def subject_photo_create():
try:
payload = request.files['photo']
subject_id = int(request.form['subject_id'])
old_photo_id = int(request.form.get('old_photo_id', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not payload:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if g.subject.visitors.filter_by(id=subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
photo, error = create_user_photo(payload, g.subject.company_id)
if error:
return error
photo.subject_id = subject_id
db.session.add(photo)
db.session.commit()
#delete old photo
if old_photo_id:
old_photo = Photo.query.get(old_photo_id)
if old_photo.subject.inviter_id != g.subject.id:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
storage.remove(old_photo.url)
db.session.delete(old_photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \
filter(PhotoAlternative.url == old_photo.url).delete()
db.session.commit()
if subject_id:
update_company_data_version(g.subject.company, subject_id)
return success_result(photo.get_json())
def user_info(subject_id):
if subject_id is None:
subject = g.subject
else:
subject = g.subject.visitors.filter_by(id=subject_id).first()
if subject is None:
return abort(404)
if request.method == 'GET':
attendance = subject.attendances.filter_by(date=date.today()).first()
ret = subject.get_json(with_photos=True)
ret['holiday'] = is_holiday(g.subject.company_id, date.today())
ret['today'] = time.time()
ret['clock_in'] = u'无'
ret['clock_out'] = u'无'
if attendance and attendance.earliest_record:
ret['clock_in'] = timestamp_to_timestring(
attendance.earliest_event.timestamp)
if attendance and attendance.latest_record:
ret['clock_out'] = timestamp_to_timestring(
attendance.latest_event.timestamp)
ret['boxes'] = [box.get_json() for box in subject.company.boxes]
return success_result(ret)
elif request.method == 'PUT':
params = request.form or request.get_json()
fields = ('description', 'avatar', 'start_time', 'end_time', 'title',
'gender', 'department', 'name', 'email', 'phone', 'purpose',
'interviewee', 'come_from', 'job_number', 'remark',
'visit_notify', 'subject_type')
subject.update(fields, params)
if params.get('birthday'):
subject.birthday = date.fromtimestamp(int(params['birthday']))
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
return success_result(subject.get_json())
elif request.method == 'DELETE':
subject = Subject.query.get(subject_id)
if subject is None:
return abort(404)
if g.subject.visitors.filter_by(id=subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
for photo in subject.photos:
storage.remove(photo.url)
company = subject.company
db.session.delete(subject)
db.session.commit()
update_company_data_version(company, subject.id)
return success_result()
def _update_photos(subject, photos):
photos_exist = set([photo.id for photo in subject.photos])
photos = set(photos)
if photos_exist - photos != set():
useless_photos = Photo.query.filter(Photo.id.in_(photos_exist - photos)).all()
for photo in useless_photos:
storage.remove(photo.url)
db.session.delete(photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == photo.subject_id). \
filter(PhotoAlternative.url == photo.url).delete()
if photos - photos_exist != set():
Photo.query.filter(Photo.id.in_(photos - photos_exist)). \
update({'subject_id': subject.id}, synchronize_session=False)
db.session.commit()
def subject_photo_delete(photo_id):
photo = Photo.query.get(photo_id)
subject = Subject.query.get(photo.subject_id)
if photo is None:
return abort(404)
if g.subject.visitors.filter_by(id=photo.subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
storage.remove(photo.url)
db.session.delete(photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == photo.subject_id).\
filter(PhotoAlternative.url == photo.url).delete()
db.session.commit()
update_company_data_version(g.subject.company, subject.id)
return success_result({})
def subject_photo_create():
try:
payload = request.files['photo']
subject_id = int(request.form.get('subject_id', 0))
old_photo_id = int(request.form.get('old_photo_id', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not payload:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if subject_id:
subject = Subject.query.filter_by(id=subject_id).first()
if subject is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
subject_type = subject.subject_type
if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(
AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
photo, error = create_user_photo(payload, g.user.company_id)
if error:
return error
# delete old photo
if subject_id and old_photo_id:
old_photo = Photo.query.get(old_photo_id)
if old_photo and old_photo.subject_id == subject_id:
storage.remove(old_photo.url)
db.session.delete(old_photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \
filter(PhotoAlternative.url == old_photo.url).delete()
if subject_id:
photo.subject_id = subject_id
db.session.add(photo)
db.session.commit()
if subject_id:
update_company_data_version(g.user.company, subject.id)
return success_result(photo.get_json())
def subject_detail(sid):
params = request.form or request.get_json() or request.args
subject = g.user.company.subjects.filter_by(id=sid).first()
if not subject:
return error_result(ErrorCode.ERROR_SUBJECT_NOT_EXIST)
if request.method == 'GET':
return success_result(subject.get_json(with_photos=True))
subject_type = subject.subject_type
if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
if request.method == 'PUT':
email = params.get('email')
avatar = params.get('avatar')
if email and Subject.query.filter(Subject.id != sid, Subject.email == email).first():
return error_result(ErrorCode.ERROR_EMAIL_EXISTED)
if params.get('visitor_type') is not None:
params['subject_type'] = params['visitor_type']
fields = (
'subject_type',
'description',
'title',
'gender',
'start_time',
'end_time',
'department',
'name',
'email',
'phone',
'purpose',
'interviewee',
'come_from',
'job_number',
'remark'
)
subject.update(fields, params)
if avatar is None:
pass
elif avatar.startswith('http'):
pass
elif avatar == '':
storage.remove(subject.avatar)
subject.avatar = ''
elif avatar.startswith('data:image'):
avatar_url = storage.save_image_base64(avatar, 'avatar', sync=True)
if avatar_url:
storage.remove(subject.avatar)
subject.avatar = avatar_url
DisplayDevice.query.filter_by(company_id=subject.company.id).update({'user_info_timestamp': g.TIMESTAMP})
if 'photo_ids' in params:
_update_photos(subject, params['photo_ids'])
if 'birthday' in params:
subject.birthday = datetime.date.fromtimestamp(int(params['birthday'])) if params['birthday'] else None
if 'entry_date' in params:
subject.entry_date = datetime.date.fromtimestamp(int(params['entry_date'])) if params[
'entry_date'] else None
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
elif request.method == 'DELETE':
for photo in subject.photos:
storage.remove(photo.url)
db.session.delete(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
return success_result(subject.get_json(with_photos=True))