Skip to content

Commit

Permalink
修改为通过用户名来删除用户,pymysql设置查询自动提交事务
Browse files Browse the repository at this point in the history
  • Loading branch information
@wintests
wintests committed May 4, 2020
1 parent 82e4ecb commit b42a210
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 20 deletions.
40 changes: 21 additions & 19 deletions api/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def get_all_users():
sql = "SELECT * FROM user"
data = db.select_db(sql)
print("获取所有用户信息 == >> {}".format(data))
return jsonify({"code": "0", "data": data, "msg": "查询成功"})
return jsonify({"code": 0, "data": data, "msg": "查询成功"})


@app.route("/users/<string:username>", methods=["GET"])
Expand All @@ -29,7 +29,7 @@ def get_user(username):
data = db.select_db(sql)
print("获取 {} 用户信息 == >> {}".format(username, data))
if data:
return jsonify({"code": "0", "data": data, "msg": "查询成功"})
return jsonify({"code": 0, "data": data, "msg": "查询成功"})
return jsonify({"code": "1004", "msg": "查不到相关用户的信息"})


Expand Down Expand Up @@ -101,31 +101,32 @@ def user_login():
@app.route("/update/user/<int:id>", methods=['PUT'])
def user_update(id): # id为准备修改的用户ID
"""修改用户信息"""
username = request.json.get("username", "").strip() # 当前登录的管理员用户
admin_user = request.json.get("admin_user", "").strip() # 当前登录的管理员用户
token = request.json.get("token", "").strip() # token口令
new_password = request.json.get("password", "").strip() # 新的密码
new_sex = request.json.get("sex", "0").strip() # 新的性别,如果参数不传sex,那么默认为0(男性)
new_telephone = request.json.get("telephone", "").strip() # 新的手机号
new_address = request.json.get("address", "").strip() # 新的联系地址,默认为空串
if username and token and new_password and new_telephone: # 注意if条件中空串 "" 也是空, 按False处理
if admin_user and token and new_password and new_telephone: # 注意if条件中空串 "" 也是空, 按False处理
if not (new_sex == "0" or new_sex == "1"):
return jsonify({"code": 4007, "msg": "输入的性别只能是 0(男) 或 1(女)!!!"})
elif not (len(new_telephone) == 11 and re.match("^1[3,5,7,8]\d{9}$", new_telephone)):
return jsonify({"code": 4008, "msg": "手机号格式不正确!!!"})
else:
redis_token = redis_db.handle_redis_token(username) # 从redis中取token
redis_token = redis_db.handle_redis_token(admin_user) # 从redis中取token
if redis_token:
if redis_token == token: # 如果从redis中取到的token不为空,且等于请求body中的token
sql1 = "SELECT role FROM user WHERE username = '{}'".format(username)
sql1 = "SELECT role FROM user WHERE username = '{}'".format(admin_user)
res1 = db.select_db(sql1)
print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(username, res1))
print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(admin_user, res1))
user_role = res1[0]["role"]
if user_role == 0: # 如果当前登录用户是管理员用户
sql2 = "SELECT * FROM user WHERE id = '{}'".format(id)
res2 = db.select_db(sql2)
print("根据用户ID 【 {} 】 查询到用户信息 ==>> {}".format(id, res2))
sql3 = "SELECT telephone FROM user WHERE telephone = '{}'".format(new_telephone)
res3 = db.select_db(sql3)
print("返回结果:{}".format(res3))
print("查询到手机号 ==>> {}".format(res3))
if not res2: # 如果要修改的用户不存在于数据库中,res2为空
return jsonify({"code": 4005, "msg": "修改的用户ID不存在,无法进行修改,请检查!!!"})
Expand All @@ -151,28 +152,29 @@ def user_update(id): # id为准备修改的用户ID
else:
return jsonify({"code": 4001, "msg": "管理员用户/token口令/密码/手机号不能为空,请检查!!!"})

@app.route("/delete/user/<int:id>", methods=['POST'])
def user_delete(id):
username = request.json.get("username", "").strip() # 当前登录的管理员用户
@app.route("/delete/user/<string:username>", methods=['POST'])
def user_delete(username):
admin_user = request.json.get("admin_user", "").strip() # 当前登录的管理员用户
token = request.json.get("token", "").strip() # token口令
if username and token:
redis_token = redis_db.handle_redis_token(username) # 从redis中取token
if admin_user and token:
redis_token = redis_db.handle_redis_token(admin_user) # 从redis中取token
if redis_token:
if redis_token == token: # 如果从redis中取到的token不为空,且等于请求body中的token
sql1 = "SELECT role FROM user WHERE username = '{}'".format(username)
sql1 = "SELECT role FROM user WHERE username = '{}'".format(admin_user)
res1 = db.select_db(sql1)
print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(username, res1))
print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(admin_user, res1))
user_role = res1[0]["role"]
if user_role == 0: # 如果当前登录用户是管理员用户
sql2 = "SELECT * FROM user WHERE id = '{}'".format(id)
sql2 = "SELECT * FROM user WHERE username = '{}'".format(username)
res2 = db.select_db(sql2)
print("根据用户ID 【 {} 】 查询到用户信息 ==>> {}".format(id, res2))
print(sql2)
print("根据用户名 【 {} 】 查询到用户信息 ==>> {}".format(username, res2))
if not res2: # 如果要删除的用户不存在于数据库中,res2为空
return jsonify({"code": 3005, "msg": "删除的用户ID不存在,无法进行删除,请检查!!!"})
return jsonify({"code": 3005, "msg": "删除的用户名不存在,无法进行删除,请检查!!!"})
elif res2[0]["role"] == 0: # 如果要删除的用户是管理员用户,则不允许删除
return jsonify({"code": 3006, "msg": "用户ID:【 {} 】,该用户不允许删除!!!".format(id)})
return jsonify({"code": 3006, "msg": "用户名:【 {} 】,该用户不允许删除!!!".format(username)})
else:
sql3 = "DELETE FROM user WHERE id = {}".format(id)
sql3 = "DELETE FROM user WHERE username = '{}'".format(username)
db.execute_db(sql3)
print("删除用户信息SQL ==>> {}".format(sql3))
return jsonify({"code": 0, "msg": "恭喜,删除用户信息成功!"})
Expand Down
3 changes: 2 additions & 1 deletion common/mysql_operate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ def __init__(self, host, port, user, passwd, db):
port=port,
user=user,
passwd=passwd,
db=db
db=db,
autocommit=True
)
# 通过 cursor() 创建游标对象,并让查询结果以字典格式输出
self.cur = self.conn.cursor(cursor=pymysql.cursors.DictCursor)
Expand Down

0 comments on commit b42a210

Please sign in to comment.