def update_dept(req, db, context, dept_id):
dept_id = int(dept_id)
name = get_input(req, 'name')
desc = get_input(req, 'desc')
parent_id = get_input(req, 'parent_id')
result = db.query(Dept).filter(Dept.id==dept_id, Dept.deleted==0)
if result.count() == 0:
raise DeptNotFoundError(dept_id)
dept = result.first()
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
if name:
if db.query(Dept).filter(Dept.name==name, Dept.deleted==0, Dept.id!=dept_id).count() > 0:
raise DeptAlreadyExistError(name)
dept.name = name
dept.desc = desc
if parent_id:
if dept_id == int(parent_id):
raise ParentCannotBeSelfError(dept.name)
if db.query(Dept).filter(Dept.id==parent_id, Dept.deleted==0).count() == 0:
raise ParentDeptNotFoundError(parent_id)
dept.parent_id = parent_id
db.add(dept)
db.commit()
def update_dept(req, db, context, dept_id):
dept_id = int(dept_id)
name = get_input(req, 'name')
desc = get_input(req, 'desc')
parent_id = get_input(req, 'parent_id')
result = db.query(Dept).filter(Dept.id == dept_id, Dept.deleted == 0)
if result.count() == 0:
raise DeptNotFoundError(dept_id)
dept = result.first()
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
if name:
if db.query(Dept).filter(Dept.name == name, Dept.deleted == 0,
Dept.id != dept_id).count() > 0:
raise DeptAlreadyExistError(name)
dept.name = name
dept.desc = desc
if parent_id:
if dept_id == int(parent_id):
raise ParentCannotBeSelfError(dept.name)
if db.query(Dept).filter(Dept.id == parent_id,
Dept.deleted == 0).count() == 0:
raise ParentDeptNotFoundError(parent_id)
dept.parent_id = parent_id
db.add(dept)
db.commit()
def delete_dept(req, db, context, dept_id):
dept_id = int(dept_id)
result = db.query(Dept).filter(Dept.id == dept_id, Dept.deleted == 0)
if dept_id == 1:
raise CannotDeleteHeadDeptError(dept_id)
if result.count() == 0:
raise DeptNotFoundError(dept_id)
dept = result.first()
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
if db.query(User).filter(User.dept_id == dept_id).count() > 0:
raise DeptNotEmptyError(dept_id)
if db.query(User).filter(Dept.parent_id == dept_id).count() > 0:
raise DeptHasChildrenError(dept_id)
dept.deleted = 1
db.add(dept)
db.commit()
def delete_dept(req, db, context, dept_id):
dept_id = int(dept_id)
result = db.query(Dept).filter(Dept.id==dept_id, Dept.deleted==0)
if dept_id == 1:
raise CannotDeleteHeadDeptError(dept_id)
if result.count() == 0:
raise DeptNotFoundError(dept_id)
dept = result.first()
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
if db.query(User).filter(User.dept_id==dept_id).count() > 0:
raise DeptNotEmptyError(dept_id)
if db.query(User).filter(Dept.parent_id==dept_id).count() > 0:
raise DeptHasChildrenError(dept_id)
dept.deleted = 1
db.add(dept)
db.commit()
def list_user(req, db, context):
depts = []
dept_id = get_input(req, 'dept_id')
if is_sys_admin_or_dept_admin(context):
# 如果是管理员,能够列出所管理的所有用户
if dept_id and dept_id!="":
dept_id = int(dept_id)
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
# 如果给出了dept_id, 显示所有该部门和下面子部门的用户
for d in get_all_depts(req, db, context, dept_id):
depts.append(d.id)
else:
# 如果没给出dept_id, 显示该管理员管理的所有部门的用户
depts = context['dept_ids']
results = db.query(User.id, User.name, User.password, User.email, User.dept_id, Role.id, Role.name)\
.filter(User.dept_id.in_(depts),
User.deleted==0,
User.id==UserRoleMembership.user_id,
Role.id==UserRoleMembership.role_id).all()
else :
# 普通用户只能列出自己
results = db.query(User.id, User.name, User.password, User.email, User.dept_id, Role.id, Role.name)\
.filter(User.id==context['user'].id,
User.deleted==0,
User.id==UserRoleMembership.user_id,
Role.id==UserRoleMembership.role_id).all()
users = []
for item in results:
users.append(tuple_to_dict(item, 'id, name, password, email, dept_id, role_id, role_name'))
return {'users': users}
def create_user(req, db, context):
name = get_required_input(req, 'username')
password = get_required_input(req, 'password')
email = get_input(req, 'email')
dept_id = int(get_required_input(req, 'dept_id'))
role_id = get_input(req, 'role_id')
if db.query(User).filter(User.name==name, User.deleted==0).count() > 0:
raise UsernameAlreadyExistError(name)
if db.query(User).filter(User.email==email, User.deleted==0).count() > 0:
raise EmailAlreadyExistError(email)
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
if role_id == None:
user_role = db.query(Role).filter(Role.name=='普通用户').first()
role_id = user_role.id
else:
role_id = int(role_id)
operator_role_id = int(context['membership'].role_id)
if role_id < operator_role_id:
raise RolePermissionDenyError(role_id)
try:
user = User(name=name, password=password, email=email, dept_id=dept_id)
db.add(user)
db.flush()
membership = UserRoleMembership(user_id=user.id, role_id=role_id)
db.add(membership)
db.commit()
log.debug(user)
return obj_to_json(user, 'user')
except Exception, e:
handle_db_error(db, e)
def update_user(req, db, context, user_id):
user_id = int(user_id)
name = get_input(req, 'username')
password = get_input(req, 'password')
email = get_input(req, 'email')
dept_id = get_input(req, 'dept_id')
role_id = get_input(req, 'role_id')
action = get_input(req, 'action')
if action and action=='refresh_token':
# 客户端请求更新token
token = req.get_header('X-Auth-Token')
delete_token(db, token)
token = generate_token(db, context['user'].id)
return {'success': {'token': token.id}}
result = db.query(User).filter(User.id==user_id, User.deleted==0)
if result.count() == 0:
raise UserNotFoundError(user_id)
user = result.first()
if name:
if db.query(User).filter(User.name==name, User.deleted==0, User.id!=user_id).count() > 0:
raise UsernameAlreadyExistError(name)
user.name = name
if password:
user.password = password
if email:
if db.query(User).filter(User.email==email, User.deleted==0, User.id!=user_id).count() > 0:
raise EmailAlreadyExistError(email)
user.email = email
if dept_id:
dept_id = int(dept_id)
if user.name=='admin' and user.dept_id!=dept_id:
raise CannotModifyAdminError
if is_dept_admin_of(context, dept_id) == False:
raise NotDeptAdminError(dept_id)
user.dept_id = dept_id
if role_id:
role_id = int(role_id)
if user.name == 'admin' and role_id!=1:
raise CannotModifyAdminError
operator_role_id = int(context['membership'].role_id)
if role_id < operator_role_id:
# 部门管理员不能授予用户系统管理员的权限
raise RolePermissionDenyError(role_id)
try:
db.add(user)
db.query(UserRoleMembership).filter(UserRoleMembership.user_id==user_id).delete()
membership = UserRoleMembership(user_id=user_id, role_id=role_id)
db.add(membership)
db.commit()
except Exception, e:
handle_db_error(db, e)
