get_or_404(int(id))
return render_template('admin/user_view.html', user=user)
<table class="table table-hover">
<tbody>
<tr>
<td class="td_bd">编号:</td>
<td>1</td>
</tr>
<tr>
<td class="td_bd">昵称:</td>
<td>{{ user.name }}</td>
</tr>
<tr>
<td class="td_bd">邮箱:</td>
<td>{{ user.email }}</td>
</tr>
<tr>
<td class="td_bd">手机:</td>
<td>{{ user.phone }}</td>
</tr>
<tr>
<td class="td_bd">头像:</td>
<td>
<img src="{{ url_for('static', filename='uploads/users/'+user.face) }}" style="width: 100px" class="img-responsive" alt="">
</td>
</tr>
<tr>
<td class="td_bd">注册时间:</td>
<td>
{{ user.addtime }}
</td>
</tr>
<tr>
<td class="td_bd">唯一标志符:</td>
<td>
{{ user.uuid }}
</td>
</tr>
<tr>
<td class="td_bd">个性简介:</td>
<td>
{{ user.info }}
</td>
</tr>
</tbody>
</table>
删除用户
@admin.route('/user/del/<int:id>/')
@admin_login_req
def user_del(id=None):
user = User.query.get_or_404(int(id))
db.session.delete(user)
db.session.commit()
flash('会员删除成功!', 'info')
return redirect(url_for('admin.user_list', page=1))
评论管理
评论列表
@admin.route('/comment/list/<int:page>/')
@admin_login_req
def comment_list(page=1):
if page <= 0:
page = 1
page_data = Comment.query.join(
Movie
).join(
User
).filter(
Movie.id==Comment.movie_id,
User.id ==Comment.user_id
).order_by(
Comment.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/comment_list.html', page_data=page_data)
<section class="content" id="showcontent">
<div class="row">
<div class="col-md-12">
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">评论列表</h3>
<div class="box-tools">
<div class="input-group input-group-sm" style="width: 150px;">
<input type="text" name="table_search" class="form-control pull-right"
placeholder="请输入关键字...">
<div class="input-group-btn">
<button type="submit" class="btn btn-default"><i class="fa fa-search"></i>
</button>
</div>
</div>
</div>
</div>
<div class="box-body box-comments">
{% for message in get_flashed_messages(category_filter=['info']) %}
<div class="alert alert-success alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
</button>
<h4><i class="icon fa fa-check"></i> 操作成功!</h4>
{{ message }}
</div>
{% endfor %}
{% for data in page_data.items %}
<div class="box-comment">
<img class="img-circle img-sm"
src="{{ url_for('static',filename='uploads/users/'+data.user.face) }}"
alt="User Image">
<div class="comment-text">
<span class="username">
{{ data.user.name }}
<span class="text-muted pull-right">
<i class="fa fa-calendar" aria-hidden="true"></i>
{{ data.addtime }}
</span>
</span>
关于电影<a>《{{ data.movie.title }}》</a>的评论:{{ data.content }}
<br><a href="{{ url_for('admin.comment_del', id=data.id) }}"
class="label label-danger pull-right">删除</a>
</div>
</div>
{% endfor %}
</div>
<div class="box-footer clearfix">
{{ pagination(page_data, 'admin.preview_list') }}
</div>
</div>
</div>
</div>
</section>
删除评论
@admin.route('/comment/del/<int:id>/')
@admin_login_req
def comment_del(id=None):
comment = Comment.query.get_or_404(int(id))
db.session.delete(comment)
db.session.commit()
flash('评论删除成功!', 'info')
return redirect(url_for('admin.comment_list', page=1))
收藏管理
收藏列表
@admin.route('/moviecol/list/<int:page>/')
@admin_login_req
def moviecol_list(page=1):
if page <= 0:
page = 1
page_data = Moviecol.query.join(
Movie
).join(
User
).filter(
Movie.id==Moviecol.movie_id,
User.id ==Moviecol.user_id
).order_by(
Moviecol.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/moviecol_list.html', page_data=page_data)
<section class="content" id="showcontent">
<div class="row">
<div class="col-md-12">
<div class="box box-primary">
<div class="box-header">
<h3 class="box-title">收藏列表</h3>
<div class="box-tools">
<div class="input-group input-group-sm" style="width: 150px;">
<input type="text" name="table_search" class="form-control pull-right"
placeholder="请输入关键字...">
<div class="input-group-btn">
<button type="submit" class="btn btn-default"><i class="fa fa-search"></i>
</button>
</div>
</div>
</div>
</div>
<div class="box-body table-responsive no-padding">
{% for message in get_flashed_messages(category_filter=['info']) %}
<div class="alert alert-success alert-dismissible">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
</button>
<h4><i class="icon fa fa-check"></i> 操作成功!</h4>
{{ message }}
</div>
{% endfor %}
<table class="table table-hover">
<tbody>
<tr>
<th>编号</th>
<th>电影</th>
<th>用户</th>
<th>添加时间</th>
<th>操作事项</th>
</tr>
{% for data in page_data.items %}
<tr>
<td>{{ data.id }}</td>
<td>{{ data.movie.title }}</td>
<td>{{ data.user.name }}</td>
<td>{{ data.addtime }}</td>
<td>
{# <a class="label label-success">编辑</a>#}
<a href="{{ url_for('admin.moviecol_del', id=data.id) }}"
class="label label-danger">删除</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<div class="box-footer clearfix">
{{ pagination(page_data, 'admin.moviecol_list') }}
</div>
</div>
</div>
</div>
</section>
删除收藏
@admin.route('/moviecol/del/<int:id>/')
@admin_login_req
def moviecol_del(id=None):
moviecol = Moviecol.query.get_or_404(int(id))
db.session.delete(moviecol)
db.session.commit()
flash('收藏删除成功!', 'info')
return redirect(url_for('admin.moviecol_list', page=1))
修改密码
新建一个form表单
class PwdForm(FlaskForm):
old_pwd = PasswordField(
label='旧密码',
validators=[
DataRequired("请输入旧密码!"),
],
description='旧密码',
render_kw={
"class": "form-control",
"placeholder": "请输入旧密码!"
}
)
new_pwd = PasswordField(
label='新密码',
validators=[
DataRequired("请输入新密码!"),
],
description='新密码',
render_kw={
"class": "form-control",
"placeholder": "请输入新密码!"
}
)
submit = SubmitField(
'编辑',
render_kw={
"class": "btn btn-primary",
}
)
def validate_old_pwd(self, field):
from flask import session
pwd = field.data
name = session['admin']
admin = Admin.query.filter_by(name=name).first()
if not admin.check_pwd(pwd):
raise ValidationError("密码输入错误!")
@admin.route('/pwd/', methods=['GET', 'POST'])
@admin_login_req
def pwd():
form = PwdForm()
if form.validate_on_submit():
data = form.data
admin = Admin.query.filter_by(name=session['admin']).first()
from werkzeug.security import generate_password_hash
admin.pwd = generate_password_hash(data['new_pwd'])
db.session.add(admin)
db.session.commit()
flash("密码修改成功,请重新登录!", 'info')
return redirect(url_for('admin.logout'))
return render_template('admin/pwd.html', form=form)
将信息展示出来login.html
{% for message in get_flashed_messages(category_filter=['info']) %}
<p class="login-box-msg" style="color: green">{{ message }}</p>
{% endfor %}
{% for message in get_flashed_messages(category_filter=['error']) %}
<p class="login-box-msg" style="color: red">{{ message }}</p>
{% endfor %}
运行发现并没有显示密码修改成功,请重新登录!这条提示
是因为flash是基于session的,前面退出的视图函数中我们清除了所有的session
日志管理
@admin.route('/oplog/list/<int:page>/')
@admin_login_req
def oplog_list(page=1):
if page <= 0:
page = 1
page_data = Oplog.query.join(
Admin
).filter(
Admin.id==Oplog.admin_id,
).order_by(
Oplog.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/oplog_list.html', page_data=page_data)
@admin.route('/adminloginlog/list/<int:page>/')
@admin_login_req
def adminloginlog_list(page=1):
if page <= 0:
page = 1
page_data = Adminlog.query.join(
Admin
).filter(
Admin.id==Adminlog.admin_id,
).order_by(
Adminlog.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/adminloginlog_list.html', page_data=page_data)
@admin.route('/userloginlog/list/<int:page>/')
@admin_login_req
def userloginlog_list(page=1):
if page <= 0:
page = 1
page_data = Userlog.query.join(
User
).filter(
User.id==Userlog.user_id,
).order_by(
Userlog.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/userloginlog_list.html',page_data=page_data)
修改对应的前端文件
在其它视图函数中添加对应到操作日志,例如添加标签
flash("标签添加成功!", 'info')
oplog = Oplog(
admin_id=session['admin_id'],
ip=request.remote_addr,
reason='添加标签< {} >'.format(data['name'])
)
db.session.add(oplog)
db.session.commit()
return redirect(url_for('admin.tag_add'))
基于角色的访问控制
权限管理
class AuthForm(FlaskForm):
name = StringField(
label='权限',
validators=[
DataRequired("请输入权限!"),
],
description='权限',
render_kw={
"class": "form-control",
"placeholder": "请输入权限!"
}
)
url = StringField(
label='权限地址',
validators=[
DataRequired("请输入权限地址!"),
],
description='权限地址',
render_kw={
"class": "form-control",
"placeholder": "请输入权限地址!"
}
)
submit = SubmitField(
'编辑',
render_kw={
"class": "btn btn-primary",
}
)
添加权限
@admin.route('/auth/add/', methods=['GET', 'POST'])
@admin_login_req
def auth_add():
form= AuthForm()
if form.validate_on_submit():
data = form.data
auth = Auth(
name=data['name'],
url=data['url']
)
db.session.add(auth)
db.session.commit()
flash('权限添加成功!', 'info')
return render_template('admin/auth_add.html',form=form)
权限列表
@admin.route('/auth/list/<int:page>/')
@admin_login_req
def auth_list(page=1):
if page <= 0:
page = 1
page_data = Auth.query.order_by(
Auth.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/auth_list.html',page_data=page_data)
删除权限
@admin.route('/auth/del/<int:id>/')
@admin_login_req
def auth_del(id=None):
auth = Auth.query.get_or_404(int(id))
db.session.delete(auth)
db.session.commit()
flash('权限删除成功!', 'info')
return redirect(url_for('admin.auth_list', page=1))
编辑权限
@admin.route('/auth/edit/<int:id>/', methods=['GET', 'POST'])
@admin_login_req
def auth_edit(id=None):
form = AuthForm()
auth = Auth.query.get_or_404(int(id))
if form.validate_on_submit():
data = form.data
auth.name =data['name']
auth.url=data['url']
db.session.add(auth)
db.session.commit()
flash('权限修改成功!', 'info')
return redirect(url_for('admin.auth_edit', id=id))
return render_template('admin/auth_edit.html',form=form, auth=auth)
修改对应的前端文件
角色管理
class RoleForm(FlaskForm):
name = StringField(
label='角色名称',
validators=[
DataRequired("请输入角色名称!"),
],
description='角色名称',
render_kw={
"class": "form-control",
"placeholder": "请输入角色名称!"
}
)
auths = SelectMultipleField(
label='权限列表',
validators=[
DataRequired("请选择权限!"),
],
coerce=int,
choices=[(v.id, v.name) for v in auths],
description='权限列表',
render_kw={
"class": "form-control",
}
)
submit = SubmitField(
'编辑',
render_kw={
"class": "btn btn-primary",
}
)
添加角色
@admin.route('/role/add/', methods=['GET', 'POST'])
@admin_login_req
def role_add():
form = RoleForm()
if form.validate_on_submit():
data=form.data
role = Role(
name=data['name'],
auths=','.join(map(lambda v:str(v), data['auths']))
)
db.session.add(role)
db.session.commit()
flash('角色添加成功!', 'info')
return render_template('admin/role_add.html',form=form)
角色列表
@admin.route('/role/list/<int:page>/')
@admin_login_req
def role_list(page=1):
if page <= 0:
page = 1
page_data = Role.query.order_by(
Role.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/role_list.html',page_data=page_data)
删除角色
@admin.route('/role/del/<int:id>/')
@admin_login_req
def role_del(id=None):
role = Role.query.get_or_404(int(id))
db.session.delete(role)
db.session.commit()
flash('角色删除成功!', 'info')
return redirect(url_for('admin.role_list', page=1))
修改权限
@admin.route('/role/edit/<int:id>/', methods=['GET', 'POST'])
@admin_login_req
def role_edit(id=None):
form = RoleForm()
role = Role.query.get_or_404(int(id))
if request.method == 'GET':
auths = role.auths
form.auths.data = list(map(lambda x: int(x), auths.split(',')))
if form.validate_on_submit():
data=form.data
role.name = data['name']
role.auths = ','.join(map(lambda v:str(v), data['auths']))
db.session.add(role)
db.session.commit()
flash('角色修改成功!', 'info')
return render_template('admin/role_edit.html',form=form,role=role)
修改对应的前端文件
管理员管理
class AdminForm(FlaskForm):
name = StringField(
label='管理员名称',
validators=[
DataRequired("请输入管理员名称!"),
],
description='管理员名称',
render_kw={
"class": "form-control",
"placeholder": "请输入管理员名称!"
}
)
pwd = PasswordField(
label='管理员密码',
validators=[
DataRequired("请输入管理员密码!")
],
description="管理员密码",
render_kw={
"class": "form-control",
"placeholder": "请输入管理员密码!",
"required": "required"
}
)
repwd = PasswordField(
label='管理员重复密码',
validators=[
DataRequired("请输入管理员重复密码!"),
EqualTo('pwd', message='两次密码不一致!'),
],
description="管理员重复密码",
render_kw={
"class": "form-control",
"placeholder": "请输入管理员重复密码!",
"required": "required"
}
)
role_id=SelectField(
label='所属角色',
validators=[
DataRequired("请选择角色!")
],
coerce=int,
choices=[(v.id, v.name) for v in roles],
description="所属角色",
render_kw={
"class": "form-control",
}
)
submit = SubmitField(
'编辑',
render_kw={
"class": "btn btn-primary",
}
)
添加管理员
@admin.route('/admin/add/', methods=['GET', 'POST'])
@admin_login_req
def admin_add():
form = AdminForm()
from werkzeug.security import generate_password_hash
if form.validate_on_submit():
data = form.data
admin = Admin(
name=data['name'],
pwd=generate_password_hash(data['pwd']),
role_id=data['role_id'],
is_super=1,
)
db.session.add(admin)
db.session.commit()
flash('管理员添加成功!', 'info')
return render_template('admin/admin_add.html',form=form)
管理员列表
@admin.route('/admin/list/<int:page>/')
@admin_login_req
def admin_list(page=1):
if page <= 0:
page = 1
page_data = Admin.query.join(
Role
).filter(
Role.id==Admin.role_id
).order_by(
Admin.addtime.desc()
).paginate(page=page, per_page=10)
return render_template('admin/admin_list.html',page_data=page_data)
修改对应的前端代码
访问权限控制
def admin_auth(func):
@wraps(func)
def decorated_function(*args, **kwargs):
admin = Admin.query.join(
Role
).filter(
Role.id == Admin.role_id,
Admin.id==session['admin_id']
).first()
auths = admin.role.auths
auths = list(map(lambda x: int(x), auths.split(',')))
auth_list = Auth.query.all()
urls = [v.url for v in auth_list for val in auths if val == v.id]
rule = request.url_rule
print(urls)
print(rule)
if str(rule) not in urls:
abort(404)
return func(*args, **kwargs)
return decorated_function
给视图函数添加装饰器,像这样
@admin.route('/tag/list/<int:page>/')
@admin_login_req
@admin_auth
def tag_list(page=1):
...
网友评论