管理员页面简单的用户管理功能及简单认证，采用Django的csrf_token机制防止跨域。

b451c0a0 · Xu Zhou · 2d2a8539 · b451c0a0 · b451c0a0 · b451c0a0
Commit b451c0a0 authored May 15, 2020 by Xu Zhou
Showing with 74 additions and 51 deletions

admin.html hunter/templates/hunter/admin.html +31 -41

index.html hunter/templates/hunter/index.html +6 -5

user.html hunter/templates/hunter/user.html +15 -4

views.py hunter/views.py +22 -1

No files found.
--- a/hunter/templates/hunter/admin.html
+++ b/hunter/templates/hunter/admin.html
@@ -28,33 +28,8 @@
            <li id="scoreLi" onclick="change(this)">积分管理</li>
        </ul>
    </div>
-    <div class="rightCnt">
-        <div id="paperadmin" class="userlist">
-            <table class="table tableList">
-		    	<thead>
-                    
-		    	</thead>
-		    	<tbody>
-                    {%  for publication in publications  %}
-                      <tr>
-                          <td class="col-sm-2 col-md-2">
-                              {{ publication.date }}
-                          </td>
-                          <td class="col-sm-8 col-md-8 col-md-offset-2">
-                              <p><a href={{ publication.link }} target="_blank">{{ publication.title }}</a></p>
-                              <p>{{ publication.authors }}</p>
-                              <p>{{ publication.journalname }} </p>
-                          </td>
-                            <td class="col-sm-2 col-md-2 col-md-offset-2">
-                                <button class="delpubbtn" onclick="delPub(this)"><?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1539054739914" class="icon"  style="" height="20" width="20" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="2718" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><style type="text/css"></style></defs><path d="M861.012317 164.091494C765.809507 68.885661 639.229448 16.455901 504.590713 16.455901S243.372927 68.885661 148.170117 164.091494C52.965291 259.293296 0.534525 385.874363 0.534525 520.51209c0 134.639743 52.430767 261.217786 147.635592 356.422612 95.20281 95.20281 221.782869 147.633577 356.420596 147.633577s261.217786-52.430767 356.420596-147.633577c95.204825-95.204825 147.635592-221.783877 147.635592-356.422612C1008.646902 385.874363 956.217143 259.293296 861.012317 164.091494zM791.219829 810.54584c-4.394084 4.393077-10.152441 6.590623-15.910797 6.590623-5.759364 0-11.518728-2.197546-15.911805-6.590623L504.590713 555.740334 249.785207 810.54584c-4.394084 4.393077-10.152441 6.590623-15.911805 6.590623-5.758356 0-11.516713-2.197546-15.910797-6.590623-8.788169-8.788169-8.788169-23.036448 0-31.824617L472.767104 523.916725 219.336953 270.485566c-8.788169-8.788169-8.788169-23.036448 0-31.824617 8.788169-8.785146 23.035441-8.785146 31.823609 0l253.431158 253.431158 253.431158-253.431158c8.788169-8.785146 23.035441-8.785146 31.823609 0 8.788169 8.788169 8.788169 23.036448 0 31.824617L536.41533 523.916725l254.804499 254.805506C800.007998 787.509392 800.007998 801.757672 791.219829 810.54584z" p-id="2719" fill="#ff9800"></path></svg>
-                                </button>
-                            </td>

-                      </tr>
-                    {%  endfor %}
-		    	</tbody>
-		    </table>
-        </div>
+    <div class="rightCnt">

        <!--用户列表-->
        <div id="useradmin" class="userlist" style="border:1px solid #000;">
@@ -102,7 +77,35 @@
                    {%  endfor %}
 		    	</tbody>
 		    </table>
-    </div>
+        </div>
+
+        <!--Publication列表-->
+        <div id="paperadmin" class="userlist">
+            <table class="table tableList">
+                <thead>
+                    
+                </thead>
+                <tbody>
+                    {%  for publication in publications  %}
+                      <tr>
+                          <td class="col-sm-2 col-md-2">
+                              {{ publication.date }}
+                          </td>
+                          <td class="col-sm-8 col-md-8 col-md-offset-2">
+                              <p><a href={{ publication.link }} target="_blank">{{ publication.title }}</a></p>
+                              <p>{{ publication.authors }}</p>
+                              <p>{{ publication.journalname }} </p>
+                          </td>
+                            <td class="col-sm-2 col-md-2 col-md-offset-2">
+                                <button class="delpubbtn" onclick="delPub(this)"><?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1539054739914" class="icon"  style="" height="20" width="20" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="2718" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><style type="text/css"></style></defs><path d="M861.012317 164.091494C765.809507 68.885661 639.229448 16.455901 504.590713 16.455901S243.372927 68.885661 148.170117 164.091494C52.965291 259.293296 0.534525 385.874363 0.534525 520.51209c0 134.639743 52.430767 261.217786 147.635592 356.422612 95.20281 95.20281 221.782869 147.633577 356.420596 147.633577s261.217786-52.430767 356.420596-147.633577c95.204825-95.204825 147.635592-221.783877 147.635592-356.422612C1008.646902 385.874363 956.217143 259.293296 861.012317 164.091494zM791.219829 810.54584c-4.394084 4.393077-10.152441 6.590623-15.910797 6.590623-5.759364 0-11.518728-2.197546-15.911805-6.590623L504.590713 555.740334 249.785207 810.54584c-4.394084 4.393077-10.152441 6.590623-15.911805 6.590623-5.758356 0-11.516713-2.197546-15.910797-6.590623-8.788169-8.788169-8.788169-23.036448 0-31.824617L472.767104 523.916725 219.336953 270.485566c-8.788169-8.788169-8.788169-23.036448 0-31.824617 8.788169-8.785146 23.035441-8.785146 31.823609 0l253.431158 253.431158 253.431158-253.431158c8.788169-8.785146 23.035441-8.785146 31.823609 0 8.788169 8.788169 8.788169 23.036448 0 31.824617L536.41533 523.916725l254.804499 254.805506C800.007998 787.509392 800.007998 801.757672 791.219829 810.54584z" p-id="2719" fill="#ff9800"></path></svg>
+                                </button>
+                            </td>
+
+                      </tr>
+                    {%  endfor %}
+                </tbody>
+            </table>
+        </div>

        <div id="privateArtadmin" class="userlist" >
            <ul id="articleList" class="node-list">
@@ -217,20 +220,7 @@
                encryptSend('/operator/', data);  // Jsencrypt.do对应服务端处理地址
                console.log("add user: username = " + username);
            });
-            var storage=window.sessionStorage;
-            var username=storage.username;
-            var identity=storage.identity;
-            if(username != null && username.toString().length > 0){
-                if(identity == '0'){
-                    alert("请以管理员身份登录");
-                    {#window.location.href="/signin/";#}
-                }else{
-                    $("#adminname").text(username);
-                }
-            }else{
-                alert("请先登录");
-                {#window.location.href="/signin/";#}
-            }
+            
        });
         function returnToList() {
            $("#articleList").removeClass("hide");

--- a/hunter/templates/hunter/index.html
+++ b/hunter/templates/hunter/index.html
@@ -378,11 +378,12 @@
                success:function(response){
                    console.log(response);
                    if(response['message']==="success"){
-                        let user_id=response['userid'];
+                        console.log("login OK, ret: ");
+                        console.log(response);
+                        let user_id = response['userid'];
                        let storage = window.localStorage;
                        storage['username'] = username;
                        storage['userID'] = user_id;
-                        console.log(storage);
                        login_success(username,user_id);
                    }else{
                        login_fail(response['message']);
@@ -395,11 +396,11 @@
            })
        }
    }
-    function login_success(name,userid){
+    function login_success(name, userid){
        $('#top_bar').empty();
-        $('#top_bar').append("<ul><li><button onclick='logout()'>退出</button></li><li title='点击进入个人中心'><a href='/user/"+userid+"/' target='_blank'>"+name+"</a></li></ul>");
+        $('#top_bar').append("<ul><li><button onclick='logout()'>退出</button></li><li title='点击进入个人中心'><a href='/user/"+userid+"/'>"+name+"</a></li></ul>");
        hide_log();
-        window.open("/user/"+userid);
+        window.location = ("/user/" + userid); //do not use window.open as it will open a new tab.
    }
    function login_fail(message){
        $('#error_log').empty();

--- a/hunter/templates/hunter/user.html
+++ b/hunter/templates/hunter/user.html
@@ -10,6 +10,7 @@
    <script src="{% static 'hunter/jquery.form.js' %}"></script>
 </head>
 <body>
+
 <div id="edit_div" class="">
    <div id="edit_wrap" >
        <div id="edit_title">修改</div>
@@ -45,13 +46,17 @@
                <a href="" class="main_bar" onclick="exit()">退出登录</a>
                <a href="../../" class="main_bar" >返回首页</a>

-                <a href="{% url 'hunter:profile_edit' user.userID %}" target="_blank" class="main_bar userID"  id="">修改个人信息</a>
+                <a href="{% url 'hunter:profile_edit' user.userID %}" class="main_bar userID"  id="">修改个人信息</a>

-                <a href="{% url 'hunter:detail' user.userID %}" class="main_bar" target="_blank">查看个人详情页</a>
+                <a href="{% url 'hunter:detail' user.userID %}" class="main_bar" >查看个人详情页</a>
                {% if user.identity == '1' %}
-                <a href="../../ht/admin" class="main_bar" target="_blank">管理员</a>
+                <a href="javascript:;" class="main_bar" onclick="document.getElementById('form_post_admin').submit();">管理员</a>
+                <form id="form_post_admin" action="../../ht/admin/" method="post">
+                    {% csrf_token %}
+                    <input type="hidden" name="user_id" value="{{ user.userID }}"/>
+                </form>
                {% endif %}
-                <a href="{% url 'hunter:detail' user.userID %}" id="username" class="main_bar" target="_blank">{{ usr.name }}</a>
+                <a href="{% url 'hunter:detail' user.userID %}" id="username" class="main_bar" >{{ usr.name }}</a>
            </div>
        </div>
    </div>
@@ -213,6 +218,12 @@
 </script>

 <script type="text/javascript">
+    
+    function postAdminPage(){
+        console.log("call function postAdminPage");
+        $.post("../../ht/admin/", { username: "John", time: "2pm" } );  //Your values here..
+    }
+
    window.onload=function(){
        let storage = window.localStorage;
        let url = window.location.pathname;

--- a/hunter/views.py
+++ b/hunter/views.py
@@ -712,9 +712,30 @@ def edit_art(request, article_id):
    return render(request, 'hunter/editArticle.html', {'article': art})


+def check_admin_privilage(user_id):
+    try:
+        user_id = int(user_id)
+    except:
+        return False
+    user = User.objects.get(userID = user_id)
+    if user != None or user.is_admin():
+        return True
+    else:
+        return False
+
 # 管理员
-@ensure_csrf_cookie
 def admin(request):
+    if request.method != 'POST':
+        return  HttpResponse(status=404)
+
+    user_id = request.POST.get('user_id', '')
+    if user_id == '':
+        return  HttpResponse(status=404)
+    print ("admin user_id = ", user_id)
+
+    if not check_admin_privilage(user_id):
+        return HttpResponse(status=404)
+
    if User.objects.last():
        if User.objects.last().userID > 0:
            users = User.objects.all()