def index(request): # 检查身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) rq_list = [] if not suser.is_store: anweraire_queries = { answeraire.qid: answeraire.submitted for answeraire in Answeraire.objects.filter( username=suser.username) } for questionaire in Questionaire.objects.all(): rq = None # 高级管理员 if suser.admin_all: rq = Utils.remakeq(suser, questionaire, True, anweraire_queries) rq['filled_number'] = Answeraire.objects.filter( qid=questionaire.id).count() rq['submitted_number'] = Answeraire.objects.filter( qid=questionaire.id, submitted=True).count() # 问卷管理员:自己发的问卷 elif suser.admin_survey and questionaire.founder == suser.username: rq = Utils.remakeq(suser, questionaire, True, anweraire_queries) # 普通用户:被允许填的问卷,正在开放填写已经填写 elif Utils.check_allow(suser, questionaire): if (questionaire.status == 1) or (questionaire.status in [2, 3] and Utils.check_fill2( anweraire_queries, questionaire.id) > 1): rq = Utils.remakeq(suser, questionaire, False, anweraire_queries) if rq == None: continue rq_list.append(rq) # 导入问卷 f = request.FILES.get('upload', None) if not f is None: filepath = Utils.upload_file(f) qstring = load_survey(filepath) now = datetime.datetime.now() questionaire = Questionaire.objects.create(status=0, create_time=now, update_time=now, founder=suser.username, questions=qstring) return HttpResponseRedirect('/survey/' + str(questionaire.id) + '/') def cmp_by_time(x): return x['create_time'] rq_list.sort(key=lambda x: x['create_time'], reverse=True) rdata['rq_list'] = rq_list rdata['editable'] = suser.admin_all or suser.admin_survey return render(request, 'index.html', rdata)
def prize_store(request): if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if not suser.admin_all: return render(request, 'permission_denied.html', {}) if op == 'change_nickname': SUser.objects.filter(id=int(request.POST.get('sid'))).update( nickname=request.POST.get('nickname')) return HttpResponse(json.dumps({})) if op == 'get_prize_list': sid = int(request.POST.get('sid')) prizes = Prize.objects.all() prize_list = [] for prize in prizes: prize_list.append({ 'pid': prize.id, 'title': prize.title, 'in': sid in json.loads(prize.store) }) return HttpResponse(json.dumps({'prize_list': prize_list})) if op == 'renew_prize_for_store': sid = int(request.POST.get('sid')) pid_list = [ int(pid) for pid in json.loads(request.POST.get('pid_list')) ] manage_list = [] for prize in Prize.objects.all(): stores = json.loads(prize.store) exp_in = prize.id in pid_list pre_in = sid in stores if exp_in != pre_in: if exp_in: stores.append(sid) else: stores.remove(sid) prize.store = json.dumps(stores) prize.save() return HttpResponse(json.dumps({})) storepairs = [] for store in SUser.objects.filter(is_store=True): d = {'store': store} prizes = [] for prize in Prize.objects.all(): prizestores = json.loads(prize.store) print(store, id, prizestores) if store.id in prizestores: prizes.append(prize) d['prizes'] = prizes storepairs.append(d) rdata['storepairs'] = storepairs rdata['prizes'] = Prize.objects.all() return render(request, 'prize_store.html', rdata)
def prize(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) # 商家重导向 if suser.is_store: return HttpResponseRedirect('/prize_ticket/u/' + str(suser.id) + '/') if op == 'delete': pid = int(request.POST.get('pid')) Prize.objects.filter(id=pid).delete() return HttpResponse(json.dumps({})) if op == 'change_title': pid = int(request.POST.get('pid')) title = request.POST.get('title') Prize.objects.filter(id=pid).update(title=title) return HttpResponse(json.dumps({})) if op == 'change_credit': pid = int(request.POST.get('pid')) credit = int(request.POST.get('credit')) Prize.objects.filter(id=pid).update(credit=credit) return HttpResponse(json.dumps({})) if op == 'change_price': pid = int(request.POST.get('pid')) price = int(request.POST.get('price')) Prize.objects.filter(id=pid).update(price=price) return HttpResponse(json.dumps({})) if op == 'change_description': pid = int(request.POST.get('pid')) Prize.objects.filter(id=pid).update( description=request.POST.get('description')) return HttpResponse(json.dumps({})) if op == 'exchange': jdata = {'result': 'ok'} pid = int(request.POST.get('pid')) prize = Prize.objects.get(id=pid) if suser.credit < prize.credit: jdata['result'] = '没有足够积分' return HttpResponse(json.dumps(jdata)) suser.credit -= prize.credit suser.save() PrizeTicket.objects.create(uid=suser.id, pid=pid, count=1, used=False, exchange_time=datetime.datetime.now()) return HttpResponse(json.dumps(jdata)) rdata['prizes'] = prizes = list(reversed(Prize.objects.all())) return render(request, 'prize.html', rdata)
def backend_admin(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if suser.username != 'root': return render(request, 'permission_denied.html', {}) if op == 'export_multi': qids = json.loads(request.POST.get('qids')) excel_name = Analysis.export_multi(qids) return HttpResponse( json.dumps({ 'result': 'yes', 'export_path': excel_name })) if op == 'del_ans': cnt_del_ans = 0 for answeraire in Answeraire.objects.all(): questionaires = Questionaire.objects.filter(id=answeraire.qid) if len(questionaires) == 0: answeraire.delete() cnt_del_ans += 1 cnt_del_rep = 0 for report in Report.objects.all(): questionaires = Questionaire.objects.filter(id=report.qid) if len(questionaires) == 0: report.delete() cnt_del_rep += 1 return HttpResponse( json.dumps({ 'cnt_del_ans': cnt_del_ans, 'cnt_del_rep': cnt_del_rep })) if op == 'del_tsinghua': cnt_del_tsinghua = 0 for suser in SUser.objects.all(): username = suser.username if username.isdigit() and len(username) == 10: User.objects.filter(username=username).delete() suser.delete() cnt_del_tsinghua += 1 for user in User.objects.all(): username = user.username if username.isdigit() and len(username) == 10: SUser.objects.filter(username=username).delete() user.delete() cnt_del_tsinghua += 1 return HttpResponse(json.dumps({'cnt_del_tsinghua': cnt_del_tsinghua})) return render(request, 'backend_admin.html', {})
def help_center(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if suser.admin_all: helps = reversed(Help.objects.all()) else: helps = reversed(Help.objects.filter(released=True)) rdata['helps'] = helps return render(request, 'helps.html', rdata)
def login(request): rdata, op, suser = Utils.get_request_basis(request) if request.user.is_authenticated and op == '': return HttpResponseRedirect('/index/') login = False username = request.POST.get('username') password = request.POST.get('password') if username is not None and password is not None: password = Utils.uglyDecrypt(password) # 判断是否存在 susers = SUser.objects.filter(username=username) existed = (len(susers) > 0) # 判断是否是清华账号 if username.isdigit() and len(username) == 10: if not existed: existed = True if username == password: user = User.objects.create_user(username=username, password=password) suser = SUser.objects.create(uid=user.id, username=username, nickname=username) if existed: # 验证 user = auth.authenticate(username=username, password=password) if user is not None: auth.login(request, user) login = True else: rdata['info'] = '密码错误' else: rdata['info'] = '用户名不存在' if op == 'get_magic_number': return HttpResponse(json.dumps({'magic_number': Utils.MAGIC_NUMBER})) if login: url = '/index/' if 'last_url' in request.session: url = request.session['last_url'] return HttpResponseRedirect(url) else: return render(request, 'login.html', rdata)
def search(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if not suser.admin_all: return render(request, 'permission_denied.html', {}) def context(s, klen, pos): l = max(0, pos - 5) r = min(len(s), pos + klen + 5) context_left = s[l:pos] if l != 0: context_left = '...' + context_left context_right = s[pos + klen:r] if r != len(s): context_right = context_right + '...' return context_left, s[pos:pos + klen], context_right if op == 'search': keyword = request.POST.get('keyword') questionaire_list = Questionaire.objects.all() result = [] for questionaire in questionaire_list: d = {} p = questionaire.title.find(keyword) if p != -1: d['id'] = questionaire.id d['title'] = questionaire.title d['update_time'] = str(questionaire.update_time)[:19] d['context_left'], d['context_mid'], d[ 'context_right'] = context(questionaire.title, len(keyword), p) result.append(d) continue p = questionaire.questions.find(keyword) if p != -1: d['id'] = questionaire.id d['title'] = questionaire.title d['update_time'] = str(questionaire.update_time)[:19] d['context_left'], d['context_mid'], d[ 'context_right'] = context(questionaire.questions, len(keyword), p) result.append(d) return HttpResponse(json.dumps({'result': result})) return render(request, 'search.html', rdata)
def admin_list(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if not suser.admin_super: return render(request, 'permission_denied.html', {}) def get_admin_list(): admin_list = [] for admin in SUser.objects.filter(Q(admin_all=1) | Q( admin_survey=1)).filter(~Q(username='******')): admin_list.append({ 'uid': admin.id, 'username': admin.username, 'name': admin.name, 'admin_all': admin.admin_all, 'admin_survey': admin.admin_survey }) return admin_list # 加载 if op == 'load': return HttpResponse(json.dumps({'admin_list': get_admin_list()})) # 修改管理员状态 if op == 'add': username = request.POST.get('username') level = request.POST.get('level') value = int(request.POST.get('value')) if level == 'chief': susers = SUser.objects.filter(username=username) susers.update(admin_all=value) ulen = len(susers) elif level == 'survey': susers = SUser.objects.filter(username=username) susers.update(admin_survey=value) ulen = len(susers) return HttpResponse( json.dumps({ 'ulen': ulen, 'admin_list': get_admin_list() })) rdata['admin_list'] = get_admin_list() return render(request, 'admin_list.html', rdata)
def profile(request, uid): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if (not suser.admin_all) and (int(suser.id) != int(uid)): return render(request, 'permission_denied.html', {}) rdata['psuser'] = psuser = SUser.objects.get(id=uid) puser = User.objects.get(id=psuser.uid) if op == 'change_nickname': psuser.nickname = request.POST.get('nickname') psuser.save() return HttpResponse(json.dumps({})) if op == 'change_password': old_password = Utils.uglyDecrypt(request.POST.get('old_password')) new_password = Utils.uglyDecrypt(request.POST.get('new_password')) puser2 = auth.authenticate(username=puser.username, password=old_password) jdata = {} if puser2 is not None and puser2 == puser and puser2.is_active: puser.set_password(new_password) puser.save() jdata['result'] = 'yes' return HttpResponse(json.dumps(jdata)) else: jdata['result'] = 'no' return HttpResponse(json.dumps(jdata)) rq_list = [] anweraire_queries = { answeraire.qid: answeraire.submitted for answeraire in Answeraire.objects.filter(username=suser.username) } for questionaire in Questionaire.objects.all(): if questionaire.status in [1, 2, 3] and Utils.check_fill2( anweraire_queries, questionaire.id) in [2, 3]: rq_list.append( Utils.remakeq(suser, questionaire, False, anweraire_queries)) rq_list.sort(key=lambda x: x['create_time'], reverse=True) rdata['rq_list'] = rq_list return render(request, 'profile.html', rdata)
def prize_exchange(request, tid): # 验证身份,只有特定商家和特定用户 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) rdata['ticket'] = ticket = PrizeTicket.objects.get(id=tid) rdata['prize'] = prize = Prize.objects.get(id=ticket.pid) if suser.is_store: store = json.loads(prize.store) if not suser.id in store: return render(request, 'permission_denied.html', {}) else: if ticket.uid != suser.id: return render(request, 'permission_denied.html', {}) op = request.POST.get("op") if op == "exchange": if suser.is_store: ticket.use_status = ticket.use_status | 2 ticket.oid = suser.id else: ticket.use_status = ticket.use_status | 4 if ticket.use_status == 7: ticket.used = True ticket.use_time = datetime.datetime.now() ticket.save() return HttpResponse(json.dumps({})) if op == "if_confirm": jdata = {'result': 'not confirmed'} if ticket.use_status == 7: jdata['result'] = 'confirmed' return HttpResponse(json.dumps(jdata)) if ticket.used == True: return render(request, 'permission_denied.html', {}) if suser.is_store: ticket.use_status = ticket.use_status | 1 ticket.save() return render(request, 'prize_exchange.html', rdata)
def prize_add(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if not suser.admin_all: return render(request, 'permission_denied.html', {}) if op == 'add_prize': title = request.POST.get('title') description = request.POST.get('description') credit = int(request.POST.get('credit')) price = int(request.POST.get('price')) expire_time = request.POST.get('expire_time') prize = Prize.objects.create(title=title, description=description, credit=credit, price=price, expire_time=expire_time) return HttpResponse(json.dumps({})) return render(request, 'prize_add.html', rdata)
def prize_add_store(request): # 验证身份 if not request.user.is_authenticated: return Utils.redirect_login(request) rdata, op, suser = Utils.get_request_basis(request) if not suser.admin_all: return render(request, 'permission_denied.html', {}) if op == 'add_store': jdata = {'result': 'ok'} username = request.POST.get('username') if username.isdigit() and len(username) == 10: jdata['result'] = '请勿使用清华学号' elif len(SUser.objects.filter(username=username)) > 0: jdata['result'] = '用户名已存在' else: nickname = request.POST.get('nickname') password = Utils.uglyDecrypt(request.POST.get('password')) pid_list = json.loads(request.POST.get('pid_list')) user = User.objects.create_user(username=username, password=password) suser = SUser.objects.create(username=username, nickname=nickname, uid=user.id, is_sample=0, is_store=1) for pid in pid_list: prize = Prize.objects.get(id=int(pid)) store = json.loads(prize.store) store.append(suser.id) prize.store = json.dumps(store) prize.save() return HttpResponse(json.dumps(jdata)) rdata['prizes'] = prizes = list(reversed(Prize.objects.all())) return render(request, 'prize_add_store.html', rdata)