def getModelData(self, modelname, id, _param):
"""
获取模型数据,仅一个
@param modelname:
@param id:
@param _param:
@return:
"""
model = self.getModel(modelname)
if not self.check_permission(modelname, 'is_view'):
raise ex(u'用户权限不足')
query = model.objects.filter()
if self.check_permission(modelname, 'is_self'):
if self.get_me().isteacher:
query = self.verify_user(query, config.model_self_teacher.get(modelname), _param)
if self.get_me().isstudent:
query = self.verify_user(query, config.model_self_student.get(modelname), _param)
query = query.filter(id=id)
if query is not None:
if hasattr(model, 'get_json'):
return gen_query_json(query, param=_param)
else:
raise ex('%s没有get_json()方法' % modelname)
else:
raise ex(u'无法查询到数据')
def saveUser(self, _param):
"""
保存用户信息
@param _param:
@return:
"""
flag_add = True
user = User.objects.filter(
pk=_param['id']).first() if _param.get('id', None) else None
if user:
flag_add = False
if user and User.objects.exclude(pk=_param['id']).filter(
username=_param['username']).count():
raise ex(u'该用户名已经存在!')
if not user:
if _param.get('username', None) and User.objects.filter(
username=_param['username']):
raise ex(u'该用户名已经存在!')
user = User()
dic2obj(user, [
'username', 'truename', 'name', 'email', 'phone', 'department_id',
'role_id'
], _param)
if _param.get('password', ''):
user.password = _param['password']
user.save()
self.logAtion(ActionLog.ACTION_MODIFY, User, user.id)
def changeUser(self, userid):
'''
切换用户,开发阶段使用
@param userid:
@return:
'''
if self.site.setting.get('sys_debug'):
user = User.objects.filter(pk=userid).first()
if not user:
raise ex(u'没有该角色用户')
self.logout()
self.session_set('me', user.get_json())
else:
raise ex(u'该功能已经禁用')
def changeUserByRole(self, roleid):
'''
根据角色切换用户,开发阶段使用
@param roleid:
@return:
'''
if self.site.setting.get('sys_debug'):
user = User.objects.filter(role_id=roleid,
status=User.STATUS_NORMAL).first()
if not user:
raise ex(u'没有该角色用户')
self.logout()
self.session_set('me', user.get_json())
else:
raise ex(u'该功能已经禁用')
def changePassword(self, password, newpassword):
'''
修改用户密码
@param password:
@param newpassword:
@return:
'''
if not newpassword:
raise ex(u'新密码不能为空')
user = self.get_me()
if user and user.password == User.pwdhash(password, user.salt):
user.password = User.pwdhash(newpassword, user.salt)
user.save()
else:
raise ex(u'原密码不正确!')
def get_model_editfiled(self, modelname, _param):
"""
获取模型选择字段
@param modelname:
@return:
"""
model = self.getModel(modelname)
if not self.check_permission(modelname, 'is_edit'):
raise ex(u'用户权限不足')
if self.check_permission(modelname, 'is_self'):
self.verify_user(None, None, _param, is_edit=True)
if hasattr(model, 'edititem'):
return {'edititem': self.gen_edit_item(model, _param)}
else:
raise ex('%s没有设置edititem属性' % modelname)
def saveSetting(self, _param):
'''
保存设置
@param _param:
@return:
'''
if not self.check_permission('KeyValue', 'is_edit'):
raise ex(u'用户权限不足')
ks = [k for k in _param if not k.startswith('_')]
resks = []
if ks:
from base.models import KeyValue
for kv in KeyValue.objects.filter(key__in=ks):
k = kv.key
kv.value = _param[k]
try:
kv.pyvalue
kv.save()
resks.append(k)
except:
print 'saveSetting of key %s' % kv.key
pass
from siteinfo import Site
Site.reset()
return resks
def upload_files(self):
"""
多文件上传
@type:post
@param files:文件,格式为:form.append(files[i].name, files[i]);
@return: 返回为文件列表,信息与单个文件的一样
"""
import time, os, datetime
import utils
file_url_list = []
if self.request.method == "POST":
upload_root = 'media/upload'
now = datetime.datetime.now()
uplaod_path = os.path.join(upload_root, str(now.year) + str(now.month))
if not os.path.exists(uplaod_path):
os.mkdir(uplaod_path)
for filename in self.request.FILES:
file = self.request.FILES.get(filename, None)
filename_h = str(int(round(time.time() * 1000))) + '.' + file.name.split('.')[-1]
filepath = os.path.join(uplaod_path, filename_h)
filetype = file.name.split('.')[-1]
f = open(filepath, 'wb')
for chunk in file.chunks():
f.write(chunk)
f.close()
item = {'url': '/' + filepath, 'filename': file.name, 'size': os.path.getsize(filepath)}
if filetype == 'png' or filetype == 'jpg' or filetype == 'gif':
item['img_info'] = utils.get_full_compress_img_info(filepath)
file_url_list.append(item)
return file_url_list
else:
raise ex('请使用post方法上传')
def upload_file(self):
"""
上传文件
@type:post
@param file:文件,格式为:js:form.append('file', file);
@return: 文件上传后返回:{'url':文件的相对路径, 'filename': 文件名,'size':文件大小,'img_info':图片信息(如果是图片,支持jpg,png,gif)}
@return: img_info:{'normal_info': 原始图片信息, 'small_info': 小图信息,'middle_info': 中图信息)}
@return: normal_info:{'url': 图片相对路径链接, 'size': 文件大小, 'width': 图片宽, 'height': 图片高}
"""
import time, os, datetime
import utils
if self.request.method == "POST":
file = self.request.FILES.get("file", None)
filename = str(int(round(time.time() * 1000))) + '.' + file.name.split('.')[-1]
filetype = file.name.split('.')[-1]
upload_root = 'media/upload'
now = datetime.datetime.now()
uplaod_path = upload_root + '/' + str(now.year) + str(now.month)
if not os.path.exists(uplaod_path):
os.mkdir(uplaod_path)
filepath = os.path.join(uplaod_path, filename)
f = open(filepath, 'wb')
for chunk in file.chunks():
f.write(chunk)
f.close()
res = {'url': '/' + filepath, 'filename': file.name, 'size': os.path.getsize(filepath)}
if filetype == 'png' or filetype == 'jpg' or filetype == 'gif':
res['img_info'] = utils.get_full_compress_img_info(filepath)
return res
else:
raise ex('请使用post方法上传')
def verify_user(self, query, queryfield, _param, is_edit=False):
user_id = _param.get('s_user_id') or _param.get('user_id')
if not user_id or self.get_me().id != int(user_id):
raise ex('访问受限')
if is_edit:
return True
querydic = {queryfield: user_id}
query = query.filter(**querydic)
return query
def login(self, username, password):
"""
用户登录
@param username:
@param password:
@return:
"""
user = User.objects.filter(username=username).first()
if user and user.password == User.pwdhash(password, user.salt):
if user.status == User.STATUS_CANCELED:
raise ex(u'该用户已被锁定无法登陆')
self.session_set('me', user.get_json())
self.logAtion(ActionLog.ACTION_LOGIN)
logingoto = self.session_get_once('logingoto')
return obj2dic(user, ['id', 'username', 'token'],
{'goto': logingoto or '/xadmin/'})
else:
raise ex(u'用户名或密码错误')
def getModelList(self, modelname, _param):
'''
获取模型对于的数据列表
@param modelname:
@param _param:
@return:
'''
model = self.getModel(modelname)
if not self.check_permission(modelname, 'is_view'):
raise ex(u'用户权限不足')
query = model.objects.filter()
if self.check_permission(modelname, 'is_self'):
if self.get_me().isteacher:
query = self.verify_user(
query, config.model_self_teacher.get(modelname), _param)
if self.get_me().isstudent:
query = self.verify_user(
query, config.model_self_student.get(modelname), _param)
if self.get_me().is_teacher_assistant:
query = self.verify_user(
query, config.model_self_teacher_assistant.get(modelname),
_param)
if hasattr(model, 'get_list_json'):
if hasattr(model, 'showitem'):
shwoitem = model.showitem if not hasattr(
model.showitem, '__call__') else model.showitem()
return gen_query_json_list_array(query,
param=_param,
showitem=shwoitem,
funcstr='get_list_json',
funcdic={})
if hasattr(model, 'get_json'):
if hasattr(model, 'showitem'):
shwoitem = model.showitem if not hasattr(
model.showitem, '__call__') else model.showitem()
return gen_query_json_list_array(query,
param=_param,
showitem=shwoitem)
return gen_query_json_list_array(query, param=_param)
else:
raise ex('%s没有get_json()方法' % modelname)
def export_to_excel(self, modelname, _param):
model = self.getModel(modelname)
if not self.check_permission(modelname, 'is_export'):
raise ex(u'用户权限不足')
_param['size'] = -1
_param['page'] = 1
data = self.getModelList(modelname, _param)
workbook = xlwt.Workbook(encoding='utf-8')
worksheet = workbook.add_sheet('sheet1')
datalist = data.items
if hasattr(model, 'exportlist'):
exportlist = model.exportlist
for index, el in enumerate(exportlist):
worksheet.write(0, index, el['showname'])
for index, dl in enumerate(datalist):
for index_j, el in enumerate(exportlist):
worksheet.write(index + 1, index_j, dl[el['fieldname']])
timestrap = str(int(time.time()))
path = settings.BASE_DIR + '/media/temp/' + 'export_' + timestrap + '.xls'
workbook.save(path)
return '/media/temp/' + 'export_' + timestrap + '.xls'
else:
raise ex('导出条目没有配置')
def cancel_top(self, modelname, ids):
"""
取消置顶
:param modelname:
:param ids:
:return:
"""
if not self.check_permission(modelname, 'is_top'):
raise ex(u'用户权限不足')
ids = ids.split(',')
model = self.getModel(modelname)
if ids:
for o in model.objects.filter(pk__in=ids):
o.ordering = 0
o.save()
return len(ids)
def delModels(self, modelname, ids):
'''
删除模型数据
@param modelname:
@param ids:
@return:
'''
# if not self.check_opration(modelname):
# raise ex(u'用户权限不足')
# if self.get_me().isreception:
# raise ex(u'用户权限不足,请联系管理员进行操作')
# if (self.get_me().isstudent or self.get_me().isteacher) and (modelname=='Exam'):
# raise ex(u'用户权限不足')
if not self.check_permission(modelname, 'is_delete'):
raise ex(u'用户权限不足')
ids = ids.split(',')
model = self.getModel(modelname)
return self.delModelsByIds(model, ids)
def topModels(self, modelname, ids):
'''
置顶模型
@param modelname:
@param ids:
@return:
'''
if not self.check_permission(modelname, 'is_top'):
raise ex(u'用户权限不足')
ids = ids.split(',')
model = self.getModel(modelname)
if ids:
from utils import orderinggen
ordering = orderinggen()
ix = 0
for o in model.objects.filter(pk__in=ids):
o.ordering = ordering - ix
o.save()
ix += 1
return len(ids)
def saveModel(self, modelname, _param):
'''
保存模型数据
@param modelname:
@param _param:
@return:
'''
is_add = False
if not self.check_permission(modelname, 'is_edit'):
raise ex(u'用户权限不足')
model = self.getModel(modelname)
# if hasattr(model, 'role_write') and not self.get_me().checkrole(model.role_write):
# raise ex(u'用户权限不足:%s' % model.role_write)
objid = _param.get('id')
o = model.objects.filter(pk=objid).first()
if o:
if modelname == 'User' and _param.get('password', None) == '':
_param.pop('password')
else:
is_add = True
if modelname == 'User':
print _param.get('username', None)
u = User.objects.filter(username=_param.get('username', None))
if u:
raise ex('该用户已经存在')
o = model()
emptyfields = []
fields = model.get_editfields()
for f in model.get_fields():
if f.name in fields and (not f.blank
and not f.null) and not _param.get(
f.name, None):
if hasattr(f, 'rel') and hasattr(f.rel, 'to'):
fn = f.name + "_id" if not f.name.endswith(
'_id') else f.name
if not _param.get(fn, None):
emptyfields.append(f.verbose_name)
else:
emptyfields.append(f.verbose_name)
if modelname == 'User' and f.name == 'password' and not is_add:
emptyfields.pop()
if (f.__class__.__name__ == 'ForeignKey'
or f.__class__.__name__ == 'OneToOneField'
) and not f.name.endswith('_id') and hasattr(
f, 'rel') and f.editable and not f.primary_key and hasattr(
f.rel, 'to'):
fields.remove(f.name)
fields.append(f.name + "_id")
if _param.get(f.name + '_id') == '':
_param[f.name + '_id'] = None
if f.__class__.__name__ == 'ChildrenModelField' and f.name in fields:
fields.remove(f.name)
if (f.__class__.__name__ == 'DateField'
or f.__class__.__name__ == 'IntegerField'
or f.__class__.__name__ == 'FloatField') and _param.get(
f.name) == '':
_param[f.name] = None
if emptyfields:
efs = ','.join(emptyfields).decode('utf-8')
raise ex(u"'%s'不能为空" % (efs))
if hasattr(o, 'modify'):
o.modify(self.get_me(), fields, _param)
else:
dic2obj(o, fields, _param)
if self.check_permission(modelname, 'is_self'):
self.verify_user(None, None, _param, is_edit=True)
o.save()
if is_add:
self.logAtion(
ActionLog.ACTION_ADD,
model=model,
content=o.__unicode__() if hasattr(o, '__unicode__') else None,
objsid=o.id,
model_cn=o._meta.verbose_name)
print o._meta.verbose_name
else:
self.logAtion(
ActionLog.ACTION_EDIT,
model=model,
content=o.__unicode__() if hasattr(o, '__unicode__') else None,
objsid=o.id,
model_cn=o._meta.verbose_name)
return o.get_json()
def getModel(self, modelname):
model = ApiView.getModel(self, modelname)
if not model:
raise ex(u'不存在模型:%s' % modelname)
return model
