增加禁用用户的功能

2024-12-29 16:41:56 +00:00 · 2016-03-27 01:26:24 +08:00 · 2016-03-27 01:26:24 +08:00 · 7a841214d4
commit 7a841214d4
parent 13c73e71b8
7 changed files with 45 additions and 7 deletions
--- a/account/decorators.py
+++ b/account/decorators.py
@ -5,7 +5,7 @@ from functools import wraps

 from django.http import HttpResponseRedirect

-from utils.shortcuts import error_response
+from utils.shortcuts import error_response, error_page
 from .models import SUPER_ADMIN, ADMIN


@ -23,6 +23,8 @@ class BasePermissionDecorator(object):
            self.request = args[0]

        if self.check_permission():
+            if self.request.user.is_forbidden is True:
+                return error_page(self.request, u"用户被禁用,请联系管理员")
            return self.func(*args, **kwargs)
        else:
            if self.request.is_ajax():
@ -46,4 +48,4 @@ class super_admin_required(BasePermissionDecorator):

 class admin_required(BasePermissionDecorator):
    def check_permission(self):
-        return self.request.user.is_authenticated() and self.request.user.admin_type in [SUPER_ADMIN, ADMIN]
+        return self.request.user.is_authenticated() and self.request.user.admin_type in [SUPER_ADMIN, ADMIN]
--- a/account/migrations/0019_user_is_forbidden.py
+++ b/account/migrations/0019_user_is_forbidden.py
@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.4 on 2016-03-26 16:39
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0018_auto_20160217_0920'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='is_forbidden',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/account/models.py
+++ b/account/models.py
@ -41,6 +41,8 @@ class User(AbstractBaseUser):
    tfa_token = models.CharField(max_length=40, blank=True, null=True)
    # open api key
    openapi_appkey = models.CharField(max_length=35, blank=True, null=True)
+    # 是否禁用用户
+    is_forbidden = models.BooleanField(default=False)

    USERNAME_FIELD = 'username'
    REQUIRED_FIELDS = []
--- a/account/serializers.py
+++ b/account/serializers.py
@ -39,7 +39,7 @@ class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ["id", "username", "real_name", "email", "admin_type",
-                  "create_time", "last_login", "two_factor_auth", "openapi_appkey"]
+                  "create_time", "last_login", "two_factor_auth", "openapi_appkey", "is_forbidden"]


 class EditUserSerializer(serializers.Serializer):
@ -51,6 +51,7 @@ class EditUserSerializer(serializers.Serializer):
    admin_type = serializers.IntegerField(default=0)
    openapi = serializers.BooleanField()
    tfa_auth = serializers.BooleanField()
+    is_forbidden_user = serializers.BooleanField()


 class ApplyResetPasswordSerializer(serializers.Serializer):
--- a/account/views.py
+++ b/account/views.py
@ -65,7 +65,7 @@ class UserLoginAPIView(APIView):
            return serializer_invalid_response(serializer)


-@login_required
+#@login_required
 def logout(request):
    auth.logout(request)
    return http.HttpResponseRedirect("/")
@ -228,6 +228,12 @@ class UserAdminAPIView(APIView):
                user.two_factor_auth = True
                user.tfa_token = rand_str()

+            # 后台控制用户是否被禁用
+            if data["is_forbidden_user"] is False:
+                user.is_forbidden = False
+            else:
+                user.is_forbidden = True
+
            user.save()
            return success_response(UserSerializer(user).data)
        else:
--- a/static/src/js/app/admin/user/userList.js
+++ b/static/src/js/app/admin/user/userList.js
@ -22,6 +22,7 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"],
                    userId: -1,
                    openAPI: false,
                    tfa_auth: false,
+					is_forbidden_user: false,

                    pager: {
                        getPage: function (page) {
@ -36,6 +37,7 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"],
                        vm.userId = user.id;
                        vm.tfa_auth = user.two_factor_auth;
                        vm.openAPI = user.openapi_appkey ? true: false;
+						vm.is_forbidden_user = user.is_forbidden ? true: false;

                        vm.isEditing = true;
                    },
@ -83,7 +85,8 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"],
                            id: vm.userId,
                            admin_type: vm.adminType,
                            openapi: vm.openAPI,
-                            tfa_auth: vm.tfa_auth
+                            tfa_auth: vm.tfa_auth,
+							is_forbidden_user: vm.is_forbidden_user
                        };
                        if ($("#password").val() !== "")
                            data.password = $("#password").val();
@ -109,4 +112,4 @@ require(["jquery", "avalon", "csrfToken", "bsAlert", "pager", "validator"],
        });
        avalon.scan();

-    });
+    });
--- a/template/src/admin/user/user_list.html
+++ b/template/src/admin/user/user_list.html
@ -84,6 +84,10 @@
                    <label>两步验证</label>
                    <input name="tfa_auth" type="checkbox" class="form-control" ms-duplex-checked="tfa_auth">
                </div>
+                <div class="form-group col-md-3">
+                    <label>是否禁用用户</label>
+                    <input name="is_forbidden_user" type="checkbox" class="form-control" ms-duplex-checked="is_forbidden_user">
+				</div>
            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-success">保存修改</button>
@ -91,4 +95,4 @@
        </form>
    </div>
 </div>
-<script src="/static/js/app/admin/user/userList.js"></script>
+<script src="/static/js/app/admin/user/userList.js"></script>