async def put(self, *args, **kwargs): reqData = json.loads(self.request.body.decode("utf8")) reqList = {m: [str(n)] for m, n in reqData.items()} valiDict = UserForm(reqList) if valiDict.validate(): valiData = valiDict.data try: oneUser = await self.application.objects.get(Users, id=reqData['id']) except Users.DoesNotExist as e: return self.finish(rf().set(404, "失败用户不存在")) pwd_bcrpt = pd().hashed(valiData['password']) # oneUser.password = hashlib.sha256(valiData['password'].encode('utf8')).hexdigest() async with self.application.objects.atomic(): params = { "username": valiData['username'], "password": pwd_bcrpt, } await self.application.objects.execute( Users.update(**params).where(Users.id == oneUser.id)) #删除对应角色 await self.application.objects.execute( userRole.delete().where(userRole.users_id == oneUser.id)) #过滤出权限id列表 if not len(reqData["checkedData"]) == 0: for c in reqData["checkedData"]: # 给角色添加权限 await self.application.objects.create( userRole, users_id=oneUser.id, roles_id=c) return self.finish(rf().code(202)) else: resData = rf().code(404) resData['msg'] = valiDict.errors return self.finish(resData)
async def post(self, *args, **kwargs): reqData = json.loads(self.request.body.decode("utf8")) # 生成wtform-tornado验证格式 reqDict = {m: [str(n)] for m, n in reqData.items()} valiDict = UserForm(reqDict) if valiDict.validate(): newData = valiDict.data try: await self.application.objects.get( Users, username=reqData['username']) resData = rf().set(404, "失败用户已存在") return self.finish(resData) except Users.DoesNotExist as e: async with self.application.objects.atomic(): newData["password"] = pd().hashed(newData['password']) oneUser = await self.application.objects.create( Users, **newData) for n in reqData['checkedData']: await self.application.objects.create( userRole, users_id=oneUser.id, roles_id=n) return self.finish(rf().code(201)) else: resData = rf().code(404) resData['msg'] = valiDict.errors return self.finish(resData)
async def put(self, *args, **kwargs): resData = {} temp = json.loads(self.request.body.decode("utf8")) reqInfo = {m: [n] for m, n in temp.items()} reqvali = MenusForm(reqInfo) if reqvali.validate(): try: oneEdit = await self.application.objects.get(Menus, id=reqInfo['id']) except Exception as e: self.finish(rf().set(404, "失败提交信息有误")) else: obj = reqvali.data oneEdit.title = obj['title'] oneEdit.icon = obj['icon'] oneEdit.path = obj['path'] oneEdit.code = obj['code'] oneEdit.ord = obj['ord'] # 父菜单的值没有验证,直接从请求中获取并判断 oneEdit.sub_id = None if str( reqInfo['parent'][0]).strip() == "" else int( str(reqInfo['parent'][0]).strip()) await self.application.objects.update(oneEdit) resData = rf().code(202) else: resData = rf().code(404) resData['msg'] = reqvali.errors return self.finish(resData)
async def post(self, *args, **kwargs): resData = {} reqData = json.loads(self.request.body.decode("utf8")) # 生成wtform-tornado验证格式 reqDict = {m: [str(n)] for m, n in reqData.items()} valiDict = PermissionsForm(reqDict) if valiDict.validate(): data = valiDict.data try: await self.application.objects.get(Permissions, title=data['title']) return self.finish(rf().set(404, "失败用户已存在")) except Exception as f: async with self.application.objects.atomic(): await self.application.objects.create( Permissions, title=data['title'], url=data['url'], method=data['method'], menu_id=data['menu']) resData = rf().code(201) return self.finish(resData) else: resData = rf().code(404) resData['msg'] = valiDict.errors return self.finish(resData)
async def post(self, *args, **kwargs): reqData = json.loads(self.request.body.decode('utf8')) # 获取redis验证信息 rds = RedisGroup(self) rdsInfo = await rds.get(reqData) if rdsInfo: return self.finish(rdsInfo) # 先判断请求用户数据是否存在 try: oneRecord = await self.application.objects.get( Records, id=reqData["id"], onlyid=reqData["onlyid"]) validata = oneRecord.uuidnum except Exception as e: return self.finish(rf().code(404)) # 判断初始状态是否为冻结,如果不是,取消操作 if not oneRecord.is_lock: return self.finish(rf().code(404)) async with self.application.objects.atomic(): result = await self.application.objects.execute( Records.update(uuidnum=uuid.uuid1(), lock_user=None, is_confirm=True, operator=self.current_user).where( (Records.id == reqData["id"]) & (Records.uuidnum == validata))) if result == 0: return self.finish(rf().code(404)) rds.delete() return self.finish(rf().set(202, "操作成功"))
async def get(self, req): # print(self.obj) # print(self.obj.application) # 判断redis是否有记录 self.only_id = req["onlyid"] # 实例化redis try: self.rds = self.obj.application.rds(1) except Exception as ff: return rf().set(500, "内部服务错误") # 判断标记是否存在 if not self.rds.get("onlyid-mark"): self.rds.flushdb() self.rds.set("onlyid-mark", "1", ex=3600) allLockFreeze = await self.obj.application.objects.execute(Records.select().where( ((Records.is_freeze == True) | (Records.is_lock == True)) & (Records.is_confirm == False))) for oneLockFreeze in allLockFreeze: self.rds.set(oneLockFreeze.onlyid, oneLockFreeze.lock_user, ex=4800) # 判断是否存在redis里 if not self.rds.get(self.only_id): return rf().code(401) else: getRdsVal = self.rds.get(self.only_id).decode('utf8') # 判断是否是相同用户操作 if not getRdsVal == self.obj.current_user: return rf().set(404, "其它用户已锁定") return None
async def post(self, *args, **kwargs): resData = {} reqData = json.loads(self.request.body.decode("utf8")) reqList = {m: [str(n)] for m, n in reqData.items()} result = RoleForm(reqList) if result.validate(): try: await self.application.objects.get(Roles, title=reqData['title']) return self.finish(rf().set(404, "失败用户已存在")) except Roles.DoesNotExist as e: # 过滤出权限id列表 perList = [ int(str(i).split('permission-')[1]) for i in reqData["permission"] if str(i).startswith("permission-") ] async with self.application.objects.atomic(): roleOne = await self.application.objects.create( Roles, title=reqData['title']) if not len(perList) == 0: for c in perList: # 给角色添加权限 await self.application.objects.create( rolePermission, roles_id=roleOne.id, permissions_id=c) return self.finish(rf().code(201)) else: resData = rf().code(404) resData['msg'] = result.errors return self.finish(resData)
async def post(self, *args, **kwargs): resData = {} reqInfo = json.loads(self.request.body.decode("utf8")) # 转换格式为wtform-tornado支持 reqInfo = {m: [n] for m, n in reqInfo.items()} valiForm = MenusForm(reqInfo) # 验证前端传值是否正确 if valiForm.validate(): obj = valiForm.data try: await self.application.objects.get(Menus, title=obj['title']) resData = rf().set(404, "失败菜单名已存在") return self.finish(resData) except Exception as f: dict1 = { "title": obj['title'], "icon": obj['icon'], "path": obj['path'], "code": obj['code'], "ord": int(obj['ord']), } # 判断前端是否传父菜单id if reqInfo['parent'][0]: dict1["sub_id"] = reqInfo['parent'][0] await self.application.objects.create(Menus, **dict1) resData = rf().code(201) self.finish(resData) else: resData = rf().code(404) resData['msg'] = valiForm.errors self.finish(resData)
async def post(self): reqData = json.loads(self.request.body.decode("utf8")) # 生成wtform-tornado验证格式 btncontrol = False if reqData["btncontrol"] == "2" else True res = await self.application.objects.execute( WhiteList.update(is_global=btncontrol)) if not res: resData = rf().set(404, "IP限制开启失败") return self.finish(resData) return self.finish(rf().code(202))
async def post(self): rds = self.application.rds(2) userSha256 = hashlib.sha256( self.current_user.encode('utf8')).hexdigest() rds.delete(userSha256) rds.delete(self.current_user) return self.finish(rf().code(200))
async def post(self, *args, **kwargs): reqData = json.loads(self.request.body.decode('utf8')) getUser = await self.application.objects.get( Users, username=self.current_user) uuidList = str(uuid.uuid1()).split("-") # 生成订单号 onlyId = "".join( str(datetime.datetime.now().timestamp()).split(".") + uuidList) dict1 = { "onlyid": onlyId, "name": reqData["name"], "cardclass": reqData["cardclass"], "cardnum": reqData["cardnum"], "amount": int(reqData["amount"]), "account": reqData["account"], "remark": reqData["remark"], "user_group": getUser.username, "date_group": datetime.datetime.strptime(reqData["timeinfo"], "%Y-%m-%d"), } await self.application.objects.create(Records, **dict1) return self.finish(rf().code(201))
async def delete(self, *args, **kwargs): reqInfo = json.loads(self.request.body.decode("utf8")) for one in reqInfo['id']: one = int(one) await self.application.objects.execute( WhiteList.delete().where(WhiteList.id == one)) self.finish(rf().code(204))
async def delete(self, *args, **kwargs): reqData = json.loads(self.request.body.decode("utf8")) for one in reqData['data']: await self.application.objects.execute( Records.delete().where((Records.id == one["id"]) & (Records.onlyid == one["onlyid"]))) self.finish(rf().set(204, "删除成功"))
async def post(self): resData = {} reqData = json.loads(self.request.body.decode('utf8')) try: getOnlyid = await self.application.objects.get( Records, onlyid=reqData["onlyid"]) except Exception as e: return self.finish(rf().set(404, "信息有误")) if getOnlyid.is_fail: return self.finish(rf().set(404, "该信息已提交过")) getOnlyid.is_fail = True getOnlyid.spare1 = self.current_user res = await self.application.objects.update(getOnlyid) if res == 0: return self.finish(rf().set(404, "操作失败")) return self.finish(rf().code(202))
async def get(self, *args, **kwargs): roleList = await self.application.objects.execute(Roles.select()) resList = [] for role in roleList: dict1 = { "id": role.id, "title": role.title, } resList.append(dict1) resData = rf().code(200) resData['data'] = resList return self.finish(resData)
async def put(self, *args, **kwargs): reqData = json.loads(self.request.body.decode('utf8')) # 获取redis验证信息 rds = RedisGroup(self) rdsInfo = await rds.get(reqData) if rdsInfo: return self.finish(rdsInfo) # 修改记录 recordData = { m: [n] if isinstance(n, str) else [str(n)] for m, n in reqData.items() } valiData = RecordsForm(recordData) if valiData.validate(): getRecord = await self.application.objects.get( Records, id=reqData["id"], onlyid=reqData["onlyid"]) valiUuid = getRecord.uuidnum val = valiData.data _dict1 = { "cardclass": val["cardclass"], "name": val["name"], "account": val["account"], "amount": int(val["amount"]), "cardnum": val["cardnum"], "remark": reqData["remark"], "last_time": datetime.datetime.now() } resSql = await self.application.objects.execute( Records.update(**_dict1, uuidnum=uuid.uuid1()).where( (Records.id == reqData["id"]) & (Records.onlyid == reqData["onlyid"]) & (Records.uuidnum == valiUuid))) if resSql == 0: return self.finish(rf().code(404)) return self.finish(rf().code(202)) else: resData = rf().set(404, "更新失败") resData["msg"] = valiData.errors
async def post(self, *args, **kwargs): reqData = json.loads(self.request.body.decode('utf8')) # 获取redis验证信息 rds = RedisGroup(self) rdsInfo = await rds.set(reqData) if rdsInfo: return self.finish(rdsInfo) try: oneRecord = await self.application.objects.get( Records, id=reqData["id"], onlyid=reqData["onlyid"]) validata = oneRecord.uuidnum except Exception as e: rds.delete() return self.finish(rf().code(404)) # 判断初始状态是否为确定 if oneRecord.is_confirm: rds.delete() return self.finish(rf().set(404, "失败记录已确定")) # 判断初始状态是否为确定 if oneRecord.is_freeze: return self.finish(rf().set(404, "其它用户已锁定")) # 更改锁定状态 if reqData["is_lock"]: async with self.application.objects.atomic(): result = await self.application.objects.execute( Records.update(is_lock=reqData["is_lock"], uuidnum=uuid.uuid1(), lock_user=self.current_user).where( (Records.id == reqData["id"]) & (Records.uuidnum == validata) & (Records.is_confirm == False))) if result == 0: rds.delete() return self.finish(rf().code(404)) return self.finish(rf().set(202, "操作成功")) else: async with self.application.objects.atomic(): result = await self.application.objects.execute( Records.update(is_lock=reqData["is_lock"], uuidnum=uuid.uuid1(), lock_user=self.current_user).where( (Records.id == reqData["id"]) & (Records.uuidnum == validata) & (Records.is_confirm == False))) if result == 0: return self.finish(rf().code(404)) rds.delete() return self.finish(rf().set(202, "操作成功"))
async def wrapper(self,*args, **kwargs): # ip限制 ip = self.request.remote_ip globalRes = await self.application.objects.execute(WhiteList.select().where(WhiteList.is_global==True)) if len(globalRes)>=1: try: ipRes = await self.application.objects.get(WhiteList, ip=ip) except WhiteList.DoesNotExist as e: return self.finish(rf().code(401)) if not ipRes.is_through: return self.finish(rf().code(401)) #判断是否带token返回 try: reqAuth = self.request.headers['Authorization'] except KeyError as e: return self.finish(rf().code(401)) # return HTTPError(401) if reqAuth == "undefined" or (not reqAuth): return self.finish(rf().code(401)) # 判断是否过期及token中是否有用户信息 reqUser = jt().decode(reqAuth) if not reqUser: return self.finish(rf().code(401)) #实例化redis获取用户信息 rds = self.application.rds(2) userinfo = rds.get(reqUser['data']) if not userinfo: return self.finish(rf().code(401)) self._current_user = userinfo.decode("utf8") #权限 reqPath = self.request.uri.split("?")[0] whitePath = ["/index/"] if reqPath not in whitePath: is_per_through = 0 perGet = rds.get(userinfo.decode("utf8")).decode("utf8") perList = eval(perGet) for p in perList: pl = p.split(":") reg = re.compile(eval(repr('^'+pl[0]+'$'))) regR = reg.match(reqPath) methodR = self.request.method.lower() if regR and (methodR==pl[1]): is_per_through = 1 if is_per_through == 0: return self.finish(rf().set(403,"无权限访问")) return await method(self, *args, **kwargs)
async def post(self, *args, **kwargs): reqData = json.loads(self.request.body.decode("utf8")) # 生成wtform-tornado验证格式 reqDict = {m: [str(n)] for m, n in reqData.items()} valiDict = WhiteForm(reqDict) if valiDict.validate(): newData = valiDict.data through = False if reqData["is_through"] == "2" else True try: await self.application.objects.get(WhiteList, ip=newData['ip']) resData = rf().set(404, "失败IP已存在") return self.finish(resData) except WhiteList.DoesNotExist as e: async with self.application.objects.atomic(): await self.application.objects.create(WhiteList, ip=newData['ip'], is_through=through) return self.finish(rf().code(201)) else: resData = rf().code(404) resData['msg'] = valiDict.errors return self.finish(resData)
async def put(self, *args, **kwargs): resData = {} temp = json.loads(self.request.body.decode("utf8")) reqInfo = {m: [str(n)] for m, n in temp.items()} reqvali = PermissionsForm(reqInfo) if reqvali.validate(): try: oneEdit = await self.application.objects.get(Permissions, id=reqInfo['id']) except Exception as e: self.finish(rf().set(404, "失败提交信息有误")) else: obj = reqvali.data oneEdit.title = obj['title'] oneEdit.url = obj['url'] oneEdit.method = obj['method'] oneEdit.menu_id = obj['menu'] await self.application.objects.update(oneEdit) resData = rf().code(202) else: resData = rf().code(404) resData['msg'] = reqvali.errors return self.finish(resData)
async def put(self, *args, **kwargs): reqData = json.loads(self.request.body.decode("utf8")) reqList = {m: [str(n)] for m, n in reqData.items()} result = RoleForm(reqList) if result.validate(): valiData = result.data try: oneRole = await self.application.objects.get(Roles, id=reqData['id']) except Roles.DoesNotExist as e: return self.finish(rf().set(404, "失败用户不存在")) async with self.application.objects.atomic(): oneRole.title = valiData['title'] await self.application.objects.update(oneRole) #删除原来角色对应权限 await self.application.objects.execute( rolePermission.delete().where( rolePermission.roles_id == oneRole.id)) # 过滤出权限id列表 perList = [ int(str(i).split('permission-')[1]) for i in reqData["permission"] if str(i).startswith("permission-") ] if not len(perList) == 0: for c in perList: # 给角色添加权限 await self.application.objects.create( rolePermission, roles_id=oneRole.id, permissions_id=c) return self.finish(rf().code(202)) else: resData = rf().code(404) resData['msg'] = result.errors return self.finish(resData)
async def get(self, *args, **kwargs): resData = {} menuList = await self.application.objects.execute(Menus.select()) resList = [] for menu in menuList: # 判断是否有子菜单,并获取没有子菜单的菜单 res = await self.application.objects.execute(menu.children) if len(res) == 0: temp = { "menuid": menu.id, "menutitle": menu.title, } resList.append(temp) resData = rf().code(200) resData['data'] = resList return self.finish(resData)
async def get(self, *args, **kwargs): resData = {} await self.application.objects.execute(Menus.select().for_update()) menusObj = await self.application.objects.execute(Menus.select()) # 返回所有菜单信息 list1 = [] for menu in menusObj: dict1 = { "id": menu.id, "title": menu.title, "code": menu.code, } list1.append(dict1) resData = rf().code(200) resData["data"] = list1 return self.finish(resData)
async def delete(self, *args, **kwargs): reqData = json.loads(self.request.body.decode("utf8")) # 实例化redis rds = RedisGroup(self) for one in reqData['data']: # 获取redis验证信息 rdsInfo = await rds.get(one) if rdsInfo: return self.finish(rdsInfo) await self.application.objects.execute( Records.delete().where((Records.id == one["id"]) & (Records.onlyid == one["onlyid"]))) rds.delete() self.finish(rf().set(204, "删除成功"))
async def get(self, page, size, *args, **kwargs): # 所有过滤或查询的列表集合 allDataQuery = [] page = int(page) size = int(size) # 判断search是否有值,有值返回搜索的值 try: search = self.request.arguments['search'][0].decode("utf8") except Exception as f: search = None if search: allDataQuery.append((Users.username == search)) userAllObj = await self.application.objects.execute( Users.newData(allDataQuery).paginate( page, paginate_by=size).order_by(Users.id.desc())) total = await self.application.objects.execute( Users.newData(allDataQuery)) list1 = [] for one in userAllObj: roleList = [] #获取跟用户关联的角色 roleObj = await self.application.objects.execute(one.role) for t in roleObj: temp = { "id": t.id, "title": t.title, } roleList.append(temp) dict1 = { "id": one.id, "username": one.username, "is_superuser": one.is_superuser, "role": roleList, } list1.append(dict1) resData = rf().code(200) resData["data"] = list1 resData["total"] = len(total) return self.finish(resData)
async def post(self, *args, **kwargs): req = json.loads(self.request.body.decode("utf8")) try: oneUser = await self.application.objects.get( Users, username=req['username']) except Exception as e: raise HTTPError(401) #验证用户密码 passwd = pd().checkpw(req['password'], oneUser.password) if passwd: userSha256 = hashlib.sha256( req['username'].encode('utf8')).hexdigest() #redis保存用户信息 rds = self.application.rds(2) rds.set(userSha256, req['username'], ex=7200) resData = rf().code(200) resData['authorization'] = jt().encode(userSha256) return self.finish(resData) else: raise HTTPError(401)
async def get(self, *args, **kwargs): permissionList = await self.application.objects.execute( Permissions.select()) dataList = [] dataSet = set() #获取底层菜单的权限 for per in permissionList: if per.menu.title in dataSet: for m in dataList: if m['title'] == per.menu.title: subDict = { 'id': "permission" + "-" + str(per.id), 'title': per.title, } m['children'].append(subDict) else: dataSet.add(per.menu.title) dataDict = { 'id': per.menu.id, 'title': per.menu.title, 'children': [] } subDict = { 'id': "permission" + "-" + str(per.id), 'title': per.title, } dataDict['children'].append(subDict) dataList.append(dataDict) #获取菜单的层级列表 menusList = await self.application.objects.execute(Menus.select()) menuResList = [] for menu in menusList: if not menu.sub_id: menuResList.append(menu) #根据底层菜单拼接权限 dataJoin = await utils.deepRes(self, menuResList, 0, dataList) resData1 = rf().code(200) resData1["data"] = dataJoin return self.finish(resData1)
async def get(self, page, size, *args, **kwargs): # 所有过滤或查询的列表集合 allDataQuery = [] page = int(page) size = int(size) # 判断search是否有值,有值返回搜索的值 try: search = self.request.arguments['search'][0].decode("utf8") except Exception as f: search = None if search: allDataQuery.append((Roles.title == search)) roleObj = await self.application.objects.execute( Roles.newData(allDataQuery).paginate( page, paginate_by=size).order_by(Roles.id.desc())) total = await self.application.objects.execute( Roles.newData(allDataQuery)) list1 = [] for one in roleObj: perList = [] perObj = await self.application.objects.execute(one.permission) for t in perObj: temp = { "id": "permission-" + str(t.id), "title": t.title, } perList.append(temp) dict1 = { "id": one.id, "title": one.title, "permission": perList, } list1.append(dict1) resData = rf().code(200) resData["data"] = list1 resData["total"] = len(total) return self.finish(resData)
async def get(self, page, size, *args, **kwargs): # 所有过滤或查询的列表集合 allDataQuery = [] page = int(page) size = int(size) # 判断search是否有值,有值返回搜索的值 try: search = self.request.arguments['search'][0].decode("utf8") except Exception as f: search = None if search: allDataQuery.append((Permissions.title == search)) permissionObj = await self.application.objects.execute( Permissions.newData(allDataQuery).paginate( page, paginate_by=size).order_by(Permissions.id.desc())) total = await self.application.objects.execute( Permissions.newData(allDataQuery)) list1 = [] for per in permissionObj: menuTitle = await self.application.objects.get(Menus, id=per.menu_id) dict1 = { "id": per.id, "title": per.title, "url": per.url, "method": eval(per.method), "menuid": menuTitle.id, "menu": menuTitle.title, } list1.append(dict1) resData = rf().code(200) resData["data"] = list1 resData["total"] = len(total) return self.finish(resData)
async def get(self, page, size, *args, **kwargs): # 所有过滤或查询的列表集合 allDataQuery = [] page = int(page) size = int(size) # 判断search是否有值,有值返回搜索的值 try: search = self.request.arguments['search'][0].decode("utf8") except Exception as f: search = None if search: allDataQuery.append((WhiteList.ip == search)) ipAllObj = await self.application.objects.execute( WhiteList.newData(allDataQuery).paginate( page, paginate_by=size).order_by(WhiteList.id.desc())) total = await self.application.objects.execute( WhiteList.newData(allDataQuery)) list1 = [] is_global = [] for one in ipAllObj: dict1 = { "id": one.id, "ip": one.ip, "is_through": "1" if one.is_through else "2", } if one.is_global: is_global.append(one) list1.append(dict1) resData = rf().code(200) resData["data"] = list1 resData["total"] = len(total) resData["is_global"] = True if len(is_global) >= 1 else False return self.finish(resData)