def alloc_user():
for i in g.data['roles']:
if not g.user.restrict_permission(Role.get_by_id(i).permission):
return falseReturn(msg='您无法赋予他人权限不小于自己的角色')
if not g.user.restrict_functions(Role.get_by_id(i).allow_functions):
return falseReturn(msg='您无法赋予他人权能不在自己范围内的角色')
u = User.get_by_id(g.data['id'])
u.change_role(g.data['roles'])
return trueReturn()
def import_user():
if 'file' not in request.files:
return falseReturn(None, '无文件')
f = request.files['file']
if f.filename == '':
return falseReturn(None, '未选择上传')
else:
sheet(f)
return trueReturn()
def before_request():
try:
if os.path.exists('isinit.flag'):
return falseReturn(msg="拒绝访问:已经初始化过")
if request.get_data():
g.data = request.get_json(silent=True)
except:
traceback.print_exc()
return falseReturn(None, '数据错误')
def remove_role():
if g.user.restrict_permission(Role.get_by_id(g.data['id']).permission):
if g.user.restrict_functions(
Role.get_by_id(g.data['id']).allow_functions):
Role.get_by_id(g.data['id']).delete()
return trueReturn()
else:
return falseReturn(msg='您无法删除权能比自己多的角色')
else:
return falseReturn(msg='您无法删除权限不小于自己的角色')
def rename_role():
if g.user.restrict_permission(Role.get_by_id(g.data['id']).permission):
if g.user.restrict_functions(
Role.get_by_id(g.data['id']).allow_functions):
Role.get_by_id(g.data['id']).rename(g.data['name'])
return trueReturn()
else:
return falseReturn(msg='您无法为权能比自己多的角色更名')
else:
return falseReturn(msg='您无法为权限不小于自己的角色更名')
def edit_role():
if g.user.restrict_permission(g.data['permission']):
if g.user.restrict_functions(g.data['functions']):
Role.get_by_id(g.data['id']).modify_permission(
g.data['permission'])
Role.get_by_id(g.data['id']).modify_functions(g.data['functions'])
return trueReturn()
else:
return falseReturn(msg='您无法为角色分配自己没有的权能')
else:
return falseReturn(msg='您无法为角色分配不小于自身的权限')
def edit_domain():
d = Domain.get_by_id(g.data['id'])
if g.user in d.monitors:
d.modify_members(g.data['members'],g.data['monitors'])
return trueReturn()
else:
return falseReturn(msg='您没有此域的管理权限')
def rename_domain():
d = Domain.get_by_id(g.data['id'])
if g.user in d.monitors:
d.rename(g.data['name'])
return trueReturn()
else:
return falseReturn(msg='您没有此域的更名权限')
def decorator(*args, **kwargs):
for i in g.user.roles:
if func.__name__ in i.allow_functions or i.allow_functions == [
'*'
]: # 懒人标记*
return func(*args, **kwargs)
return falseReturn(None, f'没有使用{func.__name__}的权限', 401)
def remove_domain():
d = Domain.get_by_id(g.data['id'])
if g.user in d.monitors:
d.delete()
return trueReturn()
else:
return falseReturn(msg='您没有此域的删除权限')
def signin():
name = g.data.get("username", "").strip()
password = g.data.get("password", "")
user = Admin.objects(user_id=name).first()
if not user or not user.valid_password(password):
return falseReturn(None, "用户名或密码有误")
return trueReturn({
'user': user.get_base_info(),
'token': generate_jwt(user)
})
def do_sign(): # shift改变排班的week只是记签到目的week,不作为判断是否允许签到的依据
wk = int(
(datetime.datetime.now() - Admin.objects().first().server_starttime
).total_seconds()) % (86400 * 7)
r = Routine.objects(user=g.user).first()
ima = datetime.datetime.now().timestamp() + 28800
m = []
if r.signtime != r.shift: # 有调班:
if int((ima + 259200) % 604800 / 86400) == int(r.shift / 5) and int(
ima % 86400) in time_table[r.shift % 5]:
if not Sign.objects(user=g.user, week=r.shift_week):
if Sign.create(user=g.user, typ='s', week=r.shift_week):
r = r.recover_shift()
return trueReturn()
else:
r = r.recover_shift()
m.append('【调班】本时间段内签过到')
else:
r = r.recover_shift()
m.append('【调班】本周已签过到')
else:
m.append('【调班】不在签到时段内')
# print(int((ima + 259200) % 604800 / 86400) == int(r.signtime / 5))
# print(ima % 86400 in time_table[r.signtime % 5])
# print(ima % 86400)
# print(time_table[r.signtime % 5])
if int((ima + 259200) % 604800 / 86400) == int(r.signtime / 5) and int(
ima % 86400) in time_table[r.signtime % 5]:
if not Sign.objects(user=g.user, week=wk):
if Sign.create(user=g.user, typ='n', week=wk):
return trueReturn()
else:
m.append('【正常班次】本时间段内签过到')
return falseReturn(msg='\n'.join(m))
else:
m.append('【正常班次】本周已签过到')
return falseReturn(msg='\n'.join(m))
else:
m.append('【正常班次】不在签到时段内')
return falseReturn(msg='\n'.join(m))
def before_request():
try:
if request.get_data():
g.data = request.get_json(silent=True)
Authorization = request.headers.get('Authorization', None)
print(Authorization)
if Authorization:
token = Authorization
g.token = token
g.user, msg = verify_jwt(token)
else:
pass
except:
traceback.print_exc()
return falseReturn(None, '数据错误')
def remove_user():
u = User.get_by_id(g.data['id'])
if not g.user.restrict_permission(u.max_permission()):
return falseReturn(msg='您无法删除权限不小于自己的用户')
u.delete()
return trueReturn()
def rename_user():
u = User.get_by_id(g.data['id'])
if not g.user.restrict_permission(u.max_permission()):
return falseReturn(msg='您无法重命名权限不小于自己的用户')
u.rename(g.data['name'])
return trueReturn()
def new_role():
if g.user.restrict_permission(g.data['permission']):
Role.new_role(g.data['name'], g.data['permission'])
return trueReturn()
else:
return falseReturn(msg='您无法新建权限不小于自己的角色')
def decorator(*args, **kwargs):
if not g.user:
response = falseReturn(None, '此操作需要登陆', 401)
response.status_code = 401
return response
return func(*args, **kwargs)
def decorator(*args, **kwargs):
for param in params:
if not g.data or not param in g.data:
return falseReturn(None, "缺少参数:{}".format(param))
return func(*args, **kwargs)
def decorator(*args, **kwargs):
try:
return func(*args, **kwargs)
except:
return falseReturn(None, traceback.format_exc())
def change_routine(): # 永久调班
if int(g.data['signtime']) not in range(0, 35):
return falseReturn(msg='值班时间段设置不合法')
u = User.get_by_id(g.data['user'])
Routine.objects(user=u).first().change_signtime(g.data['signtime'])
return trueReturn()
