6 år sedan · eb50123d2f
--- a/controller/LangArea.py
+++ b/controller/LangArea.py
@@ -103,9 +103,13 @@ class LangAreaView(TemplateView):
 
				             return response.json(0)
			
 
				 
			
 
				     def do_query(self, request_dict, response, userID):
			
 
				+        user_qs = UserModel.objects.filter(id=userID,username='admin')
			
 
				+        if not user_qs.exists():
			
 
				+            return response.json(403)
			
 
				         la_qs = LangAreaModel.objects.filter().values('lang', 'id')
			
 
				         return response.json(0, list(la_qs))
			
 
				 
			
 
				+
			
 
				     def do_export(self, request_dict, response, userID):
			
 
				         id = request_dict.get('id', None)
			
 
				         type = request_dict.get('type', None)
			
--- a/controller/LangWord.py
+++ b/controller/LangWord.py
@@ -50,7 +50,7 @@ class LangWordView(TemplateView):
 
				             elif operation == 'update':
			
 
				                 return self.do_update(request_dict, response)
			
 
				             elif operation == 'delete':
			
 
				-                return self.do_delete(request_dict, response)
			
 
				+                return self.do_delete(request_dict, userID, response)
			
 
				             # search index table
			
 
				             elif operation == 'query':
			
 
				                 return self.do_query(request_dict, response, userID)
			
@@ -118,7 +118,10 @@ class LangWordView(TemplateView):
 
				         else:
			
 
				             return response.json(404)
			
 
				 
			
 
				-    def do_delete(self, request_dict, response):
			
 
				+    def do_delete(self, request_dict, userID, response):
			
 
				+        user_qs = UserModel.objects.filter(id=userID, username='admin')
			
 
				+        if not user_qs.exists():
			
 
				+            return response.json(403)
			
 
				         word_key = request_dict.get('word_key', None)
			
 
				         try:
			
 
				             LangKeyModel.objects.filter(word_key=word_key).delete()
			
--- a/controller/User.py
+++ b/controller/User.py
@@ -75,6 +75,8 @@ class loginView(TemplateView):
 
				         password = request_dict.get('password', None)
			
 
				         if username and password:
			
 
				             user_qs = UserModel.objects.filter(username=username)
			
 
				+            if not user_qs.exists():
			
 
				+                return response.json(401)
			
 
				             if check_password(password, user_qs[0].password):
			
 
				                 tko = TokenObject()
			
 
				                 res = tko.generate({'userID': user_qs[0].id})
			
@@ -101,6 +103,10 @@ class queryView(TemplateView):
 
				         token = request_dict.get('token', None)
			
 
				         tko = TokenObject(token)
			
 
				         if tko.code == 0:
			
 
				+            userID = tko.userID
			
 
				+            user_qs = UserModel.objects.filter(id=userID, username='admin')
			
 
				+            if not user_qs.exists():
			
 
				+                return response.json(403)
			
 
				             um_qs = UserModel.objects.filter().values('id', 'username')
			
 
				 
			
 
				             ls_qs = LangSetModel.objects.filter().values('user__id', 'lang__lang')
			
--- a/object/ResponseObject.py
+++ b/object/ResponseObject.py
@@ -12,6 +12,7 @@ class ResponseObject(object):
 
				             0: 'Success',
			
 
				             309: 'Please ReLogin! errmsg token',
			
 
				             401: 'Invalid credentials !',
			
 
				+            403: 'permission denied',
			
 
				             404: 'Server error',
			
 
				             414: 'Invalid request path !',
			
 
				             444: 'Wrong Parameter!'
			
--- a/object/__pycache__/ResponseObject.cpython-36.pyc
+++ b/object/__pycache__/ResponseObject.cpython-36.pyc
--- a/web/index.html
+++ b/web/index.html
@@ -183,11 +183,13 @@
 
				 
			
 
				 <script type="text/javascript">
			
 
				     var orderByupdate = 0
			
 
				+    var page = 1
			
 
				+    var line = 5
			
 
				     $(function () {
			
 
				         let post_data = {
			
 
				             'token': $.cookie('access_token'),
			
 
				-            'page': 1,
			
 
				-            'line': 5,
			
 
				+            'page': page,
			
 
				+            'line': line,
			
 
				             'orderByupdate': orderByupdate
			
 
				         };
			
 
				         InitIndex(post_data)
			
@@ -262,7 +264,8 @@
 
				         let post_data = {
			
 
				             'token': $.cookie('access_token'),
			
 
				             'page': page,
			
 
				-            'line': 5
			
 
				+            'line': 5,
			
 
				+            'orderByupdate':orderByupdate
			
 
				         };
			
 
				         $.postJSON(
			
 
				             http_ip_prot + 'langWord/query', JSON.stringify(post_data),
			
@@ -306,8 +309,8 @@
 
				             // console.log(idx)
			
 
				             console.log(obj)
			
 
				             let edit_btn = '<a href="#" title="Edit" onclick="editFunc(\'' + idx + '\')"><i class="fa fa-edit"></i></a>';
			
 
				-            // let del_btn = '<a href="#" title="Delete" onclick="deleteFunc(\'' + idx + '\')"><i class="fa fa-ban"></i></a>';
			
 
				-            let del_btn = '';
			
 
				+            let del_btn = '<a href="#" title="Delete" onclick="deleteFunc(\'' + idx + '\')"><i class="fa fa-ban"></i></a>';
			
 
				+            // let del_btn = '';
			
 
				             body_html += '<tr>';
			
 
				             body_html += ('<td>' + idx + '</td>');