def subject_photo_create():
try:
payload = request.files['photo']
subject_id = int(request.form['subject_id'])
old_photo_id = int(request.form.get('old_photo_id', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not payload:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if g.subject.visitors.filter_by(id=subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
photo, error = create_user_photo(payload, g.subject.company_id)
if error:
return error
photo.subject_id = subject_id
db.session.add(photo)
db.session.commit()
#delete old photo
if old_photo_id:
old_photo = Photo.query.get(old_photo_id)
if old_photo.subject.inviter_id != g.subject.id:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
storage.remove(old_photo.url)
db.session.delete(old_photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \
filter(PhotoAlternative.url == old_photo.url).delete()
db.session.commit()
if subject_id:
update_company_data_version(g.subject.company, subject_id)
return success_result(photo.get_json())
def box_bind(company_id):
box_token = request.form.get('box_token')
if box_token is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
box = Box.query.filter_by(box_token=box_token).first()
if box is None:
return error_result(ErrorCode.ERROR_BOX_NOT_EXIST)
box.company_id = company_id
for screen in box.screens:
db.session.delete(screen)
try:
db.session.commit()
except IntegrityError:
return error_result(ErrorCode.ERROR_COMPANY_NOT_EXIST)
#主机的模型用company的模型版本
company = Company.query.get(company_id)
box.model = company.feature_version
db.session.commit()
clear_updater_cache(box.box_token)
set_box_bind_cache(box_token)
return success_result(
box.get_json(with_box_version=True,
with_company=True,
with_all_screens=True))
def add_organization():
params = request.form or request.get_json() or request.args
name = params.get('name')
remark = params.get('remark')
username = params.get('username')
password = params.get('password')
if not name or not username or not password:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if Organization.query.filter_by(name=name).first() is not None:
return error_result(ErrorCode.ERROR_ORGANIZATION_ALREADY_EXIST)
if User.query.filter_by(username=username).first() is not None:
return error_result(ErrorCode.ERROR_USERNAME_EXISTED)
org = Organization(name=name, remark=remark, create_time=g.TIMESTAMP)
db.session.add(org)
db.session.commit()
user = User(organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION,
username=username,
password=password,
password_reseted=True)
db.session.add(user)
db.session.commit()
ret = org.get_json()
ret['username'] = username
return success_result(ret)
def set_info():
params = request.form or request.get_json()
box_token = params.get('box_token')
pad_id = params.get('pad_id')
position = params.get('position')
screen = Screen.query.filter_by(company_id=g.user.company_id,
token=pad_id).first()
if not screen:
return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST)
if box_token:
box = Box.query.filter_by(box_token=box_token).first()
if not box:
return error_result(ErrorCode.ERROR_BOX_NOT_EXIST)
screen.box_id = box.id
if position:
screen.camera_position = position
fields = ('network_switcher', 'network_switcher_token')
screen.update(fields, params)
db.session.commit()
if params.get('network_switcher') or params.get('network_switcher_token'):
update_company_data_version(g.user.company)
return success_result({})
def get_display_device_info():
params = request.args or request.get_json() or request.form
token = params.get('device_token')
if not token:
resp = error_result(ErrorCode.ERROR_INVALID_PARAM)
else:
device = DisplayDevice.query.filter_by(token=token).first()
if not device:
resp = error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST)
else:
# prevent db from being updated too frequently
if g.TIMESTAMP > device.heartbeat + 60:
device.heartbeat = g.TIMESTAMP
db.session.commit()
screens = []
for screen in device.screens:
screens.append(screen.get_json())
result = {
'screens': screens,
'device': device.get_json()
}
resp = success_result(result)
resp.headers['Access-Control-Expose-Headers'] = 'Etag'
if device:
resp.headers['ETag'] = 'W/%s' % (device.reload_timestamp + device.display_info_timestamp + device.user_info_timestamp)
else:
resp.headers['ETag'] = 'W/0'
return resp
def subject_import():
try:
file_ = request.files['file']
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not g.user.has_permission(AccountPermission.ADD_EMPLOYEE):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
workbook = xlrd.open_workbook(file_contents=file_.read())
sheet = workbook.sheet_by_index(0)
success = 0
failed = []
for i in xrange(1, sheet.nrows):
try:
row = sheet.row(i)
name = row[0].value
email = row[5].value
if email and Subject.query.filter_by(email=email).first():
failed.append(dict(name=name, email=email))
continue
if not name.strip():
continue
db.session.add(Subject(name=name, job_number=row[1].value, department=row[2].value, password='******',
title=row[3].value, phone=row[4].value, email=email, description=row[6].value,
remark=row[7].value,
subject_type=SubjectType.TYPE_EMPLOYEE, company_id=g.user.company_id))
db.session.commit()
success += 1
except:
import traceback;
print traceback.format_exc()
return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': failed})
def subject_import_visitor():
try:
file_ = request.files['file']
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not g.user.has_permission(AccountPermission.ADD_VISITOR):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
workbook = xlrd.open_workbook(file_contents=file_.read())
sheet = workbook.sheet_by_index(0)
success = 0
state_mapping = VisitorPurpose.state_mapping_reverse
for i in xrange(1, sheet.nrows):
try:
row = sheet.row(i)
name = row[0].value
db.session.add(
Subject(name=name, purpose=state_mapping[row[1].value], come_from=row[2].value, phone=row[3].value,
interviewee=row[4].value, remark=row[5].value,
subject_type=SubjectType.TYPE_VISITOR, company_id=g.user.company_id))
db.session.commit()
success += 1
except:
import traceback;
print traceback.format_exc()
pass
return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': []})
def subject_new():
params = request.form or request.get_json()
try:
company_id = g.user.company_id
subject_type = int(params['subject_type'])
visitor_type = SubjectType.TYPE_VISITOR if params.get('visitor_type') is None else int(params['visitor_type'])
name = params.get('name', '')
email = params.get('email', '')
phone = params.get('phone', '')
gender = int(params.get('gender', Gender.MALE))
avatar = params.get('avatar', '')
department = params.get('department', '')
title = params.get('title', '')
description = params.get('description', '')
start_time = int(params['start_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0
end_time = int(params['end_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0
photo_ids = params['photo_ids'] if 'photo_ids' in params else []
purpose = int(params.get('purpose', VisitorPurpose.OTHER))
interviewee = params.get('interviewee', '')
come_from = params.get('come_from', '')
job_number = params.get('job_number', '')
remark = params.get('remark', '')
birthday = int(params.get('birthday', 0))
entry_date = int(params.get('entry_date', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
# VIP type
if subject_type == SubjectType.TYPE_VISITOR:
subject_type = visitor_type
if email and Subject.query.filter_by(email=email).first():
return error_result(ErrorCode.ERROR_EMAIL_EXISTED)
subject = Subject(company_id=company_id, subject_type=subject_type, name=name, email=email, department=department,
gender=gender, avatar=avatar, title=title, description=description, start_time=start_time,
end_time=end_time, password='******', purpose=purpose, interviewee=interviewee, phone=phone,
come_from=come_from, job_number=job_number, remark=remark, create_time=g.TIMESTAMP)
if birthday:
subject.birthday = datetime.date.fromtimestamp(birthday)
if entry_date:
subject.entry_date = datetime.date.fromtimestamp(entry_date)
if subject.avatar:
avatar = storage.save_image_base64(subject.avatar, 'avatar', sync=True)
if avatar:
subject.avatar = avatar
DisplayDevice.query.filter_by(company_id=company_id).update({'user_info_timestamp': g.TIMESTAMP})
try:
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
_update_photos(subject, photo_ids)
return success_result(subject.get_json(with_photos=True))
except:
db.session.rollback()
return error_result(ErrorCode.ERROR_UNKNOWN)
def account_lists():
if not g.user.can_visit('system'):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
company = g.user.company
if request.method == 'GET':
users = User.query.filter_by(company_id=company.id,
role_id=UserRole.ROLE_NORMAL).all()
data = [{
'id': user.id,
'account': user.username,
'permission': json.loads(user.permission),
'remark': user.remark
} for user in users]
return success_result(data)
elif request.method == 'POST':
params = request.get_json() or request.form
if params.get('account') is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=params.get('account')).first()
if user:
return error_result(ErrorCode.ERROR_USERNAME_EXISTED)
try:
user = User(company_id=company.id,
role_id=UserRole.ROLE_NORMAL,
permission=json.dumps(params['permission']),
remark=params['remark'],
password_reseted=False,
username=params['account'],
password='******')
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
db.session.add(user)
db.session.commit()
return success_result({})
def subject_list(cid):
if cid not in g.user.organization.company_ids:
return error_result(ErrorCode.ERROR_COMPANY_NOT_IN_ORGANIZATION)
params = request.args
company = Company.query.get(cid)
ret = get_subject_list(company, params, is_company=False)
if ret[0] is None:
return error_result(ret[1])
return success_result(ret[0], ret[1])
def get_weather():
params = request.args or request.get_json() or request.form
try:
city_name = str(params['city'])
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
weather = WeatherManager.get_weather_by_city(city_name)
if weather is None:
return error_result(ErrorCode.ERROR_WEATHER_ERROR)
return success_result(weather)
def get_one_theme():
params = request.args or request.get_json() or request.form
device, err = get_device_from_params(params)
if err is not None:
return error_result(err)
theme = device.theme
theme_config = get_theme_config(THEME_DIR, device)
if theme not in theme_config:
return error_result(ErrorCode.ERROR_INVALID_THEME)
result = dict(config=theme_config[theme], card_duration=device.card_duration)
return success_result(data=result)
def get_screen_list():
box_token = request.args.get('box_token')
if not box_token:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
box = Box.query.filter_by(box_token=box_token).first()
if not box:
return error_result(ErrorCode.ERROR_BOX_NOT_EXIST)
if not box.company:
return error_result(ErrorCode.ERROR_BOX_NOT_BINDED)
screens = filter(lambda screen: screen.type == ScreenType.CAMERA, box.company.screens)
screens = [screen.get_json() for screen in screens]
return success_result({"screens": screens})
def theme_setting(device_id):
company = g.user.company
device = DisplayDevice.query.filter_by(id=device_id).first()
if not device:
return error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST)
if request.method == 'GET':
return success_result(device.get_json(with_logo=True))
elif request.method == 'PUT':
card_theme = request.form.get('card_theme')
card_theme_vip = request.form.get('card_theme_vip')
photo = request.files.get('photo')
logo = request.files.get('logo')
theme = request.form.get('theme') # current
duration = request.form.get('duration') # stay
reset_background = request.form.get('reset_background',
'false') # stay
if logo is not None:
company.logo = storage.save_image(logo.stream, 'logo')
if photo is not None:
device.background = save_screen_background(photo)
if card_theme is not None:
device.card_theme = card_theme
if card_theme_vip is not None:
device.card_theme_vip = card_theme_vip
if theme is not None:
device.theme = theme
if duration is not None:
device.card_duration = int(duration)
if reset_background == 'true':
device.background = '/static/screen/images/background_blue.png'
device.reload_timestamp = g.TIMESTAMP
db.session.commit()
clear_display_config_cache(device.token)
return success_result(device.get_json())
elif request.method == 'DELETE':
db.session.delete(device)
db.session.commit()
return success_result({})
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
def vip_cards_css():
params = request.args or request.get_json() or request.form
device, err = get_device_from_params(params)
if err is not None:
return error_result(err)
card = device.card_theme_vip or 'vip-card1'
try:
theme_file = open(SCREEN_LIB_DIR + '/vipcards/css/' + card + '.css', 'r')
except:
return error_result(ErrorCode.ERROR_FILE_NOT_EXIST)
content = theme_file.read()
theme_file.close()
return Response(content, mimetype='text/css')
def custom_html():
params = request.args or request.get_json() or request.form
device, err = get_device_from_params(params)
if err is not None:
return error_result(err)
layout = BackgroundLayout.file_mapping[device.background_layout or BackgroundLayout.CENTER]
try:
layout_file = open(SCREEN_LIB_DIR + '/layouts/' + layout + '/template.html', 'r')
except:
return error_result(ErrorCode.ERROR_FILE_NOT_EXIST)
content = layout_file.read()
layout_file.close()
return Response(content, mimetype='text/html')
def subject_invite_link():
visitor_id = request.args.get('visitor_id')
if not visitor_id:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
visitor = g.subject.visitors.filter_by(id=visitor_id).first()
if visitor is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
if not visitor.job_number:
visitor.job_number = str(uuid.uuid4())
db.session.commit()
url = '%s/subject/invite?subject_id=%s&token=%s' % (DOMAIN, visitor_id,
visitor.job_number)
return success_result({'url': url})
def heartbeat():
params = request.args or request.get_json() or request.form
try:
key = params['key']
name = params['name']
except KeyError:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if authenticate(key):
return error_result(ErrorCode.ERROR_INVALID_KEY)
remote_addr = request.remote_addr
logger.debug('Receive heartbeat from %s(%s)' % (remote_addr, name))
data = load_data(HEARTBEAT_DATA_FILE)
data['remote_ips'].update({name: remote_addr})
save_data(data, HEARTBEAT_DATA_FILE)
return success_result()
def subject_list():
company = g.user.company
params = request.args
ret = get_subject_list(company, params)
if ret[0] is None:
return error_result(ret[1])
return success_result(ret[0], ret[1])
def company_info(cid):
if cid not in g.user.organization.company_ids:
return error_result(ErrorCode.ERROR_COMPANY_NOT_IN_ORGANIZATION)
user = User.query.filter_by(company_id=cid,
role_id=UserRole.ROLE_ADMIN).first()
params = request.form or request.get_json() or request.args
username = params.get('username')
password = params.get('password')
name = params.get('name')
remark = params.get('remark')
if username or password:
if username:
user.username = username
if password:
user.password = password
db.session.add(user)
if name or remark:
company = Company.query.get(cid)
if name:
company.name = name
if remark:
company.remark = remark
db.session.add(company)
db.session.commit()
return success_result({})
def statistics_event():
position = request.args.get('position')
page = int(request.args.get('page', 1))
size = int(request.args.get('size', 20))
unique = int(request.args.get('unique', 0))
start_time, end_time = _parse_start_end_time()
query = Event.query.filter(Event.company_id == g.user.company_id,
Event.timestamp > start_time,
Event.timestamp <= end_time)
if position:
screen = Screen.query.filter_by(camera_position=position).first()
if screen is None:
return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST)
query = query.filter(Event.screen_id == screen.id)
events = query.order_by(Event.timestamp.desc()).all()
result = [
event.get_json()
for event in _filter_events(events, unique=bool(unique))
]
page_info = page_format(Pagination(None, page, size, len(result), None))
result = result[(page - 1) * size:page * size]
return success_result(result, page_info)
def screen_detail(sid):
company = g.user.company
screen = Screen.query.filter(Screen.company_id == company.id,
Screen.id == sid).first()
if screen is None:
return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST)
if request.method == 'GET':
return success_result(screen.get_json())
elif request.method == 'PUT':
params = request.get_json()
fields = ('box_id', 'name', 'camera_name', 'camera_address',
'camera_position', 'network_switcher',
'network_switcher_token'
'description', 'allow_all_subjects', 'allow_visitor',
'allowed_subject_ids')
screen.update(fields, params)
screen.display_devices.update({'reload_timestamp': g.TIMESTAMP})
db.session.add(screen)
update_company_data_version(company)
return success_result(screen.get_json())
elif request.method == 'DELETE':
content = generate_delete_screen_task_content(company.id, sid)
task = Task()
task.name = u'删除相机'
task.content = content
db.session.add(task)
db.session.commit()
delete_screen.delay(task.id, company.id, sid)
return success_result()
def organization_info(oid):
org = Organization.query.get(oid)
if org is None:
return error_result(ErrorCode.ERROR_ORGANIZATION_NOT_EXIST)
if request.method == 'GET':
user = User.query.filter_by(
organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION).first()
data = org.get_json()
if user:
data['username'] = user.username
return success_result(data)
elif request.method == 'PUT':
params = request.form or request.get_json() or request.args
username = params.get('username')
password = params.get('password')
name = params.get('name')
remark = params.get('remark')
if username is not None or password is not None:
user = User.query.filter_by(
organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION).first()
if user.username != username and User.query.filter_by(
username=username).first() is not None:
return error_result(ErrorCode.ERROR_USERNAME_EXISTED)
if username:
user.username = username
if password:
user.password = password
db.session.add(user)
if name:
org.name = name
if remark:
org.remark = remark
db.session.add(org)
db.session.commit()
return success_result({})
elif request.method == 'DELETE':
db.session.delete(org)
db.session.commit()
return success_result({})
def events_delete(eid):
event = Event.query.get(eid)
if not event:
return error_result(ErrorCode.ERROR_EVENT_NOT_EXIST)
else:
db.session.delete(event)
db.session.commit()
return success_result(event.get_json())
def subjects_list():
ORDER_TYPE_TIME = 'time'
ORDER_TYPE_NAME = 'name'
params = request.args
name = params.get('name')
category = params.get('category')
order = params.get('order')
subject_type = SubjectType.parse_param(category)
if subject_type is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if ((subject_type == SubjectType.TYPE_VISITOR
and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE
and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
query = g.user.company.subjects.options(db.eagerload_all(Subject.photos))
if name:
name = name.replace('\\', '\\\\')
query = query.filter(
Subject.real_name.contains(name) | Subject.pinyin.contains(name))
if subject_type is not None:
if subject_type == SubjectType.TYPE_VISITOR:
# VIP is visitor, too
query = query.filter(
or_(Subject.subject_type == SubjectType.TYPE_VISITOR,
Subject.subject_type == SubjectType.TYPE_VIP))
else:
query = query.filter_by(subject_type=subject_type)
#TODO add index to start_time and pinyin ...
if order == ORDER_TYPE_TIME:
query = query.order_by(Subject.start_time.desc())
elif order == ORDER_TYPE_NAME:
query = query.order_by(Subject.pinyin.asc())
else:
query = query.order_by(Subject.start_time.desc())
current, size = get_pagination(params)
pagination = query.paginate(current, size, False)
page = page_format(pagination)
ret = [
subject.get_json(with_photos=True, with_visitor_type=True)
for subject in pagination.items
]
return success_result(ret, page)
def check_verification():
params = request.form or request.get_json()
try:
username = params['username']
password = params['password']
code = params['verify_code']
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=username).first()
if not user:
return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
if not user.check_password(password):
return error_result(ErrorCode.ERROR_PASSWORD_ERROR)
if not TwoFactorAuthenticator.check_code(code):
return error_result(ErrorCode.ERROR_VERIFICATION_CODE)
login_user(user)
return success_result(user.get_json())
def login():
params = request.form or request.get_json()
try:
username = params['username']
password = params['password']
pad_id = params['pad_id']
device_type = int(params['device_type'])
if device_type not in [ScreenType.DOOR_PAD, ScreenType.FRONT_PAD]:
raise Exception()
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=username).first()
if user:
if user.check_password(password):
if not user.password_reseted:
return error_result(ErrorCode.ERROR_PASSWORD_NEED_CHANGE)
login_user(user)
ret = user.get_json()
if pad_id == 'importer':
return success_result(ret)
screen = Screen.query.filter_by(company_id=user.company_id,
token=pad_id).first()
if screen is None:
screen = Screen(
company_id=user.company_id,
token=pad_id,
name='pad',
theme='center',
type=device_type,
camera_position=ScreenType.get_desc(device_type))
db.session.add(screen)
db.session.commit()
update_company_data_version(user.company)
ret['position'] = screen.camera_position
ret['screen_token'] = screen.token
ret['boxes'] = [box.get_json() for box in user.company.boxes]
ret['company'] = user.company.get_json()
return success_result(ret)
else:
return error_result(ErrorCode.ERROR_PASSWORD_ERROR)
else:
return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
def user_delete(company_id, user_id):
company = Company.query.get(company_id)
user = User.query.get(user_id)
if user.role_id == UserRole.ROLE_ROOT:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
company.users.filter_by(id=user_id).delete()
db.session.commit()
return success_result({})
def update_password():
params = request.form or request.get_json()
password = params.get('password')
password_verification = params.get('password_verification')
if not password or not password_verification:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if password != password_verification:
return error_result(ErrorCode.ERROR_PASSWORD_INCONSISTENT)
subject = g.subject
subject.password_reseted = True
subject.password = password
db.session.add(subject)
db.session.commit()
return success_result(subject.get_json())
def add_visitor():
params = request.form
try:
name = params['name']
photo = request.files.get('photo')
purpose = params.get('purpose')
interviewee = params.get('interviewee')
inviter_id = g.subject.id
come_from = params.get('come_from')
phone = params.get('phone')
remark = params.get('remark')
description = params.get('description')
company_id = g.subject.company_id
start_time = int(params.get('start_time', 0))
end_time = int(params.get('end_time', 0))
vip = bool(int(params.get('vip', False)))
subject_type = int(params.get('subject_type', 1))
except:
import traceback
print traceback.format_exc()
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not start_time or not end_time:
start_time = g.TIMESTAMP - 5 * 60
end_time = g.TIMESTAMP + 2 * 3600
if vip:
subject_type = SubjectType.TYPE_VIP
if interviewee is None:
interviewee = g.subject.name
subject = Subject(company_id=company_id,
name=name,
subject_type=subject_type,
remark=remark,
description=description,
start_time=start_time,
end_time=end_time,
purpose=purpose,
interviewee=interviewee,
inviter_id=inviter_id,
come_from=come_from,
phone=phone,
password='******',
create_time=g.TIMESTAMP)
db.session.add(subject)
db.session.commit()
if photo:
photo, error = create_user_photo(photo, subject.company_id)
if error:
return error
subject.photos.append(photo)
update_company_data_version(g.subject.company, subject.id)
return success_result(subject.get_json())
