def assign_user(role_id):
role = Role.query.filter_by(id=role_id).first()
if role:
if request.json.get("user_ids"):
change_users = User.query.filter(User.id.in_(request.json.get("user_ids"))).all()
assigned_users = set(role.user)
if request.json.get("action") == "add":
for change_user in change_users:
assigned_users.add(change_user)
elif request.json.get("action") == "remove":
for change_user in change_users:
if change_user in role.user:
assigned_users.remove(change_user)
role.user = list(assigned_users)
available_users = User.query.all()
if role.user:
for user in role.user:
if user in available_users:
available_users.remove(user)
try:
db.session.add(role)
db.session.commit()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.ROLE_ASSIGN_USER_FAILED)
role.user = sorted(role.user, key=lambda x: x.id)
setattr(role, "assigned_users", role.user)
setattr(role, "available_users", available_users)
return generate_response(data=role_with_user_schema.dump(role))
return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def disable_device(device_id):
device = Device.query.filter_by(id=device_id).first()
if device:
claims = get_jwt_claims()
user_id = claims['id']
result = redis_client.hget("user_{user_id}".format(user_id=user_id), "roles")
if result:
roles = json.loads(result.decode('utf-8'))
if "admin" in roles or device.owner_id == user_id:
if request.json.get("disable") == "true":
details = "禁用设备。"
device.status = 0
else:
details = "启用设备。"
device.status = 1
try:
db.session.add(device)
db.session.commit()
device_log = DeviceLog(device_id=device.id, operator_id=user_id,
details=details)
db.session.add(device_log)
db.session.commit()
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.DISABLE_DEVICE_FAILED)
def user_assign_role(user_id):
user = User.query.filter(User.id == user_id).first()
if user:
if request.json.get("role_ids"):
change_roles = Role.query.filter(Role.id.in_(request.json.get("role_ids"))).all()
assigned_roles = set(user.roles)
if request.json.get("action") == "add":
for change_role in change_roles:
assigned_roles.add(change_role)
elif request.json.get("action") == "remove":
for change_role in change_roles:
if change_role in user.roles:
assigned_roles.remove(change_role)
user.roles = list(assigned_roles)
available_roles = Role.query.all()
if user.roles:
for role in user.roles:
if role in available_roles:
available_roles.remove(role)
try:
db.session.add(user)
db.session.commit()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.ROLE_USER_ASSIGN_ROLE_FAILED)
user.roles = sorted(user.roles, key=lambda x: x.id)
setattr(user, "assigned_roles", user.roles)
setattr(user, "available_roles", available_roles)
return generate_response(data=user_with_role_schema.dump(user))
return generate_response(Code.GET_USER_PROFILE_FAILED)
def add_device():
device = Device(type=request.json.get("type"),
brand=request.json.get("brand"),
model=request.json.get("model"),
os=request.json.get("os"),
os_version=request.json.get("os_version"),
resolution=request.json.get("resolution"),
asset_no=request.json.get("asset_no"),
root=request.json.get("root"),
location=request.json.get("location"),
owner_id=request.json.get("owner").get("id") if request.json.get("owner") else None,
current_user_id=request.json.get("current_user").get("id") if request.json.get(
"current_user") else None,
desc=request.json.get("desc"))
if device.resolution:
device.resolution = str(device.resolution).replace("*", "×")
try:
db.session.add(device)
db.session.commit()
device_dump = device_schema.dump(device)
# 添加日志
claims = get_jwt_claims()
details = "添加设备。状态:{status},".format(status=device_status[device.status])
if device.owner:
details += "所属者:{owner},".format(owner=device.owner.username)
if device.current_user:
details += "当前使用者:{current_user}".format(current_user=device.current_user.realname)
device_log = DeviceLog(device_id=device.id, operator_id=claims['id'], details=details)
db.session.add(device_log)
db.session.commit()
return generate_response(data=device_dump)
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.ADD_DEVICE_FAILED)
def assign_permission(role_id):
role = Role.query.filter_by(id=role_id).first()
if role:
if request.json.get("permission_ids"):
change_permissions = Permission.query.filter(Permission.id.in_(request.json.get("permission_ids"))).all()
assigned_permissions = set(role.permissions)
if request.json.get("action") == "add":
for change_permission in change_permissions:
assigned_permissions.add(change_permission)
elif request.json.get("action") == "remove":
for change_permission in change_permissions:
if change_permission in role.permissions:
assigned_permissions.remove(change_permission)
role.permissions = list(assigned_permissions)
available_permissions = Permission.query.all()
if role.permissions:
for permission in role.permissions:
if permission in available_permissions:
available_permissions.remove(permission)
try:
db.session.add(role)
db.session.commit()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.ROLE_ASSIGN_PERMISSION_FAILED)
role.permissions = sorted(role.permissions, key=lambda x: x.id)
setattr(role, "assigned_permissions", role.permissions)
setattr(role, "available_permissions", available_permissions)
return generate_response(data=role_schema.dump(role))
return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def wrapper(*args, **kwargs):
if location in ["args", "json"]:
validate_result = schema.validate(
request.__getattr__(location))
if validate_result:
return generate_response(data=validate_result,
code_msg=Code.PARAMS_ERROR), 400
return func(*args, **kwargs)
return generate_response(data="request非args、json来源",
code_msg=Code.PARAMS_ERROR), 400
def delete_role(role_id):
role = Role.query.filter_by(id=role_id).first()
if role:
try:
db.session.delete(role)
db.session.commit()
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def update_device(device_id):
exist_device = Device.query.filter_by(id=device_id).first()
if exist_device:
# 若当前使用者有变更,需要取消原有用户对该设备的申请记录
if request.json.get("current_user") and request.json.get("current_user").get(
"id") != exist_device.current_user_id:
apply_records = DeviceApplyRecord.query.filter_by(applicant_id=request.json.get("current_user").get("id"),
device_id=device_id).filter(
DeviceApplyRecord.status.in_([2, 4, 6])).all()
if apply_records:
for record in apply_records:
record.status = 0
db.session.add(record)
db.session.commit()
# 变更日志
details = "修改设备。"
if request.json.get("owner") and request.json.get("owner").get("id") != exist_device.owner_id:
details += "所属者:{owner} ==> {new_owner},".format(owner=exist_device.owner.username,
new_owner=request.json.get("owner").get("realname"))
if request.json.get("current_user") and request.json.get("current_user").get(
"id") != exist_device.current_user_id:
details += "当前使用者:{current_user} ==> {new_current_user}".format(
current_user=exist_device.current_user.username,
new_current_user=request.json.get("current_user").get("realname"))
exist_device.type = request.json.get("type")
exist_device.brand = request.json.get("brand")
exist_device.model = request.json.get("model")
exist_device.os = request.json.get("os")
exist_device.os_version = request.json.get("os_version")
exist_device.resolution = request.json.get("resolution")
exist_device.asset_no = request.json.get("asset_no")
exist_device.root = request.json.get("root")
exist_device.location = request.json.get("location")
exist_device.owner_id = request.json.get("owner").get("id") if request.json.get("owner") else None
exist_device.current_user_id = request.json.get("current_user").get("id") if request.json.get(
"current_user") else None
exist_device.desc = request.json.get("desc")
if exist_device.resolution:
exist_device.resolution = str(exist_device.resolution).replace("*", "×")
try:
db.session.add(exist_device)
db.session.commit()
device_dump = device_schema.dump(exist_device)
claims = get_jwt_claims()
device_log = DeviceLog(device_id=exist_device.id, operator_id=claims['id'],
details=details)
db.session.add(device_log)
db.session.commit()
return generate_response(data=device_dump)
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.UPDATE_DEVICE_FAILED)
def get_role(role_id):
role = Role.query.filter_by(id=role_id).first()
if role:
available_permissions = Permission.query.all()
if role.permissions:
for permission in role.permissions:
if permission in available_permissions:
available_permissions.remove(permission)
setattr(role, "assigned_permissions", role.permissions)
setattr(role, "available_permissions", available_permissions)
return generate_response(data=role_schema.dump(role))
return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def apply(device_id):
claims = get_jwt_claims()
applicant_id = claims['id']
device = Device.query.filter_by(id=device_id).filter(
Device.status != 0).first()
if device:
# 有apply_id,则修改申请
if request.json.get("apply_id"):
apply_record = DeviceApplyRecord.query.filter_by(
id=request.json.get("apply_id"),
device_id=device_id,
applicant_id=applicant_id,
status=3).first()
if apply_record:
apply_record.start_time = request.json.get("start_time")
apply_record.end_time = request.json.get("end_time")
apply_record.application_desc = request.json.get(
"application_desc")
apply_record.status = 1
details = "修改申请。"
else:
return generate_response(code_msg=Code.APPLY_FAILED)
else:
apply_records = DeviceApplyRecord.query.filter_by(
device_id=device_id, applicant_id=applicant_id).filter(
not_(DeviceApplyRecord.status.in_([0, 5]))).all()
# 同一用户不允许多次申请同一设备
if apply_records:
return generate_response(code_msg=Code.APPLY_DEVICE_DUPLICATE)
else:
apply_record = DeviceApplyRecord(
device_id=device_id,
applicant_id=applicant_id,
start_time=request.json.get("start_time"),
end_time=request.json.get("end_time"),
application_desc=request.json.get("application_desc"))
details = "申请设备。"
try:
db.session.add(apply_record)
db.session.commit()
device_log = DeviceLog(device_id=device.id,
operator_id=applicant_id,
details=details)
db.session.add(device_log)
db.session.commit()
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.APPLY_FAILED)
else:
return generate_response(code_msg=Code.APPLY_DEVICE_NOT_READY)
def add_role():
role = Role.query.filter_by(name=request.json.get("name")).first()
if role:
return generate_response(code_msg=Code.ROLE_EXIST)
role = Role(name=request.json.get("name"), desc=request.json.get("desc"))
try:
db.session.add(role)
db.session.commit()
return generate_response(data=role_schema.dump(role))
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.ROLE_ADD_FAILED)
def update_password(user_id):
claims = get_jwt_claims()
if user_id != claims['id']:
return generate_response(code_msg=Code.PERMISSION_DENIED), 403
user = User.query.filter_by(id=user_id).first()
if user and user.password == request.json.get("old_password"):
user.password = request.json.get("new_password")
try:
db.session.add(user)
db.session.commit()
redis_client.set("user_token_expired_{id}".format(id=user_id),
'true',
ex=current_app.config['JWT_ACCESS_TOKEN_EXPIRES'])
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.PASSWORD_NOT_CORRECT)
def cancel(apply_id):
claims = get_jwt_claims()
applicant_id = claims['id']
apply_record = DeviceApplyRecord.query.filter_by(id=apply_id).first()
# 只能取消自己申请的
if apply_record and apply_record.applicant_id == applicant_id:
apply_record.status = 0
try:
db.session.add(apply_record)
db.session.commit()
device_log = DeviceLog(device_id=apply_record.device_id,
operator_id=applicant_id,
details="取消申请。")
db.session.add(device_log)
db.session.commit()
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.APPLY_DEVICE_CANCEL_FAILED)
def return_back(apply_id):
claims = get_jwt_claims()
applicant_id = claims['id']
apply_record = DeviceApplyRecord.query.filter_by(id=apply_id).first()
# 只有申请通过、归还不通过状态才可以进行归还
if apply_record and apply_record.applicant_id == applicant_id and apply_record.status in [
2, 6
]:
apply_record.status = 4
try:
db.session.add(apply_record)
db.session.commit()
device_log = DeviceLog(device_id=apply_record.device_id,
operator_id=applicant_id,
details="归还设备。")
db.session.add(device_log)
db.session.commit()
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.APPLY_DEVICE_RETURN_FAILED)
def update_user(user_id):
user = User.query.filter_by(id=user_id).first()
if user:
user.username = request.json.get("username", user.username)
user.realname = request.json.get("realname", user.realname)
user.email = request.json.get("email", user.email)
user.status = request.json.get("status", user.status)
try:
db.session.add(user)
db.session.commit()
# 若禁用了,则不允许登录
if user.status == 0:
redis_client.set(
"user_token_expired_{id}".format(id=user_id),
'true',
ex=current_app.config['JWT_ACCESS_TOKEN_EXPIRES'])
redis_client.expire("user_{id}".format(id=user_id), 1)
return generate_response(data=user_schema.dump(user))
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.UPDATE_USER_PROFILE_FAILED)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
# admin角色可以访问所有
result = redis_client.hget(
"user_{user_id}".format(user_id=claims['id']), "roles")
if result:
roles = json.loads(result.decode('utf-8'))
if "admin" in roles:
return func(*args, **kwargs)
# 或者有操作权限
permissions = get_permissions_from_redis(claims['id'])
if permission in permissions:
return func(*args, **kwargs)
return generate_response(code_msg=Code.PERMISSION_DENIED), 403
def get_device(device_id):
device = Device.query.filter_by(id=device_id).first()
if device:
return generate_response(data=device_schema.dump(device))
return generate_response(code_msg=Code.GET_DEVICE_FAILED)
def audit(apply_id):
claims = get_jwt_claims()
auditor_id = claims['id']
apply_record = DeviceApplyRecord.query.filter_by(id=apply_id).first()
device = Device.query.filter_by(id=apply_record.device_id).first()
# 审批“申请中”、“归还中”
if apply_record and apply_record.status in [1, 4] and device:
auditor_is_admin = False
audit_or_not = False
result = redis_client.hget("user_{user_id}".format(user_id=auditor_id),
"roles")
if result:
roles = json.loads(result.decode('utf-8'))
if "admin" in roles:
auditor_is_admin = True
# admin角色可以审批所有申请、归还记录
if auditor_is_admin:
audit_or_not = True
else:
# 非admin角色只能处理owner是自己的申请、归还记录。
if device.owner_id == auditor_id:
audit_or_not = True
if audit_or_not:
# 审批申请
if apply_record.status == 1:
apply_record.apply_audit_reason = request.json.get("reason")
apply_record.apply_auditor_id = auditor_id
if request.json.get("approval") == 1:
apply_record.status = 2
device.current_user_id = apply_record.applicant_id
# 若借用出去,且current_user!=owner,状态变成借用中。
if device.current_user_id != device.owner_id:
device.status = 2
details = "通过{applicant}的申请".format(
applicant=apply_record.applicant.realname)
else:
apply_record.status = 3
details = "拒绝{applicant}的申请".format(
applicant=apply_record.applicant.realname)
# 审批归还
else:
apply_record.return_audit_reason = request.json.get("reason")
apply_record.return_auditor_id = auditor_id
if request.json.get("approval") == 1:
apply_record.status = 5
device.current_user_id = None
details = "通过{applicant}的归还".format(
applicant=apply_record.applicant.realname)
else:
apply_record.status = 6
details = "拒绝{applicant}的归还".format(
applicant=apply_record.applicant.realname)
try:
db.session.add(apply_record)
db.session.add(device)
db.session.commit()
device_log = DeviceLog(device_id=device.id,
operator_id=claims['id'],
details=details)
db.session.add(device_log)
db.session.commit()
return generate_response()
except Exception as e:
current_app.logger.error(str(e))
db.session.rollback()
return generate_response(code_msg=Code.APPLY_DEVICE_AUDIT_FAILED)
def get_user(user_id):
user = User.query.filter_by(id=user_id).first()
if user:
return generate_response(data=user_schema.dump(user))
return generate_response(code_msg=Code.GET_USER_PROFILE_FAILED)
