From b42a21050742da7c8164fb0b5c4f13a5491682fb Mon Sep 17 00:00:00 2001 From: wintest Date: Mon, 4 May 2020 11:36:02 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=B8=BA=E9=80=9A=E8=BF=87?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=90=8D=E6=9D=A5=E5=88=A0=E9=99=A4=E7=94=A8?= =?UTF-8?q?=E6=88=B7=EF=BC=8Cpymysql=E8=AE=BE=E7=BD=AE=E6=9F=A5=E8=AF=A2?= =?UTF-8?q?=E8=87=AA=E5=8A=A8=E6=8F=90=E4=BA=A4=E4=BA=8B=E5=8A=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/user.py | 40 +++++++++++++++++++++------------------- common/mysql_operate.py | 3 ++- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/api/user.py b/api/user.py index cfc87bf..12636b8 100644 --- a/api/user.py +++ b/api/user.py @@ -19,7 +19,7 @@ def get_all_users(): sql = "SELECT * FROM user" data = db.select_db(sql) print("获取所有用户信息 == >> {}".format(data)) - return jsonify({"code": "0", "data": data, "msg": "查询成功"}) + return jsonify({"code": 0, "data": data, "msg": "查询成功"}) @app.route("/users/", methods=["GET"]) @@ -29,7 +29,7 @@ def get_user(username): data = db.select_db(sql) print("获取 {} 用户信息 == >> {}".format(username, data)) if data: - return jsonify({"code": "0", "data": data, "msg": "查询成功"}) + return jsonify({"code": 0, "data": data, "msg": "查询成功"}) return jsonify({"code": "1004", "msg": "查不到相关用户的信息"}) @@ -101,24 +101,24 @@ def user_login(): @app.route("/update/user/", methods=['PUT']) def user_update(id): # id为准备修改的用户ID """修改用户信息""" - username = request.json.get("username", "").strip() # 当前登录的管理员用户 + admin_user = request.json.get("admin_user", "").strip() # 当前登录的管理员用户 token = request.json.get("token", "").strip() # token口令 new_password = request.json.get("password", "").strip() # 新的密码 new_sex = request.json.get("sex", "0").strip() # 新的性别,如果参数不传sex,那么默认为0(男性) new_telephone = request.json.get("telephone", "").strip() # 新的手机号 new_address = request.json.get("address", "").strip() # 新的联系地址,默认为空串 - if username and token and new_password and new_telephone: # 注意if条件中空串 "" 也是空, 按False处理 + if admin_user and token and new_password and new_telephone: # 注意if条件中空串 "" 也是空, 按False处理 if not (new_sex == "0" or new_sex == "1"): return jsonify({"code": 4007, "msg": "输入的性别只能是 0(男) 或 1(女)!!!"}) elif not (len(new_telephone) == 11 and re.match("^1[3,5,7,8]\d{9}$", new_telephone)): return jsonify({"code": 4008, "msg": "手机号格式不正确!!!"}) else: - redis_token = redis_db.handle_redis_token(username) # 从redis中取token + redis_token = redis_db.handle_redis_token(admin_user) # 从redis中取token if redis_token: if redis_token == token: # 如果从redis中取到的token不为空,且等于请求body中的token - sql1 = "SELECT role FROM user WHERE username = '{}'".format(username) + sql1 = "SELECT role FROM user WHERE username = '{}'".format(admin_user) res1 = db.select_db(sql1) - print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(username, res1)) + print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(admin_user, res1)) user_role = res1[0]["role"] if user_role == 0: # 如果当前登录用户是管理员用户 sql2 = "SELECT * FROM user WHERE id = '{}'".format(id) @@ -126,6 +126,7 @@ def user_update(id): # id为准备修改的用户ID print("根据用户ID 【 {} 】 查询到用户信息 ==>> {}".format(id, res2)) sql3 = "SELECT telephone FROM user WHERE telephone = '{}'".format(new_telephone) res3 = db.select_db(sql3) + print("返回结果:{}".format(res3)) print("查询到手机号 ==>> {}".format(res3)) if not res2: # 如果要修改的用户不存在于数据库中,res2为空 return jsonify({"code": 4005, "msg": "修改的用户ID不存在,无法进行修改,请检查!!!"}) @@ -151,28 +152,29 @@ def user_update(id): # id为准备修改的用户ID else: return jsonify({"code": 4001, "msg": "管理员用户/token口令/密码/手机号不能为空,请检查!!!"}) -@app.route("/delete/user/", methods=['POST']) -def user_delete(id): - username = request.json.get("username", "").strip() # 当前登录的管理员用户 +@app.route("/delete/user/", methods=['POST']) +def user_delete(username): + admin_user = request.json.get("admin_user", "").strip() # 当前登录的管理员用户 token = request.json.get("token", "").strip() # token口令 - if username and token: - redis_token = redis_db.handle_redis_token(username) # 从redis中取token + if admin_user and token: + redis_token = redis_db.handle_redis_token(admin_user) # 从redis中取token if redis_token: if redis_token == token: # 如果从redis中取到的token不为空,且等于请求body中的token - sql1 = "SELECT role FROM user WHERE username = '{}'".format(username) + sql1 = "SELECT role FROM user WHERE username = '{}'".format(admin_user) res1 = db.select_db(sql1) - print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(username, res1)) + print("根据用户名 【 {} 】 查询到用户类型 == >> {}".format(admin_user, res1)) user_role = res1[0]["role"] if user_role == 0: # 如果当前登录用户是管理员用户 - sql2 = "SELECT * FROM user WHERE id = '{}'".format(id) + sql2 = "SELECT * FROM user WHERE username = '{}'".format(username) res2 = db.select_db(sql2) - print("根据用户ID 【 {} 】 查询到用户信息 ==>> {}".format(id, res2)) + print(sql2) + print("根据用户名 【 {} 】 查询到用户信息 ==>> {}".format(username, res2)) if not res2: # 如果要删除的用户不存在于数据库中,res2为空 - return jsonify({"code": 3005, "msg": "删除的用户ID不存在,无法进行删除,请检查!!!"}) + return jsonify({"code": 3005, "msg": "删除的用户名不存在,无法进行删除,请检查!!!"}) elif res2[0]["role"] == 0: # 如果要删除的用户是管理员用户,则不允许删除 - return jsonify({"code": 3006, "msg": "用户ID:【 {} 】,该用户不允许删除!!!".format(id)}) + return jsonify({"code": 3006, "msg": "用户名:【 {} 】,该用户不允许删除!!!".format(username)}) else: - sql3 = "DELETE FROM user WHERE id = {}".format(id) + sql3 = "DELETE FROM user WHERE username = '{}'".format(username) db.execute_db(sql3) print("删除用户信息SQL ==>> {}".format(sql3)) return jsonify({"code": 0, "msg": "恭喜,删除用户信息成功!"}) diff --git a/common/mysql_operate.py b/common/mysql_operate.py index 955c63b..d536d68 100644 --- a/common/mysql_operate.py +++ b/common/mysql_operate.py @@ -10,7 +10,8 @@ def __init__(self, host, port, user, passwd, db): port=port, user=user, passwd=passwd, - db=db + db=db, + autocommit=True ) # 通过 cursor() 创建游标对象,并让查询结果以字典格式输出 self.cur = self.conn.cursor(cursor=pymysql.cursors.DictCursor)