def ajax_delete():
"""
用户删除
:return:
"""
ajax_success_msg = AJAX_SUCCESS_MSG.copy()
ajax_failure_msg = AJAX_FAILURE_MSG.copy()
# 检查删除权限
if not permission_user_section_del.can():
ext_msg = _('Permission Denied')
ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg)
return jsonify(ajax_failure_msg)
# 检查请求方法
if not (request.method == 'GET' and request.is_xhr):
ext_msg = _('Method Not Allowed')
ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg)
return jsonify(ajax_failure_msg)
# 检查请求参数
user_id = request.args.get('user_id', 0, type=int)
if not user_id:
ext_msg = _('ID does not exist')
ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg)
return jsonify(ajax_failure_msg)
user_info = get_user_row_by_id(user_id)
# 检查资源是否存在
if not user_info:
ext_msg = _('ID does not exist')
ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg)
return jsonify(ajax_failure_msg)
# 检查资源是否删除
if user_info.status_delete == STATUS_DEL_OK:
ext_msg = _('Already deleted')
ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg)
return jsonify(ajax_failure_msg)
# 检查是否正在使用
# 报价、订单
if count_quotation(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg)
return jsonify(ajax_failure_msg)
current_time = datetime.utcnow()
user_data = {
'status_delete': STATUS_DEL_OK,
'delete_time': current_time,
'update_time': current_time,
}
result = edit_user(user_id, user_data)
if result:
ajax_success_msg['msg'] = _('Del Success')
return jsonify(ajax_success_msg)
else:
ajax_failure_msg['msg'] = _('Del Failure')
return jsonify(ajax_failure_msg)
def ajax_unlock():
"""
锁定用户
:return:
"""
if request.method == 'GET' and request.is_xhr:
user_id = request.args.get('user_id', 0, type=int)
if not user_id:
return json.dumps({'error': u'解锁失败'})
current_time = datetime.utcnow()
user_data = {
'status_lock': STATUS_LOCK_NO,
'update_time': current_time
}
result = edit_user(user_id, user_data)
if result == 1:
return json.dumps({'success': u'解锁成功'})
if result == 0:
return json.dumps({'error': u'解锁失败'})
abort(404)
def ajax_delete():
"""
删除用户
:return:
"""
if request.method == 'GET' and request.is_xhr:
user_id = request.args.get('user_id', 0, type=int)
if not user_id:
return json.dumps({'error': u'删除失败'})
current_time = datetime.utcnow()
user_data = {
'status_delete': STATUS_DEL_OK,
'delete_time': current_time,
'update_time': current_time
}
result = edit_user(user_id, user_data)
if result == 1:
return json.dumps({'success': u'删除成功'})
if result == 0:
return json.dumps({'error': u'删除失败'})
abort(404)
def setting():
"""
设置
"""
# return "Hello, World!\nSetting!"
form = UserProfileForm(request.form)
if request.method == 'GET':
from app_backend.api.user import get_user_row_by_id
user_info = get_user_row_by_id(current_user.id)
if user_info:
form.nickname.data = user_info.nickname
form.avatar_url.data = user_info.avatar_url
form.email.data = user_info.email
form.phone.data = user_info.phone
form.birthday.data = user_info.birthday
form.create_time.data = user_info.create_time
form.update_time.data = user_info.update_time
if request.method == 'POST':
if form.validate_on_submit():
# todo 判断邮箱是否重复
from app_backend.api.user import edit_user
from datetime import datetime
user_info = {
'nickname': form.nickname.data,
'avatar_url': form.avatar_url.data,
'email': form.email.data,
'phone': form.phone.data,
'birthday': form.birthday.data,
'update_time': datetime.utcnow(),
'last_ip': get_real_ip(),
}
result = edit_user(current_user.id, user_info)
if result == 1:
flash(u'修改成功', 'success')
if result == 0:
flash(u'修改失败', 'warning')
flash(form.errors, 'warning') # 调试打开
flash(u'Hello, %s' % current_user.email, 'info') # 测试打开
return render_template('./setting.html', title='setting', form=form)
def lists():
"""
用户列表
:return:
"""
template_name = 'user/lists.html'
# 文档信息
document_info = DOCUMENT_INFO.copy()
document_info['TITLE'] = _('user lists')
# 搜索条件
form = UserSearchForm(request.form)
search_condition = [
User.status_delete == STATUS_DEL_NO,
]
if request.method == 'POST':
# 表单校验失败
if not form.validate_on_submit():
flash(_('Search Failure'), 'danger')
# 单独处理csrf_token
if hasattr(form, 'csrf_token') and getattr(form, 'csrf_token').errors:
map(lambda x: flash(x, 'danger'), form.csrf_token.errors)
else:
if form.name.data:
search_condition.append(User.name == form.name.data)
if form.role_id.data != DEFAULT_SEARCH_CHOICES_INT_OPTION:
search_condition.append(User.role_id == form.role_id.data)
if form.start_create_time.data:
search_condition.append(User.create_time >= form.start_create_time.data)
if form.end_create_time.data:
search_condition.append(User.create_time <= form.end_create_time.data)
# 处理导出
if form.op.data == OPERATION_EXPORT:
# 检查导出权限
if not permission_user_section_export.can():
abort(403)
column_names = User.__table__.columns.keys()
query_sets = get_user_rows(*search_condition)
return excel.make_response_from_query_sets(
query_sets=query_sets,
column_names=column_names,
file_type='csv',
file_name='%s.csv' % _('user lists')
)
# 批量删除
if form.op.data == OPERATION_DELETE:
# 检查删除权限
if not permission_user_section_del.can():
abort(403)
user_ids = request.form.getlist('user_id')
# 检查删除权限
permitted = True
for user_id in user_ids:
# 检查是否正在使用
# 1、报价
if count_quotation(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
permitted = False
break
# 2、销售订单
if count_sales_order(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
permitted = False
break
# 3、销售出货
if count_delivery(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
permitted = False
break
# 4、询价
if count_enquiry(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
permitted = False
break
# 5、采购订单
if count_buyer_order(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
permitted = False
break
# 6、采购进货
if count_purchase(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
permitted = False
break
if permitted:
result_total = True
for user_id in user_ids:
current_time = datetime.utcnow()
user_data = {
'status_delete': STATUS_DEL_OK,
'delete_time': current_time,
'update_time': current_time,
}
result = edit_user(user_id, user_data)
result_total = result_total and result
if result_total:
flash(_('Del Success'), 'success')
else:
flash(_('Del Failure'), 'danger')
# 翻页数据
pagination = get_user_pagination(form.page.data, PER_PAGE_BACKEND, *search_condition)
# 渲染模板
return render_template(
template_name,
form=form,
pagination=pagination,
**document_info
)
def edit(user_id):
"""
用户编辑
"""
user_info = get_user_row_by_id(user_id)
# 检查资源是否存在
if not user_info:
abort(404)
# 检查资源是否删除
if user_info.status_delete == STATUS_DEL_OK:
abort(410)
template_name = 'user/edit.html'
# 加载编辑表单
form = UserEditForm(request.form)
form.id.data = user_id # id 仅作为编辑重复校验
# 文档信息
document_info = DOCUMENT_INFO.copy()
document_info['TITLE'] = _('user edit')
# 进入编辑页面
if request.method == 'GET':
# 表单赋值
form.id.data = user_info.id
form.name.data = user_info.name
form.salutation.data = user_info.salutation
form.mobile.data = user_info.mobile
form.tel.data = user_info.tel
form.fax.data = user_info.fax
form.email.data = user_info.email
form.role_id.data = user_info.role_id
form.create_time.data = user_info.create_time
form.update_time.data = user_info.update_time
# 渲染页面
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 处理编辑请求
if request.method == 'POST':
# 表单校验失败
if not form.validate_on_submit():
flash(_('Edit Failure'), 'danger')
# flash(form.errors, 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 非系统角色,仅能修改自己的信息
if not permission_role_administrator.can():
if getattr(current_user, 'id') != form.id.data:
flash(_('Permission denied, only the user\'s own information can be modified'), 'danger')
# flash(form.errors, 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 表单校验成功
# 编辑用户基本信息
current_time = datetime.utcnow()
user_data = {
'name': form.name.data,
'salutation': form.salutation.data,
'mobile': form.mobile.data,
'tel': form.tel.data,
'fax': form.fax.data,
'email': form.email.data,
'role_id': form.role_id.data,
'update_time': current_time,
}
result = edit_user(user_id, user_data)
if not result:
# 编辑操作失败
flash(_('Edit Failure'), 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
user_auth_row = get_user_auth_row(user_id=user_id)
if not user_auth_row:
# 编辑操作失败
flash(_('Edit Failure'), 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 编辑用户认证信息
user_auth_data = {
'user_id': user_id,
'type_auth': TYPE_AUTH_ACCOUNT,
'auth_key': form.name.data,
'update_time': current_time,
}
result = edit_user_auth(user_auth_row.id, user_auth_data)
if not result:
# 编辑操作失败
flash(_('Edit Failure'), 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 编辑操作成功
flash(_('Edit Success'), 'success')
return redirect(request.args.get('next') or url_for('user.lists'))
