3 years ago · 2fd29cc271
--- a/main.py
+++ b/main.py
@@ -256,19 +256,40 @@ async def get_member(request: Request, Authorize: AuthJWT = Depends()):
 
				     json_dic = []
			
 
				     for row in db.query(statement):
			
 
				         #print(row['id'],row['username'])
			
 
				-        json_dic.append({'username':row['username'],'isAdmin':row['isAdmin'],'roleType':get_role_name(check_role_type(row['username'])) })
			
 
				+        json_dic.append({'username':row['username'],'isAdmin':row['isAdmin'],'roleType':check_role_type(row['username']),'role_name' :get_role_name(check_role_type(row['username']))})
			
 
				     result  = json.dumps(json_dic,ensure_ascii=False)
			
 
				-    current_user = Authorize.get_jwt_subject()
			
 
				+    
			
 
				     return result
			
 
				 
			
 
				-@app.get('/member/edit', response_class=HTMLResponse)
			
 
				-async def login(request: Request, Authorize: AuthJWT = Depends()):
			
 
				+@app.get('/member/edit/', response_class=HTMLResponse)
			
 
				+async def login(request: Request, name:str,isAdmin:int,isEnable:int ,Authorize: AuthJWT = Depends()):
			
 
				     try:
			
 
				         Authorize.jwt_required()
			
 
				     except Exception as e:
			
 
				         print(e)
			
 
				         return RedirectResponse('/login')
			
 
				-    return templates.TemplateResponse(name='member_edit_test.html', context={'request': request})
			
 
				+    db = dataset.connect('mysql://choozmo:pAssw0rd@db.ptt.cx:3306/Water_tower?charset=utf8mb4')
			
 
				+    current_user = Authorize.get_jwt_subject()
			
 
				+    current_user_roleType = check_role_type(current_user)
			
 
				+    del_user_roleType = check_role_type(name)
			
 
				+    statement = 'SELECT isAdmin FROM users WHERE userName = "'+current_user+'"'
			
 
				+    for row in db.query(statement):
			
 
				+        if row['isAdmin']!=1:
			
 
				+            return json.dumps([{'msg':'你沒有權限'}],ensure_ascii=False)
			
 
				+
			
 
				+    if del_user_roleType == None:
			
 
				+        return json.dumps([{'msg':'不存在使用者'}],ensure_ascii=False)
			
 
				+    elif current_user_roleType>del_user_roleType or current_user_roleType==del_user_roleType:
			
 
				+        return json.dumps([{'msg':'你沒有權限'}],ensure_ascii=False)
			
 
				+
			
 
				+    user_dic = get_user(name)
			
 
				+    print(user_dic)
			
 
				+    user_dic.isAdmin = isAdmin 
			
 
				+    user_dic.isEnable = isEnable
			
 
				+    
			
 
				+    table = db['users']
			
 
				+    table.update(dict(user_dic), ['username'])
			
 
				+    return json.dumps([{'msg':"成功更改"}],ensure_ascii=False)
			
 
				 
			
 
				 @app.get('/member_delete', response_class=HTMLResponse)
			
 
				 async def login(request: Request, Authorize: AuthJWT = Depends()):