def process_view(self,request,view_func,view_args,view_kwargs): #如果用户想登入后台部分的view if(request.path.startswith("/admin")): #后台部分如果要进行obj的增删查改 权限名为 show/edit/delete_obj 其他的 权限名和函数名一样。具体 查看adminURL 就明白了 if(view_kwargs.get("obj")): requiredResource = view_func.__name__.split("_")[0]+"_"+view_kwargs.get("obj") else: requiredResource = view_func.__name__ #后台部分的其他操作 权限名都和view function的名字一样 if(not requiredResource in request.session["perm"]): return HttpResponseRedirect("/permission") #表单部分有三种情况的view访问:apply_form,show_xx_form,和 change form elif(request.path.startswith("/handleForm")): #申请表单对应的权限名字是apply_form if(request.path.startswith("/handleForm/apply_form/") and not "apply_form" in request.session["perm"]): return HttpResponseRedirect("/permission") #展示表单列表view对应的权限名是show_xxxx elif(request.path.find("show")>=0): if(not view_func.__name__ in request.session["perm"]): return HttpResponseRedirect("/permission") elif(request.path.startswith("/handleForm/check_form/")): requiredResource = view_kwargs["role"]+"_"+"check" if(not requiredResource in request.session["perm"]): return HttpResponseRedirect("/permission") #检查是否以在地址栏输入表单id的方式 试图访问自己权限外的表单 主要针对申请者和审核者 因为 申请者应该只能看到自己申请的表单 审核者只能看到自己负责的表单 else: if(view_kwargs["role"]=="applicant" and not DomainApplication.objects.get(id=view_kwargs["Id"]).creater==userService.getUser(request)): return HttpResponseRedirect("/permission") elif(view_kwargs["role"]=="verifier"): zone = get_object_or_404(DomainApplication,id=view_kwargs["Id"]).getZoneOfApplicationForm() if(zone and not zone.zone_dpt==userService.getUser(request).user_dpt): return HttpResponseRedirect("/permission")
def addMainForm(request,main_part): """ 将表单的主要信息存入数据库中 返回存入后的id main_part: 是申请表单主要信息的form """ main = main_part.save(commit=False) main.creater = userService.getUser(request) main.createTime = datetime.datetime.now() main.status = staticVar.CREATED main.save() #创建一条标记表单状态流转的记录 status = FormStatus(status=staticVar.CREATED) status.status_user = userService.getUser(request) status.status_da = main status.createTime = datetime.datetime.now() status.save() return main.id
def __createStatusRecord(): """ 创建表单状态流转记录 由于每一次改变表单状态都需要创建这么一条记录 所以 写成函数会方便很多 """ user = userService.getUser(request) status = FormStatus(status=form.status) status.status_user = user status.status_da = form status.createTime = datetime.datetime.now() if(request.POST and request.POST.get("comment")): status.statusDes = request.POST.get("comment") status.save()