def show_team(): # 判断用户权限 judge(g.user['level']) if request.method == 'POST': team_name = request.form['team_name'] db = get_db() posts = db.execute( ''' SELECT t.id,t.team_name,t.team_describe, (SELECT COUNT(*) FROM user u WHERE u.team_id=t.id) AS team_count FROM team t WHERE team_name=? ''', (team_name, )).fetchall() else: db = get_db() posts = db.execute(''' SELECT t.id,t.team_name,t.team_describe, (SELECT COUNT(*) FROM user u WHERE u.team_id=t.id) AS team_count FROM team t ''').fetchall() pager_obj = Pagination(request.args.get("page", 1), len(posts), request.path, request.args, per_page_count=10) list = posts[pager_obj.start:pager_obj.end] html = pager_obj.page_html() return render_template('admin/team/show.html', list=list, html=html)
def not_allow(): # 判断用户权限 judge(g.user['level']) if request.method == 'POST': search_name = request.form['search_name'] name = '%' + request.form['name'] + '%' db = get_db() # 按员工姓名搜索 if search_name == '按员工姓名搜索': posts = db.execute( not_allow_sql + 'AND username LIKE ?' + order_by, (g.user['username'], name)).fetchall() # 按请假类型搜索 elif search_name == '按请假类型搜索': posts = db.execute( not_allow_sql + 'AND leave_name LIKE ?' + order_by, (g.user['username'], name)).fetchall() else: db = get_db() posts = db.execute(not_allow_sql + order_by, (g.user['username'], )).fetchall() # 分页 pager_obj = Pagination(request.args.get("page", 1), len(posts), request.path, request.args, per_page_count=10) posts = posts[pager_obj.start:pager_obj.end] html = pager_obj.page_html() return render_template('admin/leave/not_allow.html', posts=posts, html=html)
def update_notice(id): # 判断用户权限 judge(g.user['level']) # 拿到数据库中的值 db = get_db() post = get_post(id) judge3(g.user['id'], post[4]) if request.method == 'POST': cp_title = request.form['cp_title'] cp_body = request.form['cp_body'] author_id = g.user['id'] # 校验 error = None if db.execute( sql + ''' WHERE cp_title = ? AND id != ? ''', (cp_title, id)).fetchone() is not None: error = '通知信息名称{}已经被使用!'.format(cp_title) if error is not None: flash(error) else: db.execute( 'UPDATE company SET cp_title = ?, cp_body = ?,author_id = ?' ' WHERE id = ?', (cp_title, cp_body, author_id, id)) db.commit() return redirect(url_for('company.notice')) return render_template('admin/notice/update.html', post=post)
def notice(): # 判断用户权限 judge(g.user['level']) db = get_db() if request.method == 'POST': search_name = request.form['search_name'] name = '%' + request.form['name'] + '%' if search_name == '按标题搜索': posts = db.execute( nt_sql + ''' AND cp_title LIKE ? ORDER BY cp_created DESC ''', (name, )).fetchall() else: posts = db.execute( nt_sql + ''' AND username LIKE ? ORDER BY cp_created DESC ''', (name, )).fetchall() else: posts = db.execute(nt_sql + ''' ORDER BY cp_created DESC ''').fetchall() # 分页 pager_obj = Pagination(request.args.get("page", 1), len(posts), request.path, request.args, per_page_count=10) posts = posts[pager_obj.start:pager_obj.end] html = pager_obj.page_html() return render_template('admin/notice/show.html', posts=posts, html=html)
def create_notice(): # 判断用户权限 judge(g.user['level']) db = get_db() if request.method == 'POST': cp_title = request.form['cp_title'] cp_body = request.form['cp_body'] author_id = g.user['id'] # 校验 error = None if db.execute( sql + ''' WHERE cp_title = ? ''', (cp_title, )).fetchone() is not None: error = '通知信息名称{}已经被使用!'.format(cp_title) if error is not None: flash(error) return redirect(url_for('company.create_notice')) else: db.execute( ''' INSERT INTO company (cp_title,cp_body,author_id) VALUES (?,?,?) ''', (cp_title, cp_body, author_id)) db.commit() return redirect(url_for('company.notice')) # 默认进入添加页面 else: return render_template('admin/notice/create.html')
def show_one_more(id): # 判断用户权限 judge(g.user['level']) get_post(id) db = get_db() posts = db.execute(sql + ''' WHERE u.id =?''', (id, )) return render_template('admin/personnel/show_more.html', posts=posts)
def create_train(): # 判断用户权限 judge(g.user['level']) if request.method == 'POST': train_title = request.form['train_title'] train_body = request.form['train_body'] train_begin_time = request.form['train_begin_time'] train_end_time = request.form['train_end_time'] train_time = request.form['train_time'] author_id = g.user['id'] db = get_db() # 添加职位校验 error = None if not train_title: error = '请填写培训名称.' elif db.execute('SELECT id FROM train WHERE train_title = ?', (train_title, )).fetchone() is not None: error = '培训名称: {} 已经被使用。'.format(train_title) if error is None: # 将值插入到数据库 db.execute( ''' INSERT INTO train (train_title, train_body,train_begin_time,train_end_time,train_time,author_id) VALUES (?,?,?,?,?,?) ''', (train_title, train_body, train_begin_time, train_end_time, train_time, author_id)) db.commit() return redirect(url_for('train.show_train')) flash(error) return render_template('admin/train/create.html')
def delete(id): # 判断用户权限 judge(g.user['level']) get_post(id) db = get_db() db.execute('DELETE FROM user WHERE id = ?', (id, )) db.commit() return redirect(url_for('personnel.show'))
def show_more(): # 判断用户权限 judge(g.user['level']) db = get_db() posts = db.execute(sql + ''' WHERE cp_level='更多信息' ''') return render_template('admin/home/show_more.html', posts=posts)
def delete_notice(id): # 判断用户权限 judge(g.user['level']) get_post(id) db = get_db() db.execute('DELETE FROM company WHERE id = ?', (id, )) db.commit() return redirect(url_for('company.notice'))
def show_more_notice(id): # 判断用户权限 judge(g.user['level']) get_post(id) db = get_db() posts = db.execute(nt_sql + ''' AND c.id=? ''', (id, )).fetchall() return render_template('admin/notice/show_more.html', posts=posts)
def show(): # 判断用户权限 judge(g.user['level']) db = get_db() if request.method == 'POST': search_name = request.form['search_name'] # 变成模糊搜索格式 name = '%' + request.form['name'] + '%' # 按姓名搜索 if search_name == '按姓名搜索': posts = db.execute(sql + '''WHERE u.username LIKE ?''', (name, )).fetchall() # 按性别搜索 elif search_name == '按性别搜索': posts = db.execute(sql + '''WHERE u.sex LIKE ?''', (name, )).fetchall() # 按权限搜索 elif search_name == '按权限搜索': posts = db.execute(sql + '''WHERE u.level LIKE ?''', (name, )).fetchall() # 按职位搜索 elif search_name == '按职位搜索': posts = db.execute(sql + '''WHERE p_name LIKE ?''', (name, )).fetchall() # 按所属团队搜索 elif search_name == '按所属团队搜索': posts = db.execute(sql + '''WHERE t_name LIKE ?''', (name, )).fetchall() # 按所属部门搜索 elif search_name == '按所属部门搜索': posts = db.execute(sql + '''WHERE d_name LIKE ?''', (name, )).fetchall() # 默认条件下展示所有员工 else: posts = db.execute(sql).fetchall() ''' current_page——表示当前页。 total_count——表示数据总条数。 base_url——表示分页URL前缀,请求的前缀获取可以通过Flask的request.path方法,无需自己指定。 例如:我们的路由方法为@app.route('/test'),request.path方法即可获取/test。 params——表示请求传入的数据,params可以通过request.args动态获取。 例如:我们链接点击为:http://localhost:5000/test?page=10,此时request.args获取数据为ImmutableMultiDict([('page', u'10')]) per_page_count——指定每页显示数。 max_pager_count——指定页面最大显示页码 ''' # 分页 pager_obj = Pagination(request.args.get("page", 1), len(posts), request.path, request.args, per_page_count=10) list = posts[pager_obj.start:pager_obj.end] html = pager_obj.page_html() return render_template('admin/personnel/show.html', list=list, html=html)
def update_more(id): # 判断用户权限 judge(g.user['level']) # 拿到数据库中的值 post = get_post(id) if request.method == 'POST': cp_title = request.form['cp_title'] cp_body = request.form['cp_body'] db = get_db() db.execute( 'UPDATE company SET cp_title = ?, cp_body = ?' ' WHERE id = ?', (cp_title, cp_body, id)) db.commit() return redirect(url_for('company.show_more')) return render_template('admin/home/update_more.html', post=post)
def delete_team(id): # 判断用户权限 judge(g.user['level']) post = get_post(id) db = get_db() error = None if db.execute(''' SELECT id FROM user WHERE team_id=? ''', (id, )).fetchone() is not None: error = '删除失败,仍有员工在团队{}中!'.format(post[1]) if error is None: db.execute('DELETE FROM team WHERE id = ?', (id, )) db.commit() else: flash(error) return redirect(url_for('team.show_team'))
def not_allow_describe(id): # 判断用户权限 judge(g.user['level']) post = get_post(id) judge2(g.user['username'], post[1]) if request.method == 'POST': allow_name = g.user['username'] allow_level = request.form['allow_level'] not_allow_describe = request.form['not_allow_describe'] db = get_db() # 将值插入到数据库 db.execute( 'UPDATE leave SET allow_name = ?, allow_level = ?,not_allow_describe=?' ' WHERE id = ?', (allow_name, allow_level, not_allow_describe, id)) db.commit() return redirect(url_for('leave.not_allow')) return render_template('admin/leave/level.html')
def show_train(): # 判断用户权限 judge(g.user['level']) db = get_db() if request.method == 'POST': train_title = request.form['train_title'] posts = db.execute( ''' SELECT t.id,train_title,train_time,username FROM train t user u WHERE author_id=u.id AND t.train_title=? ''', (train_title, )) return render_template('admin/train/show.html', posts=posts) else: posts = db.execute(''' SELECT t.id,train_title,train_time,create_time, (SELECT COUNT(*) FROM user u WHERE join_id=u.id) AS count_join, (SELECT username FROM user u WHERE author_id=u.id) AS author FROM train t ''') return render_template('admin/train/show.html', posts=posts)
def create_team(): # 判断用户权限 judge(g.user['level']) if request.method == 'POST': team_name = request.form['team_name'] team_describe = request.form['team_describe'] db = get_db() # 添加团队校验 error = None if db.execute('SELECT id FROM team WHERE team_name = ?', (team_name, )).fetchone() is not None: error = '团队名称{}已经被使用!'.format(team_name) if error is None: # 将值插入到数据库 db.execute( 'INSERT INTO team (team_name, team_describe) VALUES (?, ?)', (team_name, team_describe)) db.commit() return redirect(url_for('team.show_team')) else: flash(error) return render_template('admin/team/create.html')
def update_team(id): # 判断用户权限 judge(g.user['level']) # 拿到数据库中的id,team_name,team_describe post = get_post(id) if request.method == 'POST': team_name = request.form['team_name'] team_describe = request.form['team_describe'] db = get_db() # 校验 error = None if db.execute('SELECT id FROM team WHERE team_name = ? AND id != ?', (team_name, id)).fetchone() is not None: error = '团队名称{}已经被使用!'.format(team_name) if error is not None: flash(error) else: db.execute( 'UPDATE team SET team_name = ?, team_describe = ?' ' WHERE id = ?', (team_name, team_describe, id)) db.commit() return redirect(url_for('team.show_team')) return render_template('admin/team/update.html', post=post)
def index(): # 判断用户权限 judge(g.user['level']) return render_template('admin/index.html')
def update(id): # 判断用户权限 judge(g.user['level']) # 拿到数据库中的id,username,level post = get_post(id) db = get_db() if request.method == 'POST': username = request.form['username'] password = request.form['password'] sex = request.form['sex'] level = request.form['level'] money = request.form['money'] birthday = request.form['birthday'] work_begin_day = request.form['work_begin_day'] team_name = request.form['team_name'] dp_name = request.form['dp_name'] pt_name = request.form['pt_name'] tel = request.form['tel'] email = request.form['email'] # 拿到team的id team_post = db.execute( ''' SELECT id FROM team WHERE team_name=? ''', (team_name, )).fetchone() # 将team表的id赋值给user表的team_id team_id = team_post[0] # 拿到部门的id dp_post = db.execute( ''' SELECT id FROM department WHERE dp_name=? ''', (dp_name, )).fetchone() # 将department表的id赋值给user表的dp_id dp_id = dp_post[0] # 拿到职位的id pt_post = db.execute( ''' SELECT id FROM position WHERE pt_name=? ''', (pt_name, )).fetchone() # 将position表的id赋值给user表的pt_id pt_id = pt_post[0] db = get_db() # 校验 error = None if db.execute('SELECT id FROM user WHERE username = ? AND id != ?', (username, id)).fetchone() is not None: error = '用户名{}已经被注册.'.format(username) if error is not None: flash(error) else: posts = db.execute('SELECT dp_name FROM department') team_posts = db.execute('SELECT team_name FROM team') pt_posts = db.execute('SELECT pt_name FROM position') db.execute( ''' UPDATE user SET username = ?, password = ?,sex=?,level=?,money=?,birthday=?,work_begin_day=?,team_id=?,pt_id=?,dp_id=?,tel=?,email=? WHERE id = ? ''', (username, generate_password_hash(password), sex, level, money, birthday, work_begin_day, team_id, pt_id, dp_id, tel, email, id)) db.commit() return redirect(url_for('personnel.show')) else: # 当前用户部门的部门名称 dp_fact = db.execute('SELECT dp_name FROM department WHERE id=?', (post['dp_id'], )) # 其他部门的名称 dp_others = db.execute('SELECT dp_name FROM department WHERE id!=?', (post['dp_id'], )) # 当前用户团队的团队名称 team_fact = db.execute('SELECT team_name FROM team WHERE id=?', (post['team_id'], )) # 其他团队的名称 team_others = db.execute('SELECT team_name FROM team WHERE id!=?', (post['team_id'], )) # 当前用户职位的职位名称 pt_fact = db.execute('SELECT pt_name FROM position WHERE id=?', (post['pt_id'], )) # 其他职位的名称 pt_others = db.execute('SELECT pt_name FROM position WHERE id!=?', (post['pt_id'], )) return render_template('admin/personnel/update.html', post=post, dp_fact=dp_fact, dp_others=dp_others, team_fact=team_fact, team_others=team_others, pt_fact=pt_fact, pt_others=pt_others)
def create(): # 判断用户权限 judge(g.user['level']) db = get_db() if request.method == 'POST': username = request.form['username'] password = request.form['password'] sex = request.form['sex'] level = request.form['level'] money = request.form['money'] birthday = request.form['birthday'] work_begin_day = request.form['work_begin_day'] team_name = request.form['team_name'] dp_name = request.form['dp_name'] pt_name = request.form['pt_name'] tel = request.form['tel'] email = request.form['email'] # 拿到team的id team_post = db.execute( ''' SELECT id FROM team WHERE team_name=? ''', (team_name, )).fetchone() # 将team表的id赋值给user表的team_id team_id = team_post[0] # 拿到部门的id dp_post = db.execute( ''' SELECT id FROM department WHERE dp_name=? ''', (dp_name, )).fetchone() # 将department表的id赋值给user表的dp_id dp_id = dp_post[0] # 拿到职位的id pt_post = db.execute( ''' SELECT id FROM position WHERE pt_name=? ''', (pt_name, )).fetchone() # 将position表的id赋值给user表的pt_id pt_id = pt_post[0] # 添加员工校验 error = None # 验证员工姓名 if db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = '用户名{}已经被注册!'.format(username) # 验证部门 elif dp_name == '请先添加部门': error = '请先添加部门' # 验证团队 elif team_name == '请先添加团队': error = '请先添加团队' # 验证职位 elif pt_name == '请先添加职位': error = '请先添加职位' if error is None: # 将注册值插入到数据库 db.execute( 'INSERT INTO user (username, password,sex,level,money,birthday,work_begin_day,team_id,pt_id,dp_id,tel,email) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)', (username, generate_password_hash(password), sex, level, money, birthday, work_begin_day, team_id, pt_id, dp_id, tel, email)) db.commit() return redirect(url_for('personnel.show')) flash(error) return redirect(url_for('personnel.create')) else: # 拿到部门的数据 posts = db.execute('SELECT dp_name FROM department').fetchall() # 判断是否有部门 if len(posts) == 0: po = ('请先添加部门', ) posts.append(po) # 拿到团队的数据 team_posts = db.execute('SELECT team_name FROM team').fetchall() # 判断是否有团队 if len(team_posts) == 0: po = ('请先添加团队', ) team_posts.append(po) # 拿到职位的信息 pt_posts = db.execute('SELECT pt_name FROM position').fetchall() # 判断是否有职位 if len(pt_posts) == 0: po = ('请先添加职位', ) pt_posts.append(po) return render_template('admin/personnel/create.html', posts=posts, team_posts=team_posts, pt_posts=pt_posts)