Example #1
0
def show_team():
    # 判断用户权限
    judge(g.user['level'])
    if request.method == 'POST':
        team_name = request.form['team_name']
        db = get_db()
        posts = db.execute(
            '''
            SELECT t.id,t.team_name,t.team_describe,
            (SELECT COUNT(*) FROM user u WHERE u.team_id=t.id) AS team_count
            FROM team t WHERE team_name=?
            ''', (team_name, )).fetchall()
    else:
        db = get_db()
        posts = db.execute('''
            SELECT t.id,t.team_name,t.team_describe,
            (SELECT COUNT(*) FROM user u WHERE u.team_id=t.id) AS team_count
            FROM team t
            ''').fetchall()
    pager_obj = Pagination(request.args.get("page", 1),
                           len(posts),
                           request.path,
                           request.args,
                           per_page_count=10)
    list = posts[pager_obj.start:pager_obj.end]
    html = pager_obj.page_html()
    return render_template('admin/team/show.html', list=list, html=html)
Example #2
0
def not_allow():
    # 判断用户权限
    judge(g.user['level'])
    if request.method == 'POST':
        search_name = request.form['search_name']
        name = '%' + request.form['name'] + '%'
        db = get_db()
        # 按员工姓名搜索
        if search_name == '按员工姓名搜索':
            posts = db.execute(
                not_allow_sql + 'AND username LIKE ?' + order_by,
                (g.user['username'], name)).fetchall()
        # 按请假类型搜索
        elif search_name == '按请假类型搜索':
            posts = db.execute(
                not_allow_sql + 'AND leave_name LIKE ?' + order_by,
                (g.user['username'], name)).fetchall()
    else:
        db = get_db()
        posts = db.execute(not_allow_sql + order_by,
                           (g.user['username'], )).fetchall()
    # 分页
    pager_obj = Pagination(request.args.get("page", 1),
                           len(posts),
                           request.path,
                           request.args,
                           per_page_count=10)
    posts = posts[pager_obj.start:pager_obj.end]
    html = pager_obj.page_html()
    return render_template('admin/leave/not_allow.html',
                           posts=posts,
                           html=html)
Example #3
0
def update_notice(id):
    # 判断用户权限
    judge(g.user['level'])
    # 拿到数据库中的值
    db = get_db()
    post = get_post(id)
    judge3(g.user['id'], post[4])
    if request.method == 'POST':
        cp_title = request.form['cp_title']
        cp_body = request.form['cp_body']
        author_id = g.user['id']
        # 校验
        error = None
        if db.execute(
                sql + '''
            WHERE cp_title = ? AND id != ?
            ''', (cp_title, id)).fetchone() is not None:
            error = '通知信息名称{}已经被使用!'.format(cp_title)
        if error is not None:
            flash(error)
        else:
            db.execute(
                'UPDATE company SET cp_title = ?, cp_body = ?,author_id = ?'
                ' WHERE id = ?', (cp_title, cp_body, author_id, id))
            db.commit()
            return redirect(url_for('company.notice'))
    return render_template('admin/notice/update.html', post=post)
Example #4
0
def create_notice():
    # 判断用户权限
    judge(g.user['level'])
    db = get_db()
    if request.method == 'POST':
        cp_title = request.form['cp_title']
        cp_body = request.form['cp_body']
        author_id = g.user['id']
        # 校验
        error = None
        if db.execute(
                sql + '''
            WHERE cp_title = ? 
            ''', (cp_title, )).fetchone() is not None:
            error = '通知信息名称{}已经被使用!'.format(cp_title)
        if error is not None:
            flash(error)
            return redirect(url_for('company.create_notice'))
        else:
            db.execute(
                '''
                INSERT INTO company (cp_title,cp_body,author_id) VALUES (?,?,?)
                ''', (cp_title, cp_body, author_id))
            db.commit()
        return redirect(url_for('company.notice'))
    # 默认进入添加页面
    else:
        return render_template('admin/notice/create.html')
Example #5
0
def register():
    if request.method == 'POST':
        username = request.form['username']
        email = request.form['email']
        password = request.form['password']
        db = get_db()
        error = None
        # Validation of username and password
        if not username:
            error = 'Username is required.'
        elif not password:
            error = 'Password is required.'
        elif not email:
            error = 'Email is required.'
        elif db.execute('SELECT user_id FROM user WHERE username = ?',
                        (username, )).fetchone() is not None:
            error = 'User {} is already registered.'.format(username)

        if error is None:
            db.execute(
                'INSERT INTO user (username,email, password) VALUES (?, ?,?)',
                (username, email, generate_password_hash(password)))

            db.commit()
            flash('Registered successfully!!!!')
            return redirect(url_for('auth.confirm'))

        flash(error)

    return render_template('auth/register.html')
Example #6
0
def update(id):
    # 拿到数据库中的id,username,level
    db = get_db()
    post = get_post(id)
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        sex = request.form['sex']
        birthday = request.form['birthday']
        email = request.form['email']
        tel = request.form['tel']
        # 校验
        error = None
        if not username:
            error = '请填写用户名.'
        elif not password:
            error = '请填写密码.'
        elif db.execute('SELECT id FROM user WHERE username = ? AND id != ?',
                        (username, id)).fetchone() is not None:
            error = '用户名 {} 已经被注册.'.format(username)
        if error is not None:
            flash(error)
        else:
            db.execute(
                'UPDATE user SET username = ?, password = ?,sex=?,birthday=?,email=?,tel=?'
                ' WHERE id = ?', (username, generate_password_hash(password),
                                  sex, birthday, email, tel, id))
            db.commit()
            return redirect(url_for('personnel_user.show_user'))

    return render_template('user/personnel/update.html', post=post)
Example #7
0
def show_one_more(id):
    # 判断用户权限
    judge(g.user['level'])
    get_post(id)
    db = get_db()
    posts = db.execute(sql + ''' WHERE u.id =?''', (id, ))
    return render_template('admin/personnel/show_more.html', posts=posts)
Example #8
0
File: train.py Project: hekun97/MIS 
def create_train():
    # 判断用户权限
    judge(g.user['level'])
    if request.method == 'POST':
        train_title = request.form['train_title']
        train_body = request.form['train_body']
        train_begin_time = request.form['train_begin_time']
        train_end_time = request.form['train_end_time']
        train_time = request.form['train_time']
        author_id = g.user['id']

        db = get_db()
        # 添加职位校验
        error = None
        if not train_title:
            error = '请填写培训名称.'
        elif db.execute('SELECT id FROM train WHERE train_title = ?',
                        (train_title, )).fetchone() is not None:
            error = '培训名称: {} 已经被使用。'.format(train_title)

        if error is None:
            # 将值插入到数据库
            db.execute(
                '''
                INSERT INTO train (train_title, train_body,train_begin_time,train_end_time,train_time,author_id) VALUES (?,?,?,?,?,?)
                ''', (train_title, train_body, train_begin_time,
                      train_end_time, train_time, author_id))
            db.commit()
            return redirect(url_for('train.show_train'))
        flash(error)
    return render_template('admin/train/create.html')
Example #9
0
def login():
    if request.method == 'POST':
        # 拿到登录表单中的值
        username = request.form['username']
        password = request.form['password']
        db = get_db()
        # 登录校验
        error = None
        user = db.execute('SELECT * FROM user WHERE username = ?',
                          (username, )).fetchone()
        if user is None:
            error = '用户名有误。'
        elif not check_password_hash(user['password'], password):
            error = '密码有误。'
        if error is None:
            session.clear()
            session['user_id'] = user['id']
            if db.execute(
                    'SELECT id FROM user WHERE username = ? AND level = "管理员"',
                (username, )).fetchone() is not None:
                return redirect(url_for('system.index'))
            else:
                return redirect(url_for('system.user'))

        flash(error)

    return render_template('auth/login.html')
Example #10
0
def notice_user():
    db = get_db()
    if request.method == 'POST':
        search_name = request.form['search_name']
        name = '%' + request.form['name'] + '%'
        if search_name == '按标题搜索':
            posts = db.execute(
                nt_sql + '''
                AND cp_title LIKE ?
                ORDER BY cp_created DESC
                ''', (name, )).fetchall()
        else:
            posts = db.execute(
                nt_sql + '''
                AND username LIKE ?
                ORDER BY cp_created DESC
                ''', (name, )).fetchall()
    else:
        posts = db.execute(nt_sql + '''
            ORDER BY cp_created DESC
            ''').fetchall()
    pager_obj = Pagination(request.args.get("page", 1),
                           len(posts),
                           request.path,
                           request.args,
                           per_page_count=10)
    posts = posts[pager_obj.start:pager_obj.end]
    html = pager_obj.page_html()
    return render_template('user/notice/show.html', posts=posts, html=html)
Example #11
0
def get_post(id):
    post = get_db().execute('SELECT *'
                            ' FROM user'
                            ' WHERE id = ?', (id, )).fetchone()
    if post is None:
        abort(404, "Post id {0} doesn't exist.".format(id))
    return post
Example #12
0
def show_more_notice_user(id):
    get_post(id)
    db = get_db()
    posts = db.execute(nt_sql + '''
        AND  c.id=?
        ''', (id, )).fetchall()
    return render_template('user/notice/show_more.html', posts=posts)
Example #13
0
def index():
    db = get_db()

    Cart_items = db.execute(
        'SELECT Cart.user_id,Cart.id,Products.name, Products.price, Products.description, Products.image, Products.id FROM products JOIN Cart ON Products.id = Cart.product_id'
    ).fetchall()

    return render_template('Cart/index.html', Cart_items=Cart_items)
Example #14
0
def index():
    if request.method != 'POST':
        db = get_db()
        products = db.execute('SELECT * FROM products').fetchall()
        return render_template('products/index.html', products=products)
    else:
        # print(request.form['product_id'])
        try:
            logged_in_user_id = g.user['user_id']
        except:
            logged_in_user_id = 1
        db = get_db()
        db.execute('INSERT INTO Cart (user_id, product_id)'
                   ' VALUES (?, ?)',
                   (logged_in_user_id, request.form['product_id']))
        db.commit()
        return redirect(url_for('products.index'))
Example #15
0
def delete_notice(id):
    # 判断用户权限
    judge(g.user['level'])
    get_post(id)
    db = get_db()
    db.execute('DELETE FROM company WHERE id = ?', (id, ))
    db.commit()
    return redirect(url_for('company.notice'))
Example #16
0
def index():
    db = get_db()
    posts = db.execute(
        'SELECT p.id, title, body, created, author_id, username'
        ' FROM post p JOIN user u ON p.author_id = u.user_id'
        ' ORDER BY created DESC'
    ).fetchall()
    return render_template('blog/index.html', posts=posts)
Example #17
0
def show_more():
    # 判断用户权限
    judge(g.user['level'])
    db = get_db()
    posts = db.execute(sql + '''
        WHERE cp_level='更多信息'
        ''')
    return render_template('admin/home/show_more.html', posts=posts)
Example #18
0
def get_post(id):
    post = get_db().execute('SELECT *'
                            ' FROM company'
                            ' WHERE id = ?', (id, )).fetchone()

    if post is None:
        abort(404, "Post 的 id值 {0} 不存在!".format(id))
    return post
Example #19
0
def load_logged_in_user():
    user_id = session.get('user_id')

    if user_id is None:
        g.user = None
    else:
        g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
                                  (user_id, )).fetchone()
Example #20
0
def show_more_user():
    db = get_db()
    posts = db.execute(
        # 使用count()函数计算人数
        '''
        SELECT * FROM company WHERE cp_level='更多信息'
        ''')
    return render_template('user/home/show_more.html', posts=posts)
Example #21
0
def delete(id):
    # 判断用户权限
    judge(g.user['level'])
    get_post(id)
    db = get_db()
    db.execute('DELETE FROM user WHERE id = ?', (id, ))
    db.commit()
    return redirect(url_for('personnel.show'))
Example #22
0
def show_more_notice(id):
    # 判断用户权限
    judge(g.user['level'])
    get_post(id)
    db = get_db()
    posts = db.execute(nt_sql + '''
        AND  c.id=?
        ''', (id, )).fetchall()
    return render_template('admin/notice/show_more.html', posts=posts)
Example #23
0
def show_all():
    if request.method == 'POST':
        search_name = request.form['search_name']
        name = '%' + request.form['name'] + '%'
        db = get_db()
        if search_name == '按姓名搜索':
            posts = db.execute(
                sql + '''
                WHERE u.username LIKE ?
                ''', (name, )).fetchall()
        elif search_name == '按性别搜索':
            posts = db.execute(
                sql + '''
                WHERE u.sex LIKE ?
                ''', (name, )).fetchall()
        elif search_name == '按职位搜索':
            posts = db.execute(
                sql + '''
                WHERE p_name LIKE ?
                ''', (name, )).fetchall()
        elif search_name == '按所属团队搜索':
            posts = db.execute(
                sql + '''
                WHERE t_name LIKE ?
                ''', (name, )).fetchall()
        elif search_name == '按所属部门搜索':
            posts = db.execute(
                sql + '''
                WHERE d_name LIKE ?
                ''', (name, )).fetchall()
    else:
        db = get_db()
        posts = db.execute(sql).fetchall()
    pager_obj = Pagination(request.args.get("page", 1),
                           len(posts),
                           request.path,
                           request.args,
                           per_page_count=10)
    list = posts[pager_obj.start:pager_obj.end]
    html = pager_obj.page_html()
    return render_template('user/personnel/show_all.html',
                           list=list,
                           html=html)
Example #24
0
def show():
    # 判断用户权限
    judge(g.user['level'])
    db = get_db()
    if request.method == 'POST':
        search_name = request.form['search_name']
        # 变成模糊搜索格式
        name = '%' + request.form['name'] + '%'
        # 按姓名搜索
        if search_name == '按姓名搜索':
            posts = db.execute(sql + '''WHERE u.username LIKE ?''',
                               (name, )).fetchall()
        # 按性别搜索
        elif search_name == '按性别搜索':
            posts = db.execute(sql + '''WHERE u.sex LIKE ?''',
                               (name, )).fetchall()
        # 按权限搜索
        elif search_name == '按权限搜索':
            posts = db.execute(sql + '''WHERE u.level LIKE ?''',
                               (name, )).fetchall()
        # 按职位搜索
        elif search_name == '按职位搜索':
            posts = db.execute(sql + '''WHERE p_name LIKE ?''',
                               (name, )).fetchall()
        # 按所属团队搜索
        elif search_name == '按所属团队搜索':
            posts = db.execute(sql + '''WHERE t_name LIKE ?''',
                               (name, )).fetchall()
        # 按所属部门搜索
        elif search_name == '按所属部门搜索':
            posts = db.execute(sql + '''WHERE d_name LIKE ?''',
                               (name, )).fetchall()
    # 默认条件下展示所有员工
    else:
        posts = db.execute(sql).fetchall()
    '''
    current_page——表示当前页。
    total_count——表示数据总条数。
    base_url——表示分页URL前缀,请求的前缀获取可以通过Flask的request.path方法,无需自己指定。
    例如:我们的路由方法为@app.route('/test'),request.path方法即可获取/test。
    params——表示请求传入的数据,params可以通过request.args动态获取。
    例如:我们链接点击为:http://localhost:5000/test?page=10,此时request.args获取数据为ImmutableMultiDict([('page', u'10')])
    per_page_count——指定每页显示数。
    max_pager_count——指定页面最大显示页码
    '''
    # 分页
    pager_obj = Pagination(request.args.get("page", 1),
                           len(posts),
                           request.path,
                           request.args,
                           per_page_count=10)
    list = posts[pager_obj.start:pager_obj.end]
    html = pager_obj.page_html()
    return render_template('admin/personnel/show.html', list=list, html=html)
Example #25
0
def show_user_pt():
    if request.method == 'POST':
        pt_name = request.form['pt_name']
        db = get_db()
        posts = db.execute(
            '''
            SELECT p.id,p.pt_name,p.pt_describe,
            (SELECT COUNT(*) FROM user u WHERE u.pt_id=p.id) AS pt_count
            FROM position p WHERE p.pt_name=?
        ''', (pt_name, ))
        li = []
        for post in posts:
            li.append(post)
        pager_obj = Pagination(request.args.get("page", 1),
                               len(li),
                               request.path,
                               request.args,
                               per_page_count=10)
        list = li[pager_obj.start:pager_obj.end]
        html = pager_obj.page_html()
        return render_template('user/position.html', list=list, html=html)
    else:
        db = get_db()
        posts = db.execute('''
            SELECT p.id,p.pt_name,p.pt_describe,
            (SELECT COUNT(*) FROM user u WHERE u.pt_id=p.id) AS pt_count
            FROM position p
            ''')
        li = []
        for post in posts:
            li.append(post)
        pager_obj = Pagination(request.args.get("page", 1),
                               len(li),
                               request.path,
                               request.args,
                               per_page_count=10)
        list = li[pager_obj.start:pager_obj.end]
        html = pager_obj.page_html()
        return render_template('user/position.html', list=list, html=html)
Example #26
0
def get_post(id, check_author=True):
    post = get_db().execute(
        'SELECT p.id, title, body, created, author_id, username'
        ' FROM post p JOIN user u ON p.author_id = u.user_id'
        ' WHERE p.id = ?', (id, )).fetchone()

    if post is None:
        abort(404, "Post id {0} doesn't exist.".format(id))

    if check_author and post['author_id'] != g.user['user_id']:
        abort(403)

    return post
Example #27
0
def show_user():
    db = get_db()
    posts = db.execute(
        '''
            SELECT u.id,u.username,u.password,u.sex,u.email,u.tel,u.level,u.money,u.birthday,u.work_begin_day,
            (strftime('%Y', 'now') - strftime('%Y', birthday)) - (strftime('%m-%d', 'now') < strftime('%m-%d', birthday)) AS age,
            (strftime('%Y', 'now') - strftime('%Y', work_begin_day)) - (strftime('%m-%d', 'now') < strftime('%m-%d', work_begin_day)) AS work_age,
            (SELECT t.team_name FROM team t WHERE u.team_id = t.id) AS t_name,
            (SELECT d.dp_name FROM department d WHERE u.dp_id = d.id) AS d_name,
            (SELECT p.pt_name FROM position p WHERE u.pt_id = p.id) AS p_name          
            FROM user u WHERE u.username =?
        ''', (g.user['username'], ))
    return render_template('user/personnel/show.html', posts=posts)
Example #28
0
def update_more(id):
    # 判断用户权限
    judge(g.user['level'])
    # 拿到数据库中的值
    post = get_post(id)
    if request.method == 'POST':
        cp_title = request.form['cp_title']
        cp_body = request.form['cp_body']
        db = get_db()
        db.execute(
            'UPDATE company SET cp_title = ?, cp_body = ?'
            ' WHERE id = ?', (cp_title, cp_body, id))
        db.commit()
        return redirect(url_for('company.show_more'))
    return render_template('admin/home/update_more.html', post=post)
Example #29
0
def delete_team(id):
    # 判断用户权限
    judge(g.user['level'])
    post = get_post(id)
    db = get_db()
    error = None
    if db.execute('''
        SELECT id FROM user WHERE team_id=?
        ''', (id, )).fetchone() is not None:
        error = '删除失败,仍有员工在团队{}中!'.format(post[1])
    if error is None:
        db.execute('DELETE FROM team WHERE id = ?', (id, ))
        db.commit()
    else:
        flash(error)
    return redirect(url_for('team.show_team'))
Example #30
0
def create():
    if request.method == 'POST':
        product_id = request.form['product_id']
        error = None

        if error is not None:
            flash(error)
        else:
            db = get_db()
            db.execute(
                'INSERT INTO Cart (user_id, product_id)'
                ' VALUES (?, ?)', (g.user['user_id'], product_id))

            db.commit()
            return redirect(url_for('Cart.index'))

    return render_template('Cart/create.html')