def search_is_system(request, is_system):
token = request.META.get("HTTP_TOKEN")
print(token)
print(type(token))
if not token or token == 'null': # 没有传token, 返回系统的
return Regular.objects.filter(is_system=1), True
if is_system is None: # 没有传参
# 判断token的是否为超级管理员
check_token = pd_super_adm_token(request)
if check_token:
return check_token, False
return Regular.objects.all(), True
is_system = int(is_system)
if is_system == 1:
return Regular.objects.filter(is_system=1), True
elif is_system == 0: # 浏览自己添加的信息
# 判断token的可用性
check_token = pd_token(request)
if check_token:
return check_token, False
# 返回该用户的所有非系统regular
return Regular.objects.filter(user_id=request.user, is_system=0), True
elif is_system == 2:
# 判断token的可用性
check_token = pd_token(request)
if check_token:
return check_token, False
# 返回该用户的所有系统以及个人非系统的regular
return Regular.objects.filter(
Q(user_id=request.user, is_system=0) | Q(is_system=1)), True
return response_success_200(message="参数错误"), False
def update_password_by_phone(self, request):
check_token = pd_token(request)
if check_token:
return check_token
phone_number = request.data.get("phone_number")
password = request.data.get("password")
# 检测密码的长度
check = pd_password(password)
if check:
return response_success_200(code=STATUS_400_BAD_REQUEST, message=check)
# 检测手机号是否被注册
if not User.objects.filter(phone_number=phone_number):
return response_success_200(code=STATUS_NOT_FOUND_ERROR, message=f"该手机号({phone_number})未被注册!!")
# 检测验证码是否正确
if not judge_code(phone_number, request.data.get('code')):
message = "验证码不正确"
return response_success_200(code=STATUS_CODE_ERROR, message=message)
# 获得用户信息
instance = self.queryset.get(phone_number=phone_number)
# 如果查询出来的信息和token中的信息不一样,则返回权限不够
if request.user != instance.pk:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message=f"没有权限修改({phone_number})")
# 设置密码
instance.password = my_encode(password)
# 保存
instance.save()
serializer = self.get_serializer(instance)
return response_success_200(message="成功!!!!")
def partial_update(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
resp = super().partial_update(request, *args, **kwargs)
return response_success_200(data=resp.data)
def search_clazz(self, request, *args, **kwargs):
# teacher_pk = Class.objects.get(pk=request.GET.get('clazz')).headmaster.pk
# if request.user is not teacher_pk:
# print(request.user)
# print(teacher_pk)
# return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY, message="这不是您所带班级")
# # 班级
# clazz = request.GET.get("clazz")
# work = Work.objects.filter(clazz=clazz)
check_token = pd_token(request)
if check_token:
return check_token
if request.auth not in [3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够,该token不是辅导员")
try:
clazz = Class.objects.get(headmaster=request.user)
except Class.DoesNotExist:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够,该token不是辅导员!")
work = Work.objects.filter(clazz=clazz)
print(work)
page = self.paginate_queryset(work)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
return self.get_paginated_response(serializer.data)
def destroy(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth >= 0:
return response_success_200(message="没有权限")
super().destroy(request, *args, **kwargs)
return response_success_200(message="删除成功!!")
def create(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if lookup_token(request) is not 1:
return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY,
message="不是学生提交什么作业?")
print(request.data)
resp = super().create(request)
return response_success_200(data=resp.data)
def examine_update(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if lookup_token(request) not in [0, 3]:
return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够")
print(request.data)
resp = super().partial_update(request, *args, **kwargs)
return response_success_200(data=resp.data)
def partial_update(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth not in [-1, -2, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="没有权限")
resp = super().partial_update(request, *args, **kwargs)
return response_success_200(data=resp.data)
def destroy(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if lookup_token(request) not in [-2, -1, 0, 3]:
return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够")
instance = self.get_object()
self.perform_destroy(instance)
return Response(status=status.HTTP_204_NO_CONTENT)
def retrieve_by_token(self, request):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth != 1:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够,该token不是学生")
instance = self.queryset.get(user_id=request.user)
serializer = self.get_serializer(instance)
return response_success_200(data=serializer.data)
def destroy(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth >= 0:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="没有权限")
# return super().destroy(request, *args, **kwargs)
super().destroy(request, *args, **kwargs)
return response_success_200(message="删除成功!!")
def check_pk_and_permission(request, pk):
if pk:
if not Regular.objects.filter(pk=pk):
return response_success_200(code=STATUS_404_NOT_FOUND, message="id未找到")
check_token = pd_token(request)
if check_token:
return check_token
if request.auth >= 0: # 普通用户
if not Regular.objects.filter(user_id=request.user, id=pk):
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有访问权限!!!!!!!!!!!!!!!!!!!!!")
def search(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
# 查询user_id
title = request.GET.get("title")
regular_category = search_title(title)
page = self.paginate_queryset(regular_category)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
return self.get_paginated_response(serializer.data)
def retrieve_by_token(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
# 根据用户id查询用户详情
instance = self.queryset.get(user_id=request.user)
if not instance:
return response_error_400(message="获得用户信息失败")
user_details = self.get_serializer(instance).data
print(user_details)
return response_success_200(data=user_details)
def create(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
# 用户打卡,该用户是否添加了这个打卡项,或者是否为该班级的打卡项,
check = check_insert_info(request)
if check:
return check
# 判断打卡的时间段
resp = super().create(request)
return response_success_200(data=resp.data)
def destroy(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
role = request.auth
if role not in [-2, -1, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="没有权限")
# 先删除用户
check_del = del_user_and_user_details(1, kwargs.get("pk"))
if check_del:
return check_del
# 删除学生
# super().destroy(request, *args, **kwargs)
return response_success_200(message="成功")
def destroy(self, request, *args, **kwargs):
# 需要修改的检测
pk = kwargs['pk']
check_token = pd_token(request)
if check_token:
return check_token
# 检查权限
check = check_authority(self, request, pk)
if check:
return check
# 删除
super().destroy(request, *args, **kwargs)
return response_success_200(message="成功")
def create(self, request, *args, **kwargs):
# 先检测用户输入的时间的规范性
check_time = check_insert_time(request)
if check_time:
return check_time
check_token = pd_token(request)
if check_token:
return check_token
resp = super().create(request)
# 保存用户的id
regular = RegularAddRecord.objects.get(id=resp.data['id'])
regular.user_id = request.user
regular.save()
return response_success_200(data=resp.data, message="添加成功")
def destroy_all2(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
role = request.auth
if role not in [-2, -1, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="没有权限")
# print(request.data)
list = request.data.get("id_list")
print(list)
# # 先删除用户
for i in list:
check_del = del_user_and_user_details(1, int(i))
if check_del:
return check_del
return response_success_200(message="成功")
def create(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if lookup_token(request) not in [0, 3]:
return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够")
# print(request.data)
resp = super().create(request)
clazz = resp.data['clazz']
# print(clazz)
students = Student.objects.filter(clazz=clazz)
# print(students)
for i in students:
UserNoticeSend.send_notice(i.user, 0, resp.data['id'])
return response_success_200(data=resp.data)
def Phone_update(self, request, *args, **kwargs):
phone_number = request.data.get("phone_number")
print(phone_number)
# 判断token
check_token = pd_token(request)
if check_token:
return check_token
# 获得pk
pk = request.user
print(pk)
# 查看id是否存在
if not User.objects.filter(pk=pk):
return response_success_200(code=STATUS_NOT_FOUND_ERROR,
message="id未找到")
User.objects.filter(pk=pk).update(phone_number=phone_number)
return response_success_200(message="修改成功!")
def search(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
# 名字
class_name = request.GET.get("class_name")
clazz = search_name(class_name)
# 学校
school_id = request.GET.get("school_id")
clazz = search_school(school_id, clazz)
page = self.paginate_queryset(clazz)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
return self.get_paginated_response(serializer.data)
def clazz_search(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth not in [-1, -2, 0, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="没有权限")
# 班级
clazz_id = request.GET.get("clazz_id")
student = Student.objects.filter(clazz=clazz_id)
page = self.paginate_queryset(student)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
return self.get_paginated_response(serializer.data)
def search_teacher(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth not in [0, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够,该token不是老师")
# 老师
teacher = Teacher.objects.get(user=request.user).id
work = Work.objects.filter(teacher=teacher)
print(work)
page = self.paginate_queryset(work)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
return self.get_paginated_response(serializer.data)
def search(self, request, *args, **kwargs):
check_token = pd_token(request)
if check_token:
return check_token
# 查询user_id
user_id = request.GET.get("user")
regular_add_record, pd = search_user(request, user_id)
if not pd: # 有错误信息
return regular_add_record
# 查询regular_id
regular_id = request.GET.get("regular")
regular_add_record = search_regular(regular_id, regular_add_record)
page = self.paginate_queryset(regular_add_record)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
return self.get_paginated_response(serializer.data)
def select_student_timetable_by_token(self, request):
# 判断token
check_token = pd_token(request)
if check_token:
return check_token
if request.auth != 1:
return response_success_200(code=STATUS_PARAMETER_ERROR,
message="需要传入学生token")
try:
clazz = Student.objects.get(user_id=request.user).clazz
if not clazz:
return response_success_200(code=STATUS_PARAMETER_ERROR,
message="请先加入班级")
return select_class(self, clazz.id)
except Student.DoesNotExist:
return response_success_200(code=STATUS_PARAMETER_ERROR,
message="未找到该学生")
def add_parent(self, request):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth != 1:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够")
student_id = Student.objects.get(user_id=request.user).id
parent_id = request.data.get('parent_id')
if not Parent.objects.filter(id=parent_id).exists():
return response_success_200(code=STATUS_404_NOT_FOUND,
message="未找到该信息")
print(student_id)
print(parent_id)
self.queryset.get(pk=student_id).parent.add(parent_id)
return response_success_200(message="成功")
def search_clazz_teacher(self, request):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth not in [0, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够")
print(request.user)
techer_id = Teacher.objects.get(user_id=request.user).id
print(techer_id)
clazz = Class.objects.filter(teachers=techer_id)
print(clazz)
page = self.paginate_queryset(clazz)
serializer = self.serializer_class(
page, many=True, context=self.get_serializer_context())
print(serializer.data)
return self.get_paginated_response(serializer.data)
def partial_update(self, request, *args, **kwargs):
# 需要修改的检测
pk = kwargs['pk']
check_token = pd_token(request)
if check_token:
return check_token
# 检查权限
check = check_authority(self, request, pk)
if check:
return check
# 判断时间
check_time = check_update_time(request, pk)
if check_time:
return check_time
resp = super().partial_update(request, *args, **kwargs)
return response_success_200(data=resp.data)
def batch_add_parent(self, request):
check_token = pd_token(request)
if check_token:
return check_token
if request.auth not in [-2, -1, 3]:
return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY,
message="权限不够")
file = request.FILES.get("file")
check_file = batch_add_parent_test(file)
if check_file:
return check_file
excel_data = pd.read_excel(file, header=0, dtype='str')
for dt in excel_data.iterrows():
# print(dt)
a = dt[1]['学生学号']
b = dt[1]['家长ID']
Student.objects.get(id=a).parent.add(b)
return response_success_200(message="成功")
