def SubmitForm(request):
try:
IsOk = '1'
try:
key = request.GET['key']
except:
key = None
response = HttpResponse()
curUser = CommonUtils.Current(response, request)
if not key:
item = Pipermissionitem()
item = item.loadJson(request)
item.id = uuid.uuid4()
# user.isstaff = 0
# user.isvisible = 1
# user.isdimission = 0
item.deletemark = 0
item.createon = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
item.createby = curUser.RealName
item.createuserid = curUser.Id
item.modifiedon = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
item.modifiedby = curUser.RealName
item.enabled = 1
returnCode, returnMessage, returnValue = PermissionItemService.Add(None, item)
if returnCode == StatusCode.statusCodeDic['OKAdd']:
response.content = json.dumps({'Success':True, 'Data':str(item.id), 'Message':returnMessage})
return response
else:
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': returnMessage})
return response
else:
item = PermissionItemService.GetEntity(None, key)
if item:
item = item.loadJson(request)
if curUser:
item.modifiedby = curUser.RealName
item.modifieduserid = curUser.Id
item.modifiedon = datetime.datetime.now()
returnCode, returnMessage = PermissionItemService.Update(None, item)
if returnCode == StatusCode.statusCodeDic['OKUpdate']:
response.content = json.dumps({'Success': True, 'Data': IsOk, 'Message': returnMessage})
return response
else:
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': returnMessage})
return response
except Exception as e:
print(e)
response = HttpResponse()
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': FrameworkMessage.MSG3020})
return response
def GetConstraintEntity(resourceCategory, resourceId, tableName, permissionCode = "Resource.AccessPermission"):
entity = None
permissionId = ''
permissionId = PermissionItemService.GetIdByAdd(permissionCode)
dt = Pipermissionscope.objects.filter(Q(resourcecategory=resourceCategory) & Q(resourceid=resourceId) & Q(targetcategory='Table') & Q(targetid=tableName) & Q(permissionid=permissionId) & Q(deletemark=0))
return dt
def GetUserConstraint(userInfo, tableName, permissionCode = "Resource.AccessPermission"):
"""
获取约束条件(所有的约束)
Args:
tableName (string): 表名
permissionCode (string): 权限代码
Returns:
returnValue (): 数据表
"""
returnValue = ''
permissionId = ''
permissionId = PermissionItemService.GetIdByAdd(permissionCode)
roleIds = UserRoleService.GetAllRoleIds(None, userInfo.Id)
if not roleIds or len(roleIds) == 0:
return returnValue
dtPermissionScope = Pipermissionscope.objects.filter(Q(resourcecategory='pirole') & Q(resourceid__in=roleIds) & Q(targetcategory='Table') & Q(targetid=tableName) & Q(permissionid=permissionId) & Q(enabled=1) & Q(deletemark=0))
permissionConstraint = ''
for dataRow in dtPermissionScope:
permissionConstraint = dataRow.permissionconstraint
permissionConstraint = str(permissionConstraint).strip()
if permissionConstraint:
returnValue = returnValue + " AND " + permissionConstraint
#得到当前用户的约束条件
userConstraint = TableColumnsService.GetConstraint('piuser', userInfo.Id, tableName)
if not userConstraint:
userConstraint = ''
else:
returnValue = returnValue + " AND " + userConstraint
if returnValue:
returnValue = str(returnValue)[5:]
returnValue = ConstrainUtil.PrepareParameter(userInfo, returnValue)
return returnValue
def MoveTo(request):
try:
key = request.POST['key']
except:
key = ''
try:
parentId = request.POST['parentId']
except:
parentId = ''
if key and parentId:
returnValue = PermissionItemService.MoveTo(None, key, parentId)
if returnValue:
response = HttpResponse()
response.content = json.dumps({'Success': True, 'Data': '1', 'Message': '移动成功!'})
return response
else:
response = HttpResponse()
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': '移动失败!'})
return response
else:
response = HttpResponse()
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': '移动失败!'})
return response
def GetPermissionItemScop(response, request, permissionItemScopeCode):
vUser = CommonUtils.Current(response, request)
if vUser.IsAdministrator or (not permissionItemScopeCode) or (SystemInfo.EnableUserAuthorizationScope):
dtPermissionItem = PermissionItemService.GetDT(None)
else:
dtPermissionItem = ScopPermission.GetPermissionItemDTByPermissionScope(None, vUser.Id, permissionItemScopeCode)
return dtPermissionItem
def GetEntity(request):
try:
key = request.POST['key']
except:
key = None
entity = PermissionItemService.GetEntity(None, key)
response = HttpResponse()
response.content = entity.toJSON()
return response
def GetPermissionDT(self, moduleId):
"""
获取关联的权限项列表
Args:
moduleId (string): 主键
Returns:
returnValue (Pimodule): 模块实体列表
"""
ids = ModulePermission.GetPermissionIds(self, moduleId)
returnValue = PermissionItemService.GetDTByIds(self, ids)
return returnValue
def GetPermissionItemByIds(request):
permissionItemIds = None
try:
permissionItemIds = request.POST['permissionItemIds']
except:
permissionItemIds = None
response = HttpResponse()
dtPermissionItem = PermissionItemService.GetDTByIds(None, str(permissionItemIds).split(','))
treeData = GetJsonData(dtPermissionItem)
response.content = treeData
return response
def GetIdByAdd(resourceCategory, resourceId, tableName, permissionCode, constraint, enabled = True):
permissionId = PermissionItemService.GetIdByAdd(permissionCode)
# Pipermissionitem.objects.get_or_create(defaults={'deletemark': '0', 'enabled': '1', 'code': permissionCode},
# code=permissionCode,
# fullname=permissionCode if None else None,
# categorycode="Application",
# parentid=None,
# isscope=0,
# ispublic=0,
# allowdelete=1,
# allowedit=1,
# enabled=1,
# deletemark=0,
# moduleid=None
# )
Pipermissionitem.objects.get_or_create(deletemark = 0, enabled = 1, code = permissionCode, defaults={'code':permissionCode,'fullname':(permissionCode if None else None),'categorycode':"Application",'parentid':None,'isscope':0,'ispublic':0, 'allowdelete':1,'allowedit':1, 'enabled':1, 'deletemark':0, 'moduleid':None})
permissionId = Pipermissionitem.objects.get(Q(code=permissionCode) & Q(deletemark=0) & Q(enabled=1))
Pipermissionscope.objects.get_or_create(
defaults={'resourcecategory': resourceCategory, 'resourceid': resourceId, 'targetcategory': 'Table',
'targetid': tableName, 'deletemark': 0},
resourcecategory=resourceCategory,
resourceid=resourceId,
targetcategory='Table',
targetid=tableName,
permissionconstraint=constraint,
permissionid=permissionId,
deletemark=0,
enabled=1 if enabled else 0
)
Pipermissionscope.objects.get_or_create(resourcecategory= resourceCategory, resourceid=resourceId, targetcategory='Table',targetid=tableName, deletemark=0,
defaults={'resourcecategory':resourceCategory, 'resourceid':resourceId,'targetcategory':'Table','targetid':tableName,'permissionconstraint':constraint,'permissionid':permissionId,'deletemark':0,'enabled':(1 if enabled else 0)}
)
scope = Pipermissionscope.objects.get(
Q(resourcecategory=resourceCategory) & Q(resourceid=resourceId) & Q(targetcategory='Table') & Q(
targetid=tableName) & Q(permissionconstraint=constraint) & Q(permissionid=permissionId) & Q(
deletemark=0))
scope.permissionconstraint = 1 if enabled else 0
scope.enabled = 1 if enabled else 0
scope.save()
return scope.id
def Delete(request):
try:
key = request.POST['key']
except:
key = ''
returnValue = PermissionItemService.SetDeleted(None, [key])
if returnValue:
response = HttpResponse()
response.content = json.dumps({'Success': True, 'Data': '1', 'Message': FrameworkMessage.MSG0013})
return response
else:
response = HttpResponse()
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': FrameworkMessage.MSG3020})
return response
def GetConstraintDT(resourceCategory, resourceId, permissionCode = "Resource.AccessPermission"):
"""
获取约束条件(所有的约束)
Args:
resourceCategory (string): 资源类别
resourceId (string): 资源主键
Returns:
returnValue (): 数据表
"""
permissionId = ''
permissionId = PermissionItemService.GetIdByAdd(permissionCode)
sqlQuery = " SELECT PIPERMISSIONSCOPE.ID , PITABLEPERMISSIONSCOPE.ITEMVALUE TABLECODE, PITABLEPERMISSIONSCOPE.ITEMNAME TABLENAME, PIPERMISSIONSCOPE.PERMISSIONCONSTRAINT, PITABLEPERMISSIONSCOPE.SORTCODE FROM(" + \
"SELECT ITEMVALUE, ITEMNAME, SORTCODE FROM PITABLEPERMISSIONSCOPE WHERE(DELETEMARK=0) AND(ENABLED=1) ) PITABLEPERMISSIONSCOPE LEFT OUTER JOIN (SELECT ID, TARGETID, PERMISSIONCONSTRAINT FROM PIPERMISSIONSCOPE WHERE (RESOURCECATEGORY = '" + resourceCategory + "') AND(RESOURCEID='" + resourceId + "') AND(TARGETCATEGORY='Table') AND(PERMISSIONID='" + permissionId + "') AND(DELETEMARK=0) AND(ENABLED=1) ) PIPERMISSIONSCOPE" + \
"ON PITABLEPERMISSIONSCOPE.ITEMVALUE = PIPERMISSIONSCOPE.TARGETID ORDER BY PITABLEPERMISSIONSCOPE.SORTCODE"
dataTable = DbCommonLibaray.executeQuery(None, sqlQuery)
return dataTable
def GetPermissionItemDTByPermissionScope(self, userId, permissionItemCode):
"""
按某个权限范围获取特定用户可访问的操作权限列表(有授权权限的权限列表)
Args:
userId (string): 用户主键
permissionItemCode (string): 操作权限编号
Returns:
returnValue(Pipermissionitem): 数据表
"""
permissionItemId = Pipermissionitem.objects.get(code=permissionItemCode).id
if not permissionItemId & permissionItemCode == 'Resource.ManagePermission':
permissionItemEntity = Pipermissionitem()
permissionItemEntity.code = 'Resource.ManagePermission'
permissionItemEntity.fullname = '资源管理范围权限(系统默认)'
permissionItemEntity.isscope = 1
permissionItemEntity.enabled = 1
permissionItemEntity.allowdelete = 0
permissionItemEntity.save()
dataTable = PermissionItemService.GetDTByUser(self, userId, permissionItemCode)
return dataTable
def GrantRevokePermissionScopeTargets(request):
try:
resourceCategory = request.POST['resourceCategory']
resourceId = request.POST['resourceId']
targetCategory = request.POST['targetCategory']
grantTargetIds = request.POST['grantTargetIds']
revokeTargetIds = request.POST['revokeTargetIds']
except:
resourceCategory = None
resourceId = None
targetCategory = None
grantTargetIds = None
revokeTargetIds = None
response = HttpResponse()
permissionItemId = PermissionItemService.GetEntityByCode(
None, "Resource.ManagePermission").id
if not resourceId:
response.content = json.dumps({
'Success': True,
'Data': '0',
'Message': '请选择相应的资源!'
})
return response
successFlag = 0
if str(grantTargetIds).strip(',') and grantTargetIds and (grantTargetIds !=
','):
arrayGrantIds = str(grantTargetIds).strip(',').split(',')
successFlag = successFlag + ResourcePermission.GrantPermissionScopeTarget(
None, resourceCategory, resourceId, targetCategory, arrayGrantIds,
permissionItemId)
if str(revokeTargetIds).strip(','):
arrayRevokeIds = str(revokeTargetIds).strip(',').split(',')
def not_empty(s):
return s and s.strip()
arrayRevokeIds = list(filter(not_empty, arrayRevokeIds))
successFlag = successFlag + ResourcePermission.RevokePermissionScopeTarget(
None, resourceCategory, resourceId, targetCategory, arrayRevokeIds,
permissionItemId)
if successFlag > 0:
successFlag = 1
response.content = json.dumps({
'Success': True,
'Data': successFlag,
'Message': '操作成功!'
})
return response
else:
response.content = json.dumps({
'Success': True,
'Data': successFlag,
'Message': '操作失败!'
})
return response
def GetSearchConditional(self, userInfo, permissionScopeCode, search,
roleIds, enabled, auditStates, departmentId):
LogService.WriteLog(userInfo, __class__.__name__,
FrameworkMessage.UserService,
sys._getframe().f_code.co_name,
FrameworkMessage.UserService_GetSearchConditional,
'')
search = StringHelper.GetSearchString(self, search)
whereConditional = 'piuser.deletemark=0 and piuser.isvisible=1 '
if not enabled == None:
if enabled == True:
whereConditional = whereConditional + " and ( piuser.enabled = 1 )"
else:
whereConditional = whereConditional + " and ( piuser.enabled = 0 )"
if search:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'username' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'code' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'realname' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'quickquery' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'departmentname' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'description' + " LIKE '" + search + "')"
if departmentId:
organizeIds = OrganizeService.GetChildrensById(self, departmentId)
if organizeIds and len(organizeIds) > 0:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds,"'") + ")" \
+ " OR " + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'departmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'subdepartmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'workgroupid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + "))"
whereConditional = whereConditional + " OR " + 'piuser' + "." + 'id' + " IN (" \
+ " SELECT " + 'userid' \
+ " FROM " + 'piuserorganize' \
+ " WHERE (" + 'piuserorganize' + "." + 'deletemark' + " = 0 ) " \
+ " AND (" \
+ 'piuserorganize' + "." + 'companyid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'subcompanyid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'departmentid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'subdepartmentid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'workgroupid' + " = '" + departmentId + "')) "
if auditStates:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'auditstatus' + " = '" + auditStates + "')"
if roleIds and len(roleIds) > 0:
roles = StringHelper.ArrayToList(self, roleIds, "'")
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + "SELECT " + 'userid' + " FROM " + 'piuserrole' + " WHERE " + 'roleid' + " IN (" + roles + ")" + "))"
if (not userInfo.IsAdministrator
) and SystemInfo.EnableUserAuthorizationScope:
permissionScopeItemId = PermissionItemService.GetId(
self, permissionScopeCode)
if permissionScopeItemId:
#从小到大的顺序进行显示,防止错误发生
organizeIds = PermissionScopeService.GetOrganizeIds(
self, userInfo.Id, permissionScopeCode)
#没有任何数据权限
if PermissionScope.PermissionScopeDic.get('No') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = NULL ) "
#按详细设定的数据
if PermissionScope.PermissionScopeDic.get(
'Detail') in organizeIds:
userIds = PermissionScopeService.GetUserIds(
self, userInfo.Id, permissionScopeCode)
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + StringHelper.ObjectsToList(
userIds) + ")) "
#自己的数据,仅本人
if PermissionScope.PermissionScopeDic.get(
'User') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = '" + userInfo.Id + "') "
#用户所在工作组数据
if PermissionScope.PermissionScopeDic.get(
'UserWorkgroup') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'workgroupid' + " = '" + userInfo.WorkgroupId + "') "
#用户所在部门数据
if PermissionScope.PermissionScopeDic.get(
'UserDepartment') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'departmentid' + " = '" + userInfo.DepartmentId + "') "
#用户所在公司数据
if PermissionScope.PermissionScopeDic.get(
'UserCompany') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " = '" + userInfo.CompanyId + "') "
#全部数据,这里就不用设置过滤条件了
if PermissionScope.PermissionScopeDic.get(
'All') in organizeIds:
pass
return whereConditional
def GetUserIds(userInfo, userId, permissionItemCode):
dataTable = Pipermissionscope.objects.filter(Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory='PIUSER') & Q(permissionid=PermissionItemService.GetIdByAdd(permissionItemCode))).values_list('targetid', flat=True)
return dataTable