def get(self, system_id):
try:
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == system_id).first()
if not inspect_system or inspect_system.security_level == 0:
return jsonify({"status": False, "desc": "安全保护等级自评尚未完成"})
manage_assess_dict = {
'system_id': system_id,
'security_level': inspect_system.security_level,
'business_level': inspect_system.business_level,
'system_level': inspect_system.system_level,
'system_name': inspect_system.system_name,
'manage_assess': {}
}
# for manage_demand in db.session.query(InspectManageDemands).filter(
# InspectManageDemands.level == inspect_system.security_level).all():
# manage_assess_dict['manage_assess'][manage_demand.name] = False
for demand_assess in db.session.query(InspectManageAssess).filter(
InspectManageAssess.system_id == system_id).all():
manage_assess_dict['manage_assess'][
demand_assess.manage_demand.
name] = demand_assess.manage_demand_check
# b = json.dumps(manage_assess_dict)
# print b
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "获取安全保护等级技术细则自评信息失败"})
def post(self, system_id):
try:
demands_assess_dict = request.get_json()
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == system_id).first()
if not inspect_system or inspect_system.security_level == 0:
return jsonify({"status": False, "desc": "安全保护等级自评尚未完成"})
db.session.query(InspectManageAssess).filter(
InspectManageAssess.system_id == system_id).delete()
db.session.commit()
a_list = demands_assess_dict['manage_assess'].keys()
b_list = [
b.name
for b in db.session.query(InspectManageDemands.name).filter(
InspectManageDemands.level ==
inspect_system.security_level).all()
]
print(set(a_list) - set(b_list))
print(set(b_list) - set(a_list))
for manage_demand in db.session.query(InspectManageDemands).filter(
InspectManageDemands.level ==
inspect_system.security_level).all():
manage_demand_id = manage_demand.id
manage_demand_check = demands_assess_dict['manage_assess'].get(
manage_demand.name, False)
manage_demand_assess = InspectManageAssess(
system_id, manage_demand_id, manage_demand_check)
db.session.add(manage_demand_assess)
db.session.commit()
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "安全保护等级技术细则自评失败"})
def post(self, system_id):
try:
demands_assess_dict = request.get_json()
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == system_id).first()
if not inspect_system or inspect_system.security_level == 0:
return jsonify({"status": False, "desc": "安全保护等级自评尚未完成"})
db.session.query(InspectTechAssess).filter(
InspectTechAssess.system_id == system_id).delete()
db.session.commit()
for tech_demand in db.session.query(InspectTechDemands).filter(
InspectTechDemands.level ==
inspect_system.security_level).all():
tech_demand_id = tech_demand.id
tech_demand_check = demands_assess_dict['tech_assess'].get(
tech_demand.name, False)
tech_demand_assess = InspectTechAssess(system_id,
tech_demand_id,
tech_demand_check)
db.session.add(tech_demand_assess)
db.session.commit()
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "安全保护等级技术细则自评失败"})
def get(self, system_id):
try:
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == system_id).first()
if not inspect_system or inspect_system.security_level == 0:
return jsonify({"status": False, "desc": "安全保护等级自评尚未完成"})
tech_assess_dict = {
'system_id': system_id,
'security_level': inspect_system.security_level,
'business_level': inspect_system.business_level,
'system_level': inspect_system.system_level,
'system_name': inspect_system.system_name,
'tech_assess': {}
}
for demand_assess in db.session.query(InspectTechAssess).filter(
InspectTechAssess.system_id == system_id).all():
tech_assess_dict['tech_assess'][
demand_assess.tech_demand.
name] = demand_assess.tech_demand_check
# b = json.dumps(tech_assess_dict)
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "获取安全保护等级技术细则自评信息失败"})
def delete(self, id):
try:
db.session.query(InspectSystemsAssess).filter(
InspectSystemsAssess.system_id == id).delete()
db.session.commit()
db.session.query(InspectTechAssess).filter(
InspectTechAssess.system_id == id).delete()
db.session.commit()
db.session.query(InspectManageAssess).filter(
InspectManageAssess.system_id == id).delete()
db.session.commit()
db.session.query(InspectSystems).filter(
InspectSystems.id == id).delete()
db.session.commit()
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "等保自评系统删除失败"})
def get(self, id=None):
try:
if id:
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == id).first()
return jsonify({
"status": True,
"inspect_system": inspect_system._to_dict()
})
page, per_page, offset, search_msg = get_page_items()
query = db.session.query(InspectSystems)
inspect_systems = query.limit(per_page).offset(offset).all()
total = query.count()
inspect_systems_list = [
inspect_system._to_dict() for inspect_system in inspect_systems
]
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "获取等保系统信息失败"})
def put(self, id):
try:
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == id).first()
if not inspect_system:
return jsonify({"status": False, "desc": "无法查询到该系统"})
system_dict = request.get_json()
inspect_system.system_name = system_dict.get('system_name'),
inspect_system.system_no = system_dict.get('system_no'),
inspect_system.system_data_json = json.dumps(
system_dict.get('system_data_json')) if system_dict.get(
'system_data_json') else json.dumps({}),
# inspect_system.system_word = system_dict.get('system_word'),
inspect_system.describe = system_dict.get('describe'),
inspect_system.update_time = datetime.now()
db.session.commit()
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "等保自评系统修改失败"})
def post(self):
try:
sys_dict = request.get_json()
if sys_dict:
system_no = sys_dict.get('system_no')
if not sys_dict:
sys_dict = dict(
system_name=request.values.get('system_name'),
system_no=request.values.get('system_no'),
system_data_json=request.values.get('system_data_json'),
describe=request.values.get('describe'))
if db.session.query(InspectSystems).filter(
InspectSystems.system_no == system_no).first():
return jsonify({
"status": False,
"desc": "编号为:%s的等保系统已存在" % system_no
})
# files = request.files
#
# if files and files.get('file'):
# f = files['file']
# # file_name = secure_filename(f.filename)
# file_name = f.filename
# file_name_list = file_name.split('.')
# word_file_name = file_name_list[0] + datetime.now().strftime('%Y%m%d%H%M%S') + \
# str(random.randint(0, 99)) + '.' + file_name_list[1]
# word_file_dir = os.path.join(D_UP_LOADS, word_file_name)
# f.save(word_file_dir)
# sys_dict['system_word'] = word_file_dir
sys_dict['update_time'] = datetime.now()
inspect_system = InspectSystems._from_dict(sys_dict)
db.session.add(inspect_system)
db.session.commit()
db.session.flush()
system_id = inspect_system.id
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "等保系统创建失败"})
def get(self, system_id):
try:
system_assess_dict = {
'system_id': system_id,
'business_assess': {},
'system_assess': {}
}
# object_levels = db.session.query(InspectObjectInjureLevel).all()
# for object_level in object_levels:
# system_assess_dict['business_assess'][object_level.name] = False
# system_assess_dict['system_assess'][object_level.name] = False
system_assess = db.session.query(InspectSystemsAssess).filter(
InspectSystemsAssess.system_id == system_id).all()
for assess in system_assess:
system_assess_dict[assess.assess_type.name][assess.object_injure_level.name] \
= assess.assess_check
b = json.dumps(system_assess_dict)
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "获取安全保护等级自评信息失败"})
def post(self, system_id):
try:
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == system_id).first()
files = request.files
if files and files.get('file'):
f = files['file']
# file_name = secure_filename(f.filename)
file_name = f.filename
file_name_list = file_name.split('.')
word_file_name = file_name_list[0] + datetime.now().strftime('%Y%m%d%H%M%S') + \
str(random.randint(0, 99)) + '.' + file_name_list[1]
word_file_dir = os.path.join(D_UP_LOADS, word_file_name)
f.save(word_file_dir)
inspect_system.system_word = word_file_dir
db.session.add(inspect_system)
db.session.commit()
else:
return jsonify({"status": False, "desc": "无法获取上传的word附件"})
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "等保系统word附件上传失败"})
def post(self, system_id):
try:
max_business_level = 0
max_system_level = 0
inspect_system = db.session.query(InspectSystems).filter(
InspectSystems.id == system_id).first()
data_dict = request.get_json()
business_dict = data_dict.get('business_assess')
if business_dict:
assess_type_id = InspectAssessType._get_id('business_assess')
db.session.query(InspectSystemsAssess).filter(
InspectSystemsAssess.system_id == system_id,
InspectSystemsAssess.assess_type_id ==
assess_type_id).delete()
db.session.commit()
for object_level_name in business_dict:
assess_check = business_dict.get(object_level_name)
object_level_id, level = InspectObjectInjureLevel._get_id(
object_level_name)
if not object_level_id:
return jsonify({
"status":
False,
"desc":
"错误的%s导致安全保护等级自评信息提交失败" % object_level_name
})
system_assess = InspectSystemsAssess(
system_id, assess_type_id, object_level_id,
assess_check)
db.session.add(system_assess)
db.session.commit()
if assess_check and (max_business_level < level):
max_business_level = level
# update business_level
inspect_system.business_level = max_business_level
db.session.add(inspect_system)
db.session.commit()
system_dict = data_dict.get('system_assess')
if system_dict:
assess_type_id = InspectAssessType._get_id('system_assess')
db.session.query(InspectSystemsAssess).filter(
InspectSystemsAssess.system_id == system_id,
InspectSystemsAssess.assess_type_id ==
assess_type_id).delete()
db.session.commit()
for object_level_name in system_dict:
assess_check = system_dict.get(object_level_name)
object_level_id, level = InspectObjectInjureLevel._get_id(
object_level_name)
if not object_level_id:
return jsonify({
"status":
False,
"desc":
"错误的%s导致安全保护等级自评信息提交失败" % object_level_name
})
system_assess = InspectSystemsAssess(
system_id, assess_type_id, object_level_id,
assess_check)
db.session.add(system_assess)
db.session.commit()
if assess_check and (max_system_level < level):
max_system_level = level
# update system_level
inspect_system.system_level = max_system_level
db.session.add(inspect_system)
db.session.commit()
# update security_level
inspect_system.security_level = max(max_business_level,
max_system_level)
db.session.add(inspect_system)
db.session.commit()
except Exception, e:
logger.error(e)
db.session.rollback()
return jsonify({"status": False, "desc": "安全保护等级自评信息提交失败"})