def show_team():
# 判断用户权限
judge(g.user['level'])
if request.method == 'POST':
team_name = request.form['team_name']
db = get_db()
posts = db.execute(
'''
SELECT t.id,t.team_name,t.team_describe,
(SELECT COUNT(*) FROM user u WHERE u.team_id=t.id) AS team_count
FROM team t WHERE team_name=?
''', (team_name, )).fetchall()
else:
db = get_db()
posts = db.execute('''
SELECT t.id,t.team_name,t.team_describe,
(SELECT COUNT(*) FROM user u WHERE u.team_id=t.id) AS team_count
FROM team t
''').fetchall()
pager_obj = Pagination(request.args.get("page", 1),
len(posts),
request.path,
request.args,
per_page_count=10)
list = posts[pager_obj.start:pager_obj.end]
html = pager_obj.page_html()
return render_template('admin/team/show.html', list=list, html=html)
def not_allow():
# 判断用户权限
judge(g.user['level'])
if request.method == 'POST':
search_name = request.form['search_name']
name = '%' + request.form['name'] + '%'
db = get_db()
# 按员工姓名搜索
if search_name == '按员工姓名搜索':
posts = db.execute(
not_allow_sql + 'AND username LIKE ?' + order_by,
(g.user['username'], name)).fetchall()
# 按请假类型搜索
elif search_name == '按请假类型搜索':
posts = db.execute(
not_allow_sql + 'AND leave_name LIKE ?' + order_by,
(g.user['username'], name)).fetchall()
else:
db = get_db()
posts = db.execute(not_allow_sql + order_by,
(g.user['username'], )).fetchall()
# 分页
pager_obj = Pagination(request.args.get("page", 1),
len(posts),
request.path,
request.args,
per_page_count=10)
posts = posts[pager_obj.start:pager_obj.end]
html = pager_obj.page_html()
return render_template('admin/leave/not_allow.html',
posts=posts,
html=html)
def update_notice(id):
# 判断用户权限
judge(g.user['level'])
# 拿到数据库中的值
db = get_db()
post = get_post(id)
judge3(g.user['id'], post[4])
if request.method == 'POST':
cp_title = request.form['cp_title']
cp_body = request.form['cp_body']
author_id = g.user['id']
# 校验
error = None
if db.execute(
sql + '''
WHERE cp_title = ? AND id != ?
''', (cp_title, id)).fetchone() is not None:
error = '通知信息名称{}已经被使用!'.format(cp_title)
if error is not None:
flash(error)
else:
db.execute(
'UPDATE company SET cp_title = ?, cp_body = ?,author_id = ?'
' WHERE id = ?', (cp_title, cp_body, author_id, id))
db.commit()
return redirect(url_for('company.notice'))
return render_template('admin/notice/update.html', post=post)
def notice():
# 判断用户权限
judge(g.user['level'])
db = get_db()
if request.method == 'POST':
search_name = request.form['search_name']
name = '%' + request.form['name'] + '%'
if search_name == '按标题搜索':
posts = db.execute(
nt_sql + '''
AND cp_title LIKE ?
ORDER BY cp_created DESC
''', (name, )).fetchall()
else:
posts = db.execute(
nt_sql + '''
AND username LIKE ?
ORDER BY cp_created DESC
''', (name, )).fetchall()
else:
posts = db.execute(nt_sql + '''
ORDER BY cp_created DESC
''').fetchall()
# 分页
pager_obj = Pagination(request.args.get("page", 1),
len(posts),
request.path,
request.args,
per_page_count=10)
posts = posts[pager_obj.start:pager_obj.end]
html = pager_obj.page_html()
return render_template('admin/notice/show.html', posts=posts, html=html)
def create_notice():
# 判断用户权限
judge(g.user['level'])
db = get_db()
if request.method == 'POST':
cp_title = request.form['cp_title']
cp_body = request.form['cp_body']
author_id = g.user['id']
# 校验
error = None
if db.execute(
sql + '''
WHERE cp_title = ?
''', (cp_title, )).fetchone() is not None:
error = '通知信息名称{}已经被使用!'.format(cp_title)
if error is not None:
flash(error)
return redirect(url_for('company.create_notice'))
else:
db.execute(
'''
INSERT INTO company (cp_title,cp_body,author_id) VALUES (?,?,?)
''', (cp_title, cp_body, author_id))
db.commit()
return redirect(url_for('company.notice'))
# 默认进入添加页面
else:
return render_template('admin/notice/create.html')
def show_one_more(id):
# 判断用户权限
judge(g.user['level'])
get_post(id)
db = get_db()
posts = db.execute(sql + ''' WHERE u.id =?''', (id, ))
return render_template('admin/personnel/show_more.html', posts=posts)
def create_train():
# 判断用户权限
judge(g.user['level'])
if request.method == 'POST':
train_title = request.form['train_title']
train_body = request.form['train_body']
train_begin_time = request.form['train_begin_time']
train_end_time = request.form['train_end_time']
train_time = request.form['train_time']
author_id = g.user['id']
db = get_db()
# 添加职位校验
error = None
if not train_title:
error = '请填写培训名称.'
elif db.execute('SELECT id FROM train WHERE train_title = ?',
(train_title, )).fetchone() is not None:
error = '培训名称: {} 已经被使用。'.format(train_title)
if error is None:
# 将值插入到数据库
db.execute(
'''
INSERT INTO train (train_title, train_body,train_begin_time,train_end_time,train_time,author_id) VALUES (?,?,?,?,?,?)
''', (train_title, train_body, train_begin_time,
train_end_time, train_time, author_id))
db.commit()
return redirect(url_for('train.show_train'))
flash(error)
return render_template('admin/train/create.html')
def delete(id):
# 判断用户权限
judge(g.user['level'])
get_post(id)
db = get_db()
db.execute('DELETE FROM user WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('personnel.show'))
def show_more():
# 判断用户权限
judge(g.user['level'])
db = get_db()
posts = db.execute(sql + '''
WHERE cp_level='更多信息'
''')
return render_template('admin/home/show_more.html', posts=posts)
def delete_notice(id):
# 判断用户权限
judge(g.user['level'])
get_post(id)
db = get_db()
db.execute('DELETE FROM company WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('company.notice'))
def show_more_notice(id):
# 判断用户权限
judge(g.user['level'])
get_post(id)
db = get_db()
posts = db.execute(nt_sql + '''
AND c.id=?
''', (id, )).fetchall()
return render_template('admin/notice/show_more.html', posts=posts)
def show():
# 判断用户权限
judge(g.user['level'])
db = get_db()
if request.method == 'POST':
search_name = request.form['search_name']
# 变成模糊搜索格式
name = '%' + request.form['name'] + '%'
# 按姓名搜索
if search_name == '按姓名搜索':
posts = db.execute(sql + '''WHERE u.username LIKE ?''',
(name, )).fetchall()
# 按性别搜索
elif search_name == '按性别搜索':
posts = db.execute(sql + '''WHERE u.sex LIKE ?''',
(name, )).fetchall()
# 按权限搜索
elif search_name == '按权限搜索':
posts = db.execute(sql + '''WHERE u.level LIKE ?''',
(name, )).fetchall()
# 按职位搜索
elif search_name == '按职位搜索':
posts = db.execute(sql + '''WHERE p_name LIKE ?''',
(name, )).fetchall()
# 按所属团队搜索
elif search_name == '按所属团队搜索':
posts = db.execute(sql + '''WHERE t_name LIKE ?''',
(name, )).fetchall()
# 按所属部门搜索
elif search_name == '按所属部门搜索':
posts = db.execute(sql + '''WHERE d_name LIKE ?''',
(name, )).fetchall()
# 默认条件下展示所有员工
else:
posts = db.execute(sql).fetchall()
'''
current_page——表示当前页。
total_count——表示数据总条数。
base_url——表示分页URL前缀,请求的前缀获取可以通过Flask的request.path方法,无需自己指定。
例如:我们的路由方法为@app.route('/test'),request.path方法即可获取/test。
params——表示请求传入的数据,params可以通过request.args动态获取。
例如:我们链接点击为:http://localhost:5000/test?page=10,此时request.args获取数据为ImmutableMultiDict([('page', u'10')])
per_page_count——指定每页显示数。
max_pager_count——指定页面最大显示页码
'''
# 分页
pager_obj = Pagination(request.args.get("page", 1),
len(posts),
request.path,
request.args,
per_page_count=10)
list = posts[pager_obj.start:pager_obj.end]
html = pager_obj.page_html()
return render_template('admin/personnel/show.html', list=list, html=html)
def update_more(id):
# 判断用户权限
judge(g.user['level'])
# 拿到数据库中的值
post = get_post(id)
if request.method == 'POST':
cp_title = request.form['cp_title']
cp_body = request.form['cp_body']
db = get_db()
db.execute(
'UPDATE company SET cp_title = ?, cp_body = ?'
' WHERE id = ?', (cp_title, cp_body, id))
db.commit()
return redirect(url_for('company.show_more'))
return render_template('admin/home/update_more.html', post=post)
def delete_team(id):
# 判断用户权限
judge(g.user['level'])
post = get_post(id)
db = get_db()
error = None
if db.execute('''
SELECT id FROM user WHERE team_id=?
''', (id, )).fetchone() is not None:
error = '删除失败,仍有员工在团队{}中!'.format(post[1])
if error is None:
db.execute('DELETE FROM team WHERE id = ?', (id, ))
db.commit()
else:
flash(error)
return redirect(url_for('team.show_team'))
def not_allow_describe(id):
# 判断用户权限
judge(g.user['level'])
post = get_post(id)
judge2(g.user['username'], post[1])
if request.method == 'POST':
allow_name = g.user['username']
allow_level = request.form['allow_level']
not_allow_describe = request.form['not_allow_describe']
db = get_db()
# 将值插入到数据库
db.execute(
'UPDATE leave SET allow_name = ?, allow_level = ?,not_allow_describe=?'
' WHERE id = ?', (allow_name, allow_level, not_allow_describe, id))
db.commit()
return redirect(url_for('leave.not_allow'))
return render_template('admin/leave/level.html')
def show_train():
# 判断用户权限
judge(g.user['level'])
db = get_db()
if request.method == 'POST':
train_title = request.form['train_title']
posts = db.execute(
'''
SELECT t.id,train_title,train_time,username
FROM train t user u WHERE author_id=u.id AND t.train_title=?
''', (train_title, ))
return render_template('admin/train/show.html', posts=posts)
else:
posts = db.execute('''
SELECT t.id,train_title,train_time,create_time,
(SELECT COUNT(*) FROM user u WHERE join_id=u.id) AS count_join,
(SELECT username FROM user u WHERE author_id=u.id) AS author
FROM train t
''')
return render_template('admin/train/show.html', posts=posts)
def create_team():
# 判断用户权限
judge(g.user['level'])
if request.method == 'POST':
team_name = request.form['team_name']
team_describe = request.form['team_describe']
db = get_db()
# 添加团队校验
error = None
if db.execute('SELECT id FROM team WHERE team_name = ?',
(team_name, )).fetchone() is not None:
error = '团队名称{}已经被使用!'.format(team_name)
if error is None:
# 将值插入到数据库
db.execute(
'INSERT INTO team (team_name, team_describe) VALUES (?, ?)',
(team_name, team_describe))
db.commit()
return redirect(url_for('team.show_team'))
else:
flash(error)
return render_template('admin/team/create.html')
def update_team(id):
# 判断用户权限
judge(g.user['level'])
# 拿到数据库中的id,team_name,team_describe
post = get_post(id)
if request.method == 'POST':
team_name = request.form['team_name']
team_describe = request.form['team_describe']
db = get_db()
# 校验
error = None
if db.execute('SELECT id FROM team WHERE team_name = ? AND id != ?',
(team_name, id)).fetchone() is not None:
error = '团队名称{}已经被使用!'.format(team_name)
if error is not None:
flash(error)
else:
db.execute(
'UPDATE team SET team_name = ?, team_describe = ?'
' WHERE id = ?', (team_name, team_describe, id))
db.commit()
return redirect(url_for('team.show_team'))
return render_template('admin/team/update.html', post=post)
def index():
# 判断用户权限
judge(g.user['level'])
return render_template('admin/index.html')
def update(id):
# 判断用户权限
judge(g.user['level'])
# 拿到数据库中的id,username,level
post = get_post(id)
db = get_db()
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
sex = request.form['sex']
level = request.form['level']
money = request.form['money']
birthday = request.form['birthday']
work_begin_day = request.form['work_begin_day']
team_name = request.form['team_name']
dp_name = request.form['dp_name']
pt_name = request.form['pt_name']
tel = request.form['tel']
email = request.form['email']
# 拿到team的id
team_post = db.execute(
'''
SELECT id FROM team WHERE team_name=?
''', (team_name, )).fetchone()
# 将team表的id赋值给user表的team_id
team_id = team_post[0]
# 拿到部门的id
dp_post = db.execute(
'''
SELECT id FROM department WHERE dp_name=?
''', (dp_name, )).fetchone()
# 将department表的id赋值给user表的dp_id
dp_id = dp_post[0]
# 拿到职位的id
pt_post = db.execute(
'''
SELECT id FROM position WHERE pt_name=?
''', (pt_name, )).fetchone()
# 将position表的id赋值给user表的pt_id
pt_id = pt_post[0]
db = get_db()
# 校验
error = None
if db.execute('SELECT id FROM user WHERE username = ? AND id != ?',
(username, id)).fetchone() is not None:
error = '用户名{}已经被注册.'.format(username)
if error is not None:
flash(error)
else:
posts = db.execute('SELECT dp_name FROM department')
team_posts = db.execute('SELECT team_name FROM team')
pt_posts = db.execute('SELECT pt_name FROM position')
db.execute(
'''
UPDATE
user
SET
username = ?, password = ?,sex=?,level=?,money=?,birthday=?,work_begin_day=?,team_id=?,pt_id=?,dp_id=?,tel=?,email=?
WHERE
id = ?
''', (username, generate_password_hash(password), sex, level,
money, birthday, work_begin_day, team_id, pt_id, dp_id,
tel, email, id))
db.commit()
return redirect(url_for('personnel.show'))
else:
# 当前用户部门的部门名称
dp_fact = db.execute('SELECT dp_name FROM department WHERE id=?',
(post['dp_id'], ))
# 其他部门的名称
dp_others = db.execute('SELECT dp_name FROM department WHERE id!=?',
(post['dp_id'], ))
# 当前用户团队的团队名称
team_fact = db.execute('SELECT team_name FROM team WHERE id=?',
(post['team_id'], ))
# 其他团队的名称
team_others = db.execute('SELECT team_name FROM team WHERE id!=?',
(post['team_id'], ))
# 当前用户职位的职位名称
pt_fact = db.execute('SELECT pt_name FROM position WHERE id=?',
(post['pt_id'], ))
# 其他职位的名称
pt_others = db.execute('SELECT pt_name FROM position WHERE id!=?',
(post['pt_id'], ))
return render_template('admin/personnel/update.html',
post=post,
dp_fact=dp_fact,
dp_others=dp_others,
team_fact=team_fact,
team_others=team_others,
pt_fact=pt_fact,
pt_others=pt_others)
def create():
# 判断用户权限
judge(g.user['level'])
db = get_db()
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
sex = request.form['sex']
level = request.form['level']
money = request.form['money']
birthday = request.form['birthday']
work_begin_day = request.form['work_begin_day']
team_name = request.form['team_name']
dp_name = request.form['dp_name']
pt_name = request.form['pt_name']
tel = request.form['tel']
email = request.form['email']
# 拿到team的id
team_post = db.execute(
'''
SELECT id FROM team WHERE team_name=?
''', (team_name, )).fetchone()
# 将team表的id赋值给user表的team_id
team_id = team_post[0]
# 拿到部门的id
dp_post = db.execute(
'''
SELECT id FROM department WHERE dp_name=?
''', (dp_name, )).fetchone()
# 将department表的id赋值给user表的dp_id
dp_id = dp_post[0]
# 拿到职位的id
pt_post = db.execute(
'''
SELECT id FROM position WHERE pt_name=?
''', (pt_name, )).fetchone()
# 将position表的id赋值给user表的pt_id
pt_id = pt_post[0]
# 添加员工校验
error = None
# 验证员工姓名
if db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = '用户名{}已经被注册!'.format(username)
# 验证部门
elif dp_name == '请先添加部门':
error = '请先添加部门'
# 验证团队
elif team_name == '请先添加团队':
error = '请先添加团队'
# 验证职位
elif pt_name == '请先添加职位':
error = '请先添加职位'
if error is None:
# 将注册值插入到数据库
db.execute(
'INSERT INTO user (username, password,sex,level,money,birthday,work_begin_day,team_id,pt_id,dp_id,tel,email) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)',
(username, generate_password_hash(password), sex, level, money,
birthday, work_begin_day, team_id, pt_id, dp_id, tel, email))
db.commit()
return redirect(url_for('personnel.show'))
flash(error)
return redirect(url_for('personnel.create'))
else:
# 拿到部门的数据
posts = db.execute('SELECT dp_name FROM department').fetchall()
# 判断是否有部门
if len(posts) == 0:
po = ('请先添加部门', )
posts.append(po)
# 拿到团队的数据
team_posts = db.execute('SELECT team_name FROM team').fetchall()
# 判断是否有团队
if len(team_posts) == 0:
po = ('请先添加团队', )
team_posts.append(po)
# 拿到职位的信息
pt_posts = db.execute('SELECT pt_name FROM position').fetchall()
# 判断是否有职位
if len(pt_posts) == 0:
po = ('请先添加职位', )
pt_posts.append(po)
return render_template('admin/personnel/create.html',
posts=posts,
team_posts=team_posts,
pt_posts=pt_posts)
