def account_lists(): if not g.user.can_visit('system'): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) company = g.user.company if request.method == 'GET': users = User.query.filter_by(company_id=company.id, role_id=UserRole.ROLE_NORMAL).all() data = [{ 'id': user.id, 'account': user.username, 'permission': json.loads(user.permission), 'remark': user.remark } for user in users] return success_result(data) elif request.method == 'POST': params = request.get_json() or request.form if params.get('account') is None: return error_result(ErrorCode.ERROR_INVALID_PARAM) user = User.query.filter_by(username=params.get('account')).first() if user: return error_result(ErrorCode.ERROR_USERNAME_EXISTED) try: user = User(company_id=company.id, role_id=UserRole.ROLE_NORMAL, permission=json.dumps(params['permission']), remark=params['remark'], password_reseted=False, username=params['account'], password='******') except: return error_result(ErrorCode.ERROR_INVALID_PARAM) db.session.add(user) db.session.commit() return success_result({})
def screen_detail(sid): company = g.user.company screen = Screen.query.filter(Screen.company_id == company.id, Screen.id == sid).first() if screen is None: return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST) if request.method == 'GET': return success_result(screen.get_json()) elif request.method == 'PUT': params = request.get_json() fields = ('box_id', 'name', 'camera_name', 'camera_address', 'camera_position', 'network_switcher', 'network_switcher_token' 'description', 'allow_all_subjects', 'allow_visitor', 'allowed_subject_ids') screen.update(fields, params) screen.display_devices.update({'reload_timestamp': g.TIMESTAMP}) db.session.add(screen) update_company_data_version(company) return success_result(screen.get_json()) elif request.method == 'DELETE': content = generate_delete_screen_task_content(company.id, sid) task = Task() task.name = u'删除相机' task.content = content db.session.add(task) db.session.commit() delete_screen.delay(task.id, company.id, sid) return success_result()
def company(company_id): if request.method == 'GET': company = Company.query.get(company_id) data = { "company": company.get_json(), "users": [user.get_json() for user in company.users], "boxes": [box.get_json() for box in company.boxes] } return success_result(data) elif request.method == 'DELETE': return success_result({})
def theme_setting(device_id): company = g.user.company device = DisplayDevice.query.filter_by(id=device_id).first() if not device: return error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST) if request.method == 'GET': return success_result(device.get_json(with_logo=True)) elif request.method == 'PUT': card_theme = request.form.get('card_theme') card_theme_vip = request.form.get('card_theme_vip') photo = request.files.get('photo') logo = request.files.get('logo') theme = request.form.get('theme') # current duration = request.form.get('duration') # stay reset_background = request.form.get('reset_background', 'false') # stay if logo is not None: company.logo = storage.save_image(logo.stream, 'logo') if photo is not None: device.background = save_screen_background(photo) if card_theme is not None: device.card_theme = card_theme if card_theme_vip is not None: device.card_theme_vip = card_theme_vip if theme is not None: device.theme = theme if duration is not None: device.card_duration = int(duration) if reset_background == 'true': device.background = '/static/screen/images/background_blue.png' device.reload_timestamp = g.TIMESTAMP db.session.commit() clear_display_config_cache(device.token) return success_result(device.get_json()) elif request.method == 'DELETE': db.session.delete(device) db.session.commit() return success_result({}) return error_result(ErrorCode.ERROR_NOT_ALLOWED)
def box_versoin_detail(version_id): if request.method == 'GET': version = BoxVersion.query.get(version_id) return success_result(version.get_json()) elif request.method == 'PUT': version = BoxVersion.query.get(version_id) version.config = request.form['config'] try: json.loads(version.config) except: return error_result(error=ErrorCode.ERROR_JSON_INVALID) db.session.add(version) db.session.commit() return success_result({})
def user_info(subject_id): if subject_id is None: subject = g.subject else: subject = g.subject.visitors.filter_by(id=subject_id).first() if subject is None: return abort(404) if request.method == 'GET': attendance = subject.attendances.filter_by(date=date.today()).first() ret = subject.get_json(with_photos=True) ret['holiday'] = is_holiday(g.subject.company_id, date.today()) ret['today'] = time.time() ret['clock_in'] = u'无' ret['clock_out'] = u'无' if attendance and attendance.earliest_record: ret['clock_in'] = timestamp_to_timestring( attendance.earliest_event.timestamp) if attendance and attendance.latest_record: ret['clock_out'] = timestamp_to_timestring( attendance.latest_event.timestamp) ret['boxes'] = [box.get_json() for box in subject.company.boxes] return success_result(ret) elif request.method == 'PUT': params = request.form or request.get_json() fields = ('description', 'avatar', 'start_time', 'end_time', 'title', 'gender', 'department', 'name', 'email', 'phone', 'purpose', 'interviewee', 'come_from', 'job_number', 'remark', 'visit_notify', 'subject_type') subject.update(fields, params) if params.get('birthday'): subject.birthday = date.fromtimestamp(int(params['birthday'])) db.session.add(subject) db.session.commit() update_company_data_version(subject.company, subject.id) return success_result(subject.get_json()) elif request.method == 'DELETE': subject = Subject.query.get(subject_id) if subject is None: return abort(404) if g.subject.visitors.filter_by(id=subject_id).first() is None: return error_result(ErrorCode.ERROR_NOT_ALLOWED) for photo in subject.photos: storage.remove(photo.url) company = subject.company db.session.delete(subject) db.session.commit() update_company_data_version(company, subject.id) return success_result()
def company_info(cid): if cid not in g.user.organization.company_ids: return error_result(ErrorCode.ERROR_COMPANY_NOT_IN_ORGANIZATION) user = User.query.filter_by(company_id=cid, role_id=UserRole.ROLE_ADMIN).first() params = request.form or request.get_json() or request.args username = params.get('username') password = params.get('password') name = params.get('name') remark = params.get('remark') if username or password: if username: user.username = username if password: user.password = password db.session.add(user) if name or remark: company = Company.query.get(cid) if name: company.name = name if remark: company.remark = remark db.session.add(company) db.session.commit() return success_result({})
def get_display_device_info(): params = request.args or request.get_json() or request.form token = params.get('device_token') if not token: resp = error_result(ErrorCode.ERROR_INVALID_PARAM) else: device = DisplayDevice.query.filter_by(token=token).first() if not device: resp = error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST) else: # prevent db from being updated too frequently if g.TIMESTAMP > device.heartbeat + 60: device.heartbeat = g.TIMESTAMP db.session.commit() screens = [] for screen in device.screens: screens.append(screen.get_json()) result = { 'screens': screens, 'device': device.get_json() } resp = success_result(result) resp.headers['Access-Control-Expose-Headers'] = 'Etag' if device: resp.headers['ETag'] = 'W/%s' % (device.reload_timestamp + device.display_info_timestamp + device.user_info_timestamp) else: resp.headers['ETag'] = 'W/0' return resp
def get_all_themes(): params = request.args or request.get_json() or request.form device, err = get_device_from_params(params) theme_configs = get_ordered_theme_list(THEME_DIR, device) return success_result({ "theme_config": theme_configs })
def screen_create(): company = g.user.company params = request.get_json() or request.form screen = Screen(company_id=company.id, theme='center', type=ScreenType.CAMERA) fields = ( 'name', 'camera_name', 'camera_address', 'camera_position', 'network_switcher', 'network_switcher_token' 'description', # 'screen_id' ) screen.update(fields, params) try: screen.box_id = int(params.get('box_id')) except: pass screen.token = Screen.create_unique_token() db.session.add(screen) update_company_data_version(company) return success_result(screen.get_json())
def box_facemin_change(box_id): facemin = request.form['facemin'] box = Box.query.get(box_id) box.facemin = facemin db.session.commit() clear_updater_cache(box.box_token) return success_result()
def box_bind(company_id): box_token = request.form.get('box_token') if box_token is None: return error_result(ErrorCode.ERROR_INVALID_PARAM) box = Box.query.filter_by(box_token=box_token).first() if box is None: return error_result(ErrorCode.ERROR_BOX_NOT_EXIST) box.company_id = company_id for screen in box.screens: db.session.delete(screen) try: db.session.commit() except IntegrityError: return error_result(ErrorCode.ERROR_COMPANY_NOT_EXIST) #主机的模型用company的模型版本 company = Company.query.get(company_id) box.model = company.feature_version db.session.commit() clear_updater_cache(box.box_token) set_box_bind_cache(box_token) return success_result( box.get_json(with_box_version=True, with_company=True, with_all_screens=True))
def statistics_event(): position = request.args.get('position') page = int(request.args.get('page', 1)) size = int(request.args.get('size', 20)) unique = int(request.args.get('unique', 0)) start_time, end_time = _parse_start_end_time() query = Event.query.filter(Event.company_id == g.user.company_id, Event.timestamp > start_time, Event.timestamp <= end_time) if position: screen = Screen.query.filter_by(camera_position=position).first() if screen is None: return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST) query = query.filter(Event.screen_id == screen.id) events = query.order_by(Event.timestamp.desc()).all() result = [ event.get_json() for event in _filter_events(events, unique=bool(unique)) ] page_info = page_format(Pagination(None, page, size, len(result), None)) result = result[(page - 1) * size:page * size] return success_result(result, page_info)
def add_organization(): params = request.form or request.get_json() or request.args name = params.get('name') remark = params.get('remark') username = params.get('username') password = params.get('password') if not name or not username or not password: return error_result(ErrorCode.ERROR_INVALID_PARAM) if Organization.query.filter_by(name=name).first() is not None: return error_result(ErrorCode.ERROR_ORGANIZATION_ALREADY_EXIST) if User.query.filter_by(username=username).first() is not None: return error_result(ErrorCode.ERROR_USERNAME_EXISTED) org = Organization(name=name, remark=remark, create_time=g.TIMESTAMP) db.session.add(org) db.session.commit() user = User(organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION, username=username, password=password, password_reseted=True) db.session.add(user) db.session.commit() ret = org.get_json() ret['username'] = username return success_result(ret)
def get_organization_list(): params = request.form or request.get_json() or request.args page, size = get_pagination(params) search = params.get('search') query = Organization.query if search: users = User.query.filter(User.username.contains(search)).all() ids = [user.organization_id for user in users] query = query.filter( or_(Organization.name.contains(search), Organization.id.in_(ids))) pagination = query.paginate(page, size) orgs = [] for org in pagination.items: data = org.get_json() data['company_count'] = org.companies.count() user = User.query.filter_by( organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION).first() if user: data['username'] = user.username orgs.append(data) return success_result(orgs, page_format(pagination))
def box_unbind(company_id, box_id): box = Box.query.filter_by(id=box_id, company_id=company_id).first() box.company_id = None box.screens.delete() db.session.commit() clear_sync_local_cache(box.box_token) return success_result({})
def subject_photo_create(): try: payload = request.files['photo'] subject_id = int(request.form['subject_id']) old_photo_id = int(request.form.get('old_photo_id', 0)) except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if not payload: return error_result(ErrorCode.ERROR_INVALID_PARAM) if g.subject.visitors.filter_by(id=subject_id).first() is None: return error_result(ErrorCode.ERROR_NOT_ALLOWED) photo, error = create_user_photo(payload, g.subject.company_id) if error: return error photo.subject_id = subject_id db.session.add(photo) db.session.commit() #delete old photo if old_photo_id: old_photo = Photo.query.get(old_photo_id) if old_photo.subject.inviter_id != g.subject.id: return error_result(ErrorCode.ERROR_NOT_ALLOWED) storage.remove(old_photo.url) db.session.delete(old_photo) db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \ filter(PhotoAlternative.url == old_photo.url).delete() db.session.commit() if subject_id: update_company_data_version(g.subject.company, subject_id) return success_result(photo.get_json())
def visitors(): ret = [] visitors = g.subject.visitors.options(db.eagerload_all( Subject.photos)).all() for visitor in visitors: ret.append(visitor.get_json(with_photos=True)) return success_result(ret)
def get_attendance_list(): params = request.args or request.get_json() or {} try: start = int(params.get('start')) end = int(params.get('end')) status = int(params.get('status', -1)) start_date = date.fromtimestamp(start) end_date = date.fromtimestamp(end) status = int(status) if status != '' else status except: end_date = datetime.now().date() start_date = end_date - timedelta(10) status = -1 subject = g.subject query = Attendance.query.filter(Attendance.subject_id == subject.id, Attendance.date >= start_date, Attendance.date <= end_date) if status != -1: query = build_status_query(query, status) attendances = query.order_by(desc(Attendance.date)).all() records = [ attendance.get_json(with_holiday=True) for attendance in attendances ] result = { 'records': records, } return success_result(result)
def get_attendance_count(): params = request.get_json() or request.form or request.args query = db.session.query(Attendance.date, Attendance.clock_in, Attendance.clock_out, func.count(Attendance.id)) query = _build_query(params, query).group_by(Attendance.date, Attendance.clock_in, Attendance.clock_out) query_result = query.all() result = list() stats = None last_date = None # 添加尾标记 query_result.append([0, 0, 0, 0]) for count in query_result: print count if not count[0] == last_date: if stats is not None: doc = stats.to_dict() doc.update({ 'date': int(time.mktime(last_date.timetuple())), 'weekday': weekdays[last_date.weekday()], }) result.append(doc) stats = AttendanceStats() last_date = count[0] stats.add_attendance(count[1], count[2], count[3]) return success_result(result)
def box_model_change(box_id): model = request.form['model'] box = Box.query.get(box_id) box.model = model db.session.commit() clear_updater_cache(box.box_token) return success_result()
def subject_invite_page(): subject_id = request.args.get('subject_id') token = request.args.get('token') if not subject_id or not token: return "非法请求" try: subject_id = int(subject_id) except: return "非法请求" subject = Subject.query.filter(Subject.id == subject_id, Subject.subject_type != SubjectType.TYPE_EMPLOYEE).first() if not subject: return "链接已失效" if g.TIMESTAMP > subject.end_time or subject.job_number != token: return "链接已失效" if request.method == 'GET': return render_template('page/subject/invite.html', subject=subject.get_json(with_photos=True), error='') elif request.method == 'POST': payload = request.files['photo'] photo, err = create_user_photo(payload, subject.company_id) if err: return err db.session.add(photo) db.session.commit() _update_photos(subject, [photo.id]) update_company_data_version(subject.company, subject.id) return success_result(photo.get_json())
def subject_new(): params = request.form or request.get_json() try: company_id = g.user.company_id subject_type = int(params['subject_type']) visitor_type = SubjectType.TYPE_VISITOR if params.get('visitor_type') is None else int(params['visitor_type']) name = params.get('name', '') email = params.get('email', '') phone = params.get('phone', '') gender = int(params.get('gender', Gender.MALE)) avatar = params.get('avatar', '') department = params.get('department', '') title = params.get('title', '') description = params.get('description', '') start_time = int(params['start_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0 end_time = int(params['end_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0 photo_ids = params['photo_ids'] if 'photo_ids' in params else [] purpose = int(params.get('purpose', VisitorPurpose.OTHER)) interviewee = params.get('interviewee', '') come_from = params.get('come_from', '') job_number = params.get('job_number', '') remark = params.get('remark', '') birthday = int(params.get('birthday', 0)) entry_date = int(params.get('entry_date', 0)) except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or (subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) # VIP type if subject_type == SubjectType.TYPE_VISITOR: subject_type = visitor_type if email and Subject.query.filter_by(email=email).first(): return error_result(ErrorCode.ERROR_EMAIL_EXISTED) subject = Subject(company_id=company_id, subject_type=subject_type, name=name, email=email, department=department, gender=gender, avatar=avatar, title=title, description=description, start_time=start_time, end_time=end_time, password='******', purpose=purpose, interviewee=interviewee, phone=phone, come_from=come_from, job_number=job_number, remark=remark, create_time=g.TIMESTAMP) if birthday: subject.birthday = datetime.date.fromtimestamp(birthday) if entry_date: subject.entry_date = datetime.date.fromtimestamp(entry_date) if subject.avatar: avatar = storage.save_image_base64(subject.avatar, 'avatar', sync=True) if avatar: subject.avatar = avatar DisplayDevice.query.filter_by(company_id=company_id).update({'user_info_timestamp': g.TIMESTAMP}) try: db.session.add(subject) db.session.commit() update_company_data_version(subject.company, subject.id) _update_photos(subject, photo_ids) return success_result(subject.get_json(with_photos=True)) except: db.session.rollback() return error_result(ErrorCode.ERROR_UNKNOWN)
def subject_import_visitor(): try: file_ = request.files['file'] except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if not g.user.has_permission(AccountPermission.ADD_VISITOR): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) workbook = xlrd.open_workbook(file_contents=file_.read()) sheet = workbook.sheet_by_index(0) success = 0 state_mapping = VisitorPurpose.state_mapping_reverse for i in xrange(1, sheet.nrows): try: row = sheet.row(i) name = row[0].value db.session.add( Subject(name=name, purpose=state_mapping[row[1].value], come_from=row[2].value, phone=row[3].value, interviewee=row[4].value, remark=row[5].value, subject_type=SubjectType.TYPE_VISITOR, company_id=g.user.company_id)) db.session.commit() success += 1 except: import traceback; print traceback.format_exc() pass return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': []})
def subject_list(): company = g.user.company params = request.args ret = get_subject_list(company, params) if ret[0] is None: return error_result(ret[1]) return success_result(ret[0], ret[1])
def subject_import(): try: file_ = request.files['file'] except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if not g.user.has_permission(AccountPermission.ADD_EMPLOYEE): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) workbook = xlrd.open_workbook(file_contents=file_.read()) sheet = workbook.sheet_by_index(0) success = 0 failed = [] for i in xrange(1, sheet.nrows): try: row = sheet.row(i) name = row[0].value email = row[5].value if email and Subject.query.filter_by(email=email).first(): failed.append(dict(name=name, email=email)) continue if not name.strip(): continue db.session.add(Subject(name=name, job_number=row[1].value, department=row[2].value, password='******', title=row[3].value, phone=row[4].value, email=email, description=row[6].value, remark=row[7].value, subject_type=SubjectType.TYPE_EMPLOYEE, company_id=g.user.company_id)) db.session.commit() success += 1 except: import traceback; print traceback.format_exc() return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': failed})
def set_info(): params = request.form or request.get_json() box_token = params.get('box_token') pad_id = params.get('pad_id') position = params.get('position') screen = Screen.query.filter_by(company_id=g.user.company_id, token=pad_id).first() if not screen: return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST) if box_token: box = Box.query.filter_by(box_token=box_token).first() if not box: return error_result(ErrorCode.ERROR_BOX_NOT_EXIST) screen.box_id = box.id if position: screen.camera_position = position fields = ('network_switcher', 'network_switcher_token') screen.update(fields, params) db.session.commit() if params.get('network_switcher') or params.get('network_switcher_token'): update_company_data_version(g.user.company) return success_result({})
def organization_info(oid): org = Organization.query.get(oid) if org is None: return error_result(ErrorCode.ERROR_ORGANIZATION_NOT_EXIST) if request.method == 'GET': user = User.query.filter_by( organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION).first() data = org.get_json() if user: data['username'] = user.username return success_result(data) elif request.method == 'PUT': params = request.form or request.get_json() or request.args username = params.get('username') password = params.get('password') name = params.get('name') remark = params.get('remark') if username is not None or password is not None: user = User.query.filter_by( organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION).first() if user.username != username and User.query.filter_by( username=username).first() is not None: return error_result(ErrorCode.ERROR_USERNAME_EXISTED) if username: user.username = username if password: user.password = password db.session.add(user) if name: org.name = name if remark: org.remark = remark db.session.add(org) db.session.commit() return success_result({}) elif request.method == 'DELETE': db.session.delete(org) db.session.commit() return success_result({})
def login(): params = request.form or request.get_json() try: username = params['username'] password = params['password'] pad_id = params['pad_id'] device_type = int(params['device_type']) if device_type not in [ScreenType.DOOR_PAD, ScreenType.FRONT_PAD]: raise Exception() except: return error_result(ErrorCode.ERROR_INVALID_PARAM) user = User.query.filter_by(username=username).first() if user: if user.check_password(password): if not user.password_reseted: return error_result(ErrorCode.ERROR_PASSWORD_NEED_CHANGE) login_user(user) ret = user.get_json() if pad_id == 'importer': return success_result(ret) screen = Screen.query.filter_by(company_id=user.company_id, token=pad_id).first() if screen is None: screen = Screen( company_id=user.company_id, token=pad_id, name='pad', theme='center', type=device_type, camera_position=ScreenType.get_desc(device_type)) db.session.add(screen) db.session.commit() update_company_data_version(user.company) ret['position'] = screen.camera_position ret['screen_token'] = screen.token ret['boxes'] = [box.get_json() for box in user.company.boxes] ret['company'] = user.company.get_json() return success_result(ret) else: return error_result(ErrorCode.ERROR_PASSWORD_ERROR) else: return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
def user_delete(company_id, user_id): company = Company.query.get(company_id) user = User.query.get(user_id) if user.role_id == UserRole.ROLE_ROOT: return error_result(ErrorCode.ERROR_NOT_ALLOWED) company.users.filter_by(id=user_id).delete() db.session.commit() return success_result({})