debug_view

group file permission

3

@@ -1 +0,0 @@
-fadfasdf

account/decorators.py

@@ -1,11 +1,7 @@
 from functools import wraps
-from urllib.parse import urlparse
 
-from django.conf import settings
-from django.shortcuts import resolve_url
-from django.http import JsonResponse
-
-from .models import User, LoginToken
+from .models import User
+from utils.http import make_json_response
 
 
 def user_passes_test(test_func, error):
@@ -14,37 +10,36 @@ def user_passes_test(test_func, error):
         def _wrapped_view(request, *args, **kwargs):
             if test_func(request):
                 return view_func(request, *args, **kwargs)
-            return JsonResponse({'code': 401, 'error': error})
+            return make_json_response(code=401, error=error)
         return _wrapped_view
     return decorator
 
 
-def login_required(function=None, error='error'):
+def login_required(function=None, error='未登录'):
     """
     Decorator for views that checks that the _user is logged in, redirecting
     to the log-in page if necessary.
     """
     def is_login(request):
         if request.method != 'POST':
-            return True
+            return False
         username = request.POST.get('username', '')
         token = request.POST.get('token', '')
         print(f'username={username} token={token}')
         try:
             user = User.objects.get(username=username)
-            if user.check_token(token):
-                user.tokens.get(token=token)
-                print('已登录')
-                if hasattr(request, 'user'):
-                    request.user = user
-                return True
         except:
-            print('未登录')
+            print('用户不存在')
+            return False
+        if not user.check_token(token) or not user.tokens.filter(token=token):
+            print('token无效')
             return False
-        print('未登录')
-        return False
+        print('已登录')
+        if hasattr(request, 'user'):
+            request.user = user
+        return True
 
-    actual_decorator = user_passes_test(is_login, '请登录')
+    actual_decorator = user_passes_test(is_login, error)
     if function:
         return actual_decorator(function)
     return actual_decorator

account/models.py

@@ -28,7 +28,7 @@ class User(models.Model):
         verbose_name = verbose_name_plural = '用户信息表'
 
     def get_root_folder(self):
-        return self.folders.get(father_folder=None)
+        return self.folders.get(father_folder=None, group=None)
 
     def set_password(self, password):
         # TODO: 密码强度检验，密码hash存储

account/views.py

@@ -4,8 +4,11 @@ from django.shortcuts import render
 
 from datetime import datetime, time
 from .models import User, LoginToken
-from django.http import JsonResponse, HttpResponse
-from rest_framework.decorators import api_view
+from django.http import JsonResponse
+from utils.decorators import debug_view
+from utils.http import make_json_response
+from .models import get_user
+from django.views.decorators.http import require_POST
 from .decorators import login_required
 
 
@@ -17,49 +20,46 @@ def auth_with_username_or_email(username, password):
     return user
 
 
-@api_view(['POST'])
+@debug_view('username', 'password', 'email')
+@require_POST
 def register(request):
-    username = request.data.get('username', '')
-    password = request.data.get('password', '')
-    email = request.data.get('email', '')
+    username = request.POST.get('username', '')
+    password = request.POST.get('password', '')
+    email = request.POST.get('email', '')
     if not username or not password or not email:
-        return JsonResponse({'code': 303, 'error': '用户名/密码/邮箱不能为空'})
-    else:
-        if User.objects.filter(username=username):
-            print('用户名已存在')
-            return JsonResponse({'code': 301, 'error': '用户名已存在'})
+        return make_json_response(code=303, error='用户名/密码/邮箱不能为空')
 
-        if User.objects.filter(email=email):
-            print('邮箱已存在')
-            return JsonResponse({'code': 302, 'error': '邮箱已存在'})
+    if User.objects.filter(username=username):
+        return make_json_response(code=301, error='用户名已存在')
 
-        try:
-            User.objects.create(username=username, password=password, email=email)
-            print('注册成功')
-            return JsonResponse({'code': 200})
-        except Exception as e:
-            print(e)
-            return JsonResponse({'code': 400, 'error': str(e)})
+    if User.objects.filter(email=email):
+        return make_json_response(code=302, error='邮箱已存在')
+
+    try:
+        User.objects.create(username=username, password=password, email=email)
+        print('注册成功')
+        return make_json_response()
+    except Exception as e:
+        return make_json_response(code=500, error=str(e))
 
 
-@api_view(['POST'])
+@debug_view('username', 'password')
+@require_POST
 def login(request):
-    username = request.data.get('username', '')
-    password = request.data.get('password', '')
-    token = request.data.get('token', '')
+    username = request.POST.get('username', '')
+    password = request.POST.get('password', '')
+    old_token = request.POST.get('token', '')
 
     try:
         user = auth_with_username_or_email(username, password)
         print(user)
-    except Exception as e:
-        print(e)
-        print('用户名或密码错误')
-        return JsonResponse({'code': 303, 'error': '用户名或密码错误'})
+    except:
+        return make_json_response(code=303, error='用户名或密码错误')
 
-    print(f'token = {token}')
-    if user.check_token(token):
+    print(f'token = {old_token}')
+    if user.check_token(old_token):
         try:
-            user_token = user.tokens.get(token=token)
+            user_token = user.tokens.get(token=old_token)
             print('已登录')
             user_token.delete()
             # return JsonResponse({'code': 303, 'msg': '已登录'}, status=303)
@@ -70,93 +70,85 @@ def login(request):
 
     user.last_login = datetime.now()
 
-    new_token = user.make_token()
+    token = user.make_token()
     user_token = LoginToken()
     user_token.user = user
-    user_token.token = new_token
+    user_token.token = token
     user_token.save()
 
     print('登录成功')
-    print(f'new_token = {new_token}')
-    return JsonResponse({'code': 200, 'token': new_token})
+    print(f'token = {token}')
+    return make_json_response(token=token)
 
 
-@api_view(['POST'])
+@debug_view('username', 'token')
+@login_required
 def logout(request):
-    username = request.data.get('username')
-    token = request.data.get('token')
-    try:
-        user = User.objects.get(username=username)
-    except Exception as e:
-        print('用户不存在')
-        return JsonResponse({'code': 302, 'error': '用户不存在'})
-    try:
-        user_token = user.tokens.get(token=token)
-        user_token.delete()
-    except Exception as e:
-        print(e)
-        print('token无效')
-    return JsonResponse({'code': 200})
+    user = get_user(request)
+    data = request.POST
+    token = data.get('token')
+    user_token = user.tokens.get(token=token)
+    user_token.delete()
+    return make_json_response()
 
 
-@api_view(['POST'])
+@debug_view('username', 'email')
+@require_POST
 def send_email_verification_code(request):
-    username = request.data.get('username')
-    if not username:
-        return JsonResponse({'code': 301, 'error': '用户名不能为空'})
+    data = request.POST
+    username = data.get('username')
+    email = data.get('email')
     try:
         user = User.objects.get(username=username)
     except:
-        print('用户不存在')
-        return JsonResponse({'code': 302, 'error': '用户不存在'})
+        return make_json_response(code=302, error='用户不存在')
+    if user.email != email:
+        return make_json_response(code=301, error='邮箱错误')
     try:
         # 发送验证码
         token = user.make_token()
         print(f'发送验证码 email = {user.email} token = {token}')
         user.send_email('ST网盘重置密码验证码', token)
-        return JsonResponse({'code': 200})
+        return make_json_response()
     except Exception as e:
-        print(e)
-        return JsonResponse({'code': 303, 'error': str(e)})
+        return make_json_response(code=500, error=str(e))
 
 
-@api_view(['POST'])
+@debug_view('username', 'token')
+@require_POST
 def check_token(request):
-    username = request.data.get('username')
-    token = request.data.get('token')
-    if not username:
-        return JsonResponse({'code': 301, 'error': '用户名不能为空'})
+    data = request.POST
+    username = data.get('username')
+    token = data.get('token')
     try:
         user = User.objects.get(username=username)
     except:
-        print('用户不存在')
-        return JsonResponse({'code': 302, 'error': '用户不存在'})
+        return make_json_response(code=302, error='用户不存在')
+    print(f'token={token}')
     if token and user.check_token(token):
         print('验证码有效')
-        return JsonResponse({'code': 200})
+        return make_json_response()
     else:
-        return JsonResponse({'code': 303, 'error': '验证码无效'})
+        return make_json_response(code=303, error='验证码无效')
 
 
-@api_view(['POST'])
+@debug_view('username', 'password', 'token')
+@require_POST
 def reset_password(request):
-    username = request.data.get('username')
-    password = request.data.get('password')
-    token = request.data.get('token')
-    if not username:
-        return JsonResponse({'code': 301, 'error': '用户名不能为空'})
+    data = request.POST
+    username = data.get('username')
+    password = data.get('password')
+    token = data.get('token')
     try:
         user = User.objects.get(username=username)
     except:
-        print('用户不存在')
-        return JsonResponse({'code': 302, 'error': '用户不存在'})
+        return make_json_response(code=302, error='用户不存在')
     print(f'token={token}')
     if token and user.check_token(token):
         # 重置密码
         print("验证码有效")
         user.password = password
         user.save()
-        return JsonResponse({'code': 200})
+        return make_json_response()
     else:
-        print("验证码无效")
-        return JsonResponse({'code': 303, 'error': '验证码无效'})
+        return make_json_response(code=303, error='验证码无效')

file/admin.py

@@ -4,7 +4,7 @@ from .models import File
 
 # Register your models here.
 class FileAdmin(admin.ModelAdmin):
-    list_display = ["file_id", "file_name", "folder", "update_time", "file_type", "file_size", "owner", "group"]
+    list_display = ["file_id", "file_name", "father_folder", "update_time", "file_type", "file_size", "owner", "group"]
 
 
 admin.site.register(File, FileAdmin)

file/migrations/0005_rename_folder_file_father_folder.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.7 on 2021-09-10 08:15
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('file', '0004_file_group'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='file',
+            old_name='folder',
+            new_name='father_folder',
+        ),
+    ]

file/models.py

@@ -2,6 +2,14 @@ from django.db import models
 from folder.models import Folder
 from account.models import User
 from group.models import Group
+# 引入内置信号
+from django.db.models.signals import post_delete
+# 引入信号接收器的装饰器
+from django.dispatch import receiver
+
+import os
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
 
 # 文件表
 class File(models.Model):
@@ -10,7 +18,7 @@ class File(models.Model):
     # 文件名
     file_name = models.CharField(max_length=50, blank=False)
     # 从属的文件夹
-    folder = models.ForeignKey(Folder, on_delete=models.CASCADE, related_name='children_files')
+    father_folder = models.ForeignKey(Folder, on_delete=models.CASCADE, related_name='children_files')
     # 上传时间
     update_time = models.DateTimeField()
     # 文件类型
@@ -29,3 +37,9 @@ class File(models.Model):
                 'update_time': self.update_time,
                 'file_type': self.file_type,
                 'file_size': self.file_size}
+
+
+# 信号接收函数，每当删除file时自动删除文件
+@receiver(post_delete, sender=File)
+def delete_file(sender, instance, **kwargs):
+    os.remove(BASE_DIR + '/' + str(instance.file_id))

file/views.py

@@ -1,7 +1,3 @@
-import random
-import string
-
-from django.shortcuts import render, redirect
 from account.decorators import login_required
 from file.models import File
 from django.http import FileResponse, JsonResponse, HttpResponse
@@ -12,110 +8,84 @@ from .judgement_function import judge_filepath, format_size
 from django.utils.http import urlquote
 import os
 from account.models import get_user
+from utils.decorators import debug_view
+from utils.http import make_json_response
+from utils.permission import can_delete
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
-DEBUG = 1
-
-
 # Create your views here.
 
 
+@debug_view(template_name='upload_file.html')
 @login_required
 def upload_file(request):
-    if request.method == "POST":
-        user = get_user(request)
-        try:
-            file_obj = request.FILES.get('upload')
-        except:
-            print('文件不存在')
-            return JsonResponse({'code': 401, 'error': '文件不存在'})
-        file_type = judge_filepath(file_obj.name.split('.')[-1].lower()) if '.' in file_obj.name else ''
-        update_time = timezone.now().strftime("%Y-%m-%d %H:%M:%S")
-        file_size = file_obj.size
-        file_name = file_obj.name
-        folder_id = request.POST.get('folder_id')
-        try:
-            folder = Folder.objects.get(folder_id=folder_id)
-        except:
-            print('文件夹不存在')
-            return JsonResponse({'code': 402, 'error': '文件夹不存在'})
-        if not folder.check_permission(user=user):
-            print('没有上传文件的权限')
-            return JsonResponse({'code': 404, 'error': '没有上传文件的权限'})
-        file = File.objects.create(file_name=file_name,
-                                   folder=folder,
-                                   update_time=update_time,
-                                   file_size=file_size,
-                                   file_type=file_type,
-                                   owner=user,
-                                   group=folder.group)
-        # TODO: 文件hash
-        try:
-            file_dir = BASE_DIR + '/' + str(file.file_id)
-            with open(file_dir, 'wb+') as f:
-                for chunk in file_obj.chunks():
-                    f.write(chunk)
-        except:
-            print('文件保存失败')
-            file.delete()
-            return JsonResponse({'code': 500, 'error': '文件保存失败'})
-        return JsonResponse({'code': 200})
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'upload_file.html')
-    else:
-        return HttpResponse(status=400)
+    user = get_user(request)
+    try:
+        file_obj = request.FILES.get('upload')
+    except:
+        return make_json_response(code=401, error='文件不存在')
+    file_type = judge_filepath(file_obj.name.split('.')[-1].lower()) if '.' in file_obj.name else ''
+    update_time = timezone.now().strftime("%Y-%m-%d %H:%M:%S")
+    file_size = file_obj.size
+    file_name = file_obj.name
+    folder_id = request.POST.get('folder_id')
+    try:
+        folder = Folder.objects.get(folder_id=folder_id)
+    except:
+        return make_json_response(code=402, error='文件夹不存在')
+    if not folder.check_permission(user=user):
+        return make_json_response(code=404, error='没有上传文件的权限')
+    file = File.objects.create(file_name=file_name,
+                               father_folder=folder,
+                               update_time=update_time,
+                               file_size=file_size,
+                               file_type=file_type,
+                               owner=user,
+                               group=folder.group)
+    # TODO: 文件hash
+    try:
+        file_dir = BASE_DIR + '/' + str(file.file_id)
+        with open(file_dir, 'wb+') as f:
+            for chunk in file_obj.chunks():
+                f.write(chunk)
+    except:
+        file.delete()
+        return make_json_response(code=500, error='文件保存失败')
+    return make_json_response()
 
 
+@debug_view('username', 'token', 'file_id')
 @login_required
 def download_file(request):
-    if request.method == "POST":
-        user = get_user(request)
-        file_id = request.POST.get('file_id')
-        try:
-            file = File.objects.get(file_id=file_id)
-        except:
-            print('文件不存在')
-            return JsonResponse({'code': 401, 'error': '文件不存在'})
-        if not file.folder.check_permission(user=user):
-            print('没有下载文件的权限')
-            return JsonResponse({'code': 404, 'error': '没有下载文件的权限'})
-        file_name = file.file_name
-        file_dir = BASE_DIR + '/' + str(file.file_id)
-        file = open(file_dir, 'rb')
-        response = FileResponse(file)
-        response['Content-Type'] = 'application/octet-stream'
-        response['Content-Disposition'] = 'attachment;filename={}'.format(urlquote(file_name))
-        return response
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'download_file.html')
-    else:
-        return HttpResponse(status=400)
+    user = get_user(request)
+    file_id = request.POST.get('file_id')
+    try:
+        file = File.objects.get(file_id=file_id)
+    except:
+        return make_json_response(code=401, error='文件不存在')
+    if not file.father_folder.check_permission(user=user):
+        return make_json_response(code=404, error='没有下载文件的权限')
+    file_name = file.file_name
+    file_dir = BASE_DIR + '/' + str(file.file_id)
+    file = open(file_dir, 'rb')
+    response = FileResponse(file)
+    response['Content-Type'] = 'application/octet-stream'
+    response['Content-Disposition'] = 'attachment;filename={}'.format(urlquote(file_name))
+    return response
 
 
+@debug_view('username', 'token', 'file_id')
 @login_required
 def delete_file(request):
-    if request.method == "POST":
-        data = request.POST
-        user = get_user(request)
-        file_id = data.get('file_id')
-        try:
-            file = File.objects.get(file_id=file_id)
-        except:
-            print('文件不存在')
-            return JsonResponse({'code': 401, 'error': '文件不存在'})
-        if not file.folder.check_permission(user=user) or (
-                file.owner != user and (not file.group or file.group.creator != user)):
-            print('没有删除文件的权限')
-            return JsonResponse({'code': 404, 'error': '没有删除文件的权限'})
-        try:
-            os.remove(BASE_DIR + '/' + file_id)
-        except:
-            print('文件删除失败')
-            return JsonResponse({'code': 500, 'error': '文件删除失败'})
-        file.delete()
-        return JsonResponse({'code': 200})
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'delete_file.html')
-    else:
-        return HttpResponse(status=400)
+    data = request.POST
+    user = get_user(request)
+    file_id = data.get('file_id')
+    try:
+        file = File.objects.get(file_id=file_id)
+    except:
+        return make_json_response(code=401, error='文件不存在')
+    if not can_delete(user=user, f=file):
+        return make_json_response(code=404, error='没有删除文件的权限')
+    file.delete()
+    return make_json_response()

folder/migrations/0007_auto_20210910_1615.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.7 on 2021-09-10 08:15
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0002_delete_profile'),
+        ('folder', '0006_folder_group'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='folder',
+            name='father_folder',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='children_folders', to='folder.folder'),
+        ),
+        migrations.AlterField(
+            model_name='folder',
+            name='owner',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.DO_NOTHING, related_name='folders', to='account.user'),
+        ),
+    ]

folder/models.py

@@ -26,7 +26,7 @@ class Folder(models.Model):
         return {'folder_id': self.folder_id, 'folder_name': self.folder_name, 'father_folder_id': self.father_folder_id}
 
     def check_permission(self, user:User):
-        return self.owner == user or user.joined_groups.filter(group_id=self.group_id).count() > 0
+        return self.owner == user or user.joined_groups.filter(group_id=self.group_id)
 
     def __str__(self):
         return str(self.folder_id)

folder/views.py

@@ -1,96 +1,71 @@
-import random
-import string
-
-from django.http import HttpResponse, JsonResponse
-from django.shortcuts import render
 from account.decorators import login_required
 from .models import Folder
-from file.models import File
-import json
 from account.models import get_user
 from utils.decorators import debug_view
+from utils.http import make_json_response
+from utils.permission import can_delete
 
 # Create your views here.
-DEBUG = 1
 
 
+@debug_view('username', 'token')
 @login_required
 def get_root_folder(request):
     # 获取根目录
-    if request.method == 'POST':
-        user = get_user(request)
-        return JsonResponse({'code': 200, 'root_folder_id': user.get_root_folder().folder_id})
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'get_root_folder.html')
-    else:
-        return HttpResponse(status=400)
+    user = get_user(request)
+    return make_json_response(root_folder_id=user.get_root_folder().folder_id)
 
 
 # 在根目录下列出所有文件夹与文件
+@debug_view('username', 'token', 'folder_id')
 @login_required
 def folder_list(request):
-    if request.method == 'POST':
-        data = request.POST
-        folder_id = data.get('folder_id')
-        user = get_user(request)
-        try:
-            folder = user.folders.get(folder_id=folder_id)
-        except:
-            print('无法访问')
-            return JsonResponse({'code': 404, 'error': '无法访问'})
-
-        children_folders = folder.children_folders.all()
-        children_files = folder.children_files.all()
-        children = [*map(lambda f: {'type': 'folder', **f.to_json()}, children_folders),
-                    *map(lambda f: {'type': 'file', **f.to_json()}, children_files)]
-        return JsonResponse({'code': 200, 'children': children})
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'folder_list.html')
-    else:
-        return HttpResponse(status=400)
+    data = request.POST
+    user = get_user(request)
+    folder_id = data.get('folder_id')
+    try:
+        folder = Folder.objects.get(folder_id=folder_id)
+    except:
+        return make_json_response(code=400, error='文件夹不存在')
+    if not folder.check_permission(user=user):
+        return make_json_response(code=404, error='没有权限')
+    children_folders = folder.children_folders.all()
+    children_files = folder.children_files.all()
+    children = [*map(lambda f: {'type': 'folder', **f.to_json()}, children_folders),
+                *map(lambda f: {'type': 'file', **f.to_json()}, children_files)]
+    return make_json_response(children=children)
 
 
-# 父文件夹id 子文件夹名字
 # 增文件夹
+@debug_view('username', 'token', 'father_folder_id', 'folder_name')
 @login_required
 def add_folder(request):
-    if request.method == 'POST':
-        data = request.POST
-        user = get_user(request)
-        # folder_id_random = ''.join(random.sample(string.digits, 8))
-        # father_folder = Folder.objects.filter(folder_id=data.get('father_folder_id')).get()
-
-        father_folder_id = data.get('father_folder_id')
-        try:
-            father_folder = user.folders.get(folder_id=father_folder_id)
-        except:
-            print('上级文件夹不存在')
-            return JsonResponse({'code': 421, 'error': '上级文件夹不存在'})
-
-        folder_name = data.get('folder_name')
-        Folder.objects.create(folder_name=folder_name, father_folder=father_folder, owner=user)
-        return JsonResponse({'code': 200})
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'add_folder.html')
-    else:
-        return HttpResponse(status=400)
+    user = get_user(request)
+    data = request.POST
+    father_folder_id = data.get('father_folder_id')
+    folder_name = data.get('folder_name')
+    try:
+        father_folder = Folder.objects.get(folder_id=father_folder_id)
+    except:
+        return make_json_response(code=421, error='上级文件夹不存在')
+    if not father_folder.check_permission(user=user):
+        return make_json_response(code=404, error='没有权限')
+    Folder.objects.create(folder_name=folder_name, father_folder=father_folder, owner=user, group=father_folder.group)
+    return make_json_response()
 
 
 # 删除文件夹
+@debug_view('username', 'token', 'folder_id')
 @login_required
 def delete_folder(request):
-    if request.method == 'POST':
-        data = request.POST
-        user = get_user(request)
-        folder_id = data.get('folder_id')
-        try:
-            folder = user.folders.get(folder_id=folder_id)
-        except:
-            print('无此文件夹')
-            return JsonResponse({'code': '421', 'error': '无此文件夹'})
-        folder.delete()
-        return JsonResponse({'code': 200})
-    elif request.method == 'GET' and DEBUG:
-        return render(request, 'delete_folder.html')
-    else:
-        return HttpResponse(status=400)
+    data = request.POST
+    user = get_user(request)
+    folder_id = data.get('folder_id')
+    try:
+        folder = Folder.objects.get(folder_id=folder_id)
+    except:
+        return make_json_response(code=421, error='无此文件夹')
+    if not can_delete(user=user, f=folder):
+        return make_json_response(code=404, error='没有删除文件的权限')
+    folder.delete()
+    return make_json_response()

group/views.py

@@ -3,13 +3,11 @@ from .models import Group
 from account.models import User, get_user
 from utils.decorators import debug_view
 from utils.http import make_json_response
-from django.views.decorators.http import require_GET, require_POST
 
 # Create your views here.
 
 
-@debug_view('get_group_root_folder.html')
-@require_POST
+@debug_view('username', 'token', 'group_id')
 @login_required
 def get_group_root_folder(request):
     user = get_user(request)
@@ -23,8 +21,7 @@ def get_group_root_folder(request):
     return make_json_response(root_folder_id=root_folder.folder_id)
 
 
-@debug_view('join_group.html')
-@require_POST
+@debug_view('username', 'token', 'group_id')
 @login_required
 def join_group(request):
     user = get_user(request)
@@ -41,8 +38,7 @@ def join_group(request):
     return make_json_response()
 
 
-@debug_view('create_group.html')
-@require_POST
+@debug_view('username', 'token', 'group_name')
 @login_required
 def create_group(request):
     user = get_user(request)
@@ -55,8 +51,7 @@ def create_group(request):
     return make_json_response()
 
 
-@debug_view('quit_group.html')
-@require_POST
+@debug_view('username', 'token', 'group_id')
 @login_required
 def quit_group(request):
     user = get_user(request)
@@ -74,8 +69,7 @@ def quit_group(request):
 
 
 # 获取你所在的所有群组
-@debug_view('group_list.html')
-@require_POST
+@debug_view('username', 'token')
 @login_required
 def group_list(request):
     user = get_user(request)

templates/add_folder.html

@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 用户名 -->
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <!-- 文件夹名 -->
-            <div>
-                <label for="folder_name">文件夹名</label>
-                <input type="text" id="folder_name" name="folder_name">
-            </div>
-            <!-- 父文件夹id -->
-            <div>
-                <label for="father_folder_id">父文件夹id</label>
-                <input type="text" id="father_folder_id" name="father_folder_id">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/create_group.html

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 昵称 -->
-            <div>
-                <label for="username">昵称</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <!-- 群名 -->
-            <div>
-                <label for="group_name">群名</label>
-                <input type="text" id="group_name" name="group_name">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/debug.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="zh-cn">
+    <div>
+        <form method="post" action=".">
+            {% csrf_token %}
+            {% for item in items %}
+                <div>
+                    <label for="{{ item }}">{{ item }}</label>
+                    <input type="text" id="{{ item }}" name="{{ item }}">
+                </div>
+            {% endfor %}
+            <button type="submit">submit</button>
+        </form>
+    </div>
+</html>

templates/delete_file.html

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <!-- 昵称 -->
-            <div>
-                <label for="file_id">file_id</label>
-                <input type="text" id="file_id" name="file_id">
-            </div>
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/delete_folder.html

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <div>
-                <label for="folder_id">id</label>
-                <input type="text" id="folder_id" name="folder_id">
-            </div>
-
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/download_file.html

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <!-- 昵称 -->
-            <div>
-                <label for="file_id">file_id</label>
-                <input type="text" id="file_id" name="file_id">
-            </div>
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/folder_list.html

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <div>
-                <label for="folder_id">id</label>
-                <input type="text" id="folder_id" name="folder_id">
-            </div>
-
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/get_group_root_folder.html

@@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 用户名 -->
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <!-- 群号 -->
-            <div>
-                <label for="group_id">群号</label>
-                <input type="text" id="group_id" name="group_id">
-            </div>
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/get_root_folder.html

@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 用户名 -->
-            <div>
-                <label for="username">用户名</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/group_list.html

@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 昵称 -->
-            <div>
-                <label for="username">昵称</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/join_group.html

@@ -1,25 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 昵称 -->
-            <div>
-                <label for="username">名称</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <!-- 群号 -->
-            <div>
-                <label for="group_id">群号</label>
-                <input type="text" id="group_id" name="group_id">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

templates/quit_group.html

@@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-cn">
-    <div>
-        <form method="post" action=".">
-            {% csrf_token %}
-            <!-- 昵称 -->
-            <div>
-                <label for="username">名称</label>
-                <input type="text" id="username" name="username">
-            </div>
-            <!-- 群号 -->
-            <div>
-                <label for="group_id">群号</label>
-                <input type="text" id="group_id" name="group_id">
-            </div>
-            <div>
-                <label for="token">token</label>
-                <input type="text" id="token" name="token">
-            </div>
-            <!-- 提交按钮 -->
-            <button type="submit">提交</button>
-        </form>
-    </div>
-</html>

utils/decorators.py

@@ -8,11 +8,14 @@ from django.http import JsonResponse
 DEBUG = settings.DEBUG
 
 
-def debug_view(template_name):
+def debug_view(*items, template_name='debug.html'):
     def decorator(view_func):
         @wraps(view_func)
         def _wrapped_view(request, *args, **kwargs):
-            return render(request, template_name) if DEBUG and request.method == 'GET' \
-                else view_func(request, *args, **kwargs)
+            if DEBUG and request.method == 'GET':
+                print('render debug view')
+                return render(request, template_name, {'items': items})
+            else:
+                return view_func(request, *args, **kwargs)
         return _wrapped_view
     return decorator

utils/http.py

@@ -1,10 +1,7 @@
 from django.http import HttpResponse, JsonResponse
 
 
-def make_json_response(**kwargs):
-    if not kwargs.get('code'):
-        kwargs['code'] = 200
-    error = kwargs.get('error')
-    if error:
-        print(error)
-    return JsonResponse(kwargs, json_dumps_params={"ensure_ascii": False})
+def make_json_response(code=200, **kwargs):
+    if 'error' in kwargs:
+        print(kwargs.get('error'))
+    return JsonResponse({'code': code, **kwargs}, json_dumps_params={"ensure_ascii": False})

utils/permission.py

@@ -0,0 +1,10 @@
+from file.models import File
+from folder.models import Folder
+from account.models import User
+
+
+def can_delete(user, f):
+    if not isinstance(user, User) or (not isinstance(f, File) and not isinstance(f, Folder)):
+        raise TypeError('File or Folder expected.')
+    return f.father_folder and f.father_folder.check_permission(user=user) and (
+            f.owner == user or (f.group and f.group.creator == user))