def post(self, request):
json_dict = get_json_data(request)
j_id = request.GET.get('id')
js_code = json_dict.get('js_code')
description = json_dict.get('description')
fornum_id = json_dict.get('fornum_id')
description = '' if description is None else description
if not all([j_id, js_code, fornum_id]):
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
try:
js = JavaScriptCode.objects.get(id=int(j_id))
except Exception as e:
logger.debug(e)
return JsonResponse({'code': RET.PARAMERR, 'message': 'ID存在错误'})
try:
fornum = Fornum.objects.get(id=int(fornum_id))
except Exception as e:
logger.debug(e)
return JsonResponse({'code': RET.DBERR, 'message': '指定修改的论坛错误'})
try:
js.description = description
js.fornum = fornum
js.js_code = js_code
js.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误'})
return JsonResponse({'code': RET.OK, 'message': '成功'})
def post(self, request):
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({"code": RET.PARAMERR, "message": "请使用json格式数据"})
# TODO:停用该接口
return JsonResponse({'code': RET.USERERR, 'message': '请使用新版程序'})
def post(self, request):
u_id = request.GET.get('id')
json_dict = get_json_data(request)
pwd = json_dict.get('password')
if not pwd:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
if len(pwd) != 32:
return JsonResponse({'code': RET.PARAMERR, 'message': '密码需要32位md5加密传输'})
pwd = pwd.lower()
if u_id:
if request.user.role not in [1, 2]:
logger.warning('没有权限的用户在修改别人的密码,修改人id:%d ' % request.user.id)
return JsonResponse({'code': RET.USERERR, 'message': '用户权限不足'})
try:
user = User.objects.get(id=u_id)
except Exception as e:
logger.debug(e)
return JsonResponse({'code': RET.PARAMERR, 'message': '用户id错误'})
else:
user = request.user
user.password = make_password(pwd)
user.save()
return JsonResponse({'code': RET.OK, 'message': '成功'})
def post(self, request):
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({
'code': RET.PARAMERR,
'message': '请使用json数据格式'
})
js_code = json_dict.get('js_code')
fornum_id = json_dict.get('fornum_id')
title = json_dict.get('title')
description = json_dict.get('description')
if not all([js_code, fornum_id, title]):
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
# 默认值设置为''
description = '' if description is None else description
try:
fornum = Fornum.objects.get(id=fornum_id)
except Exception as e:
logger.debug(e)
return JsonResponse({'code': RET.DBERR, 'message': '论坛不存在'})
try:
js = JavaScriptCode.objects.create(
fornum=fornum,
js_code=js_code,
title=title,
description=description,
update_person=request.user.id,
founder=request.user.id,
)
js.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '添加js代码失败'})
return JsonResponse({'code': RET.OK, 'message': '添加成功'})
def post(self, request):
json_dict = get_json_data(request)
p_id = request.GET.get('id')
if json_dict is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '请使用json数据格式'})
description = json_dict.get('description')
fornum_id = json_dict.get('fornum_id')
version = json_dict.get('version')
title = json_dict.get('title')
if not p_id:
return JsonResponse({'code': RET.PARAMERR, 'message': '缺少必要参数'})
if fornum_id:
try:
fornum = Fornum.objects.get(id=fornum_id)
except Fornum.DoesNotExist:
logger.debug('Fornum Does Not Exist')
return JsonResponse({'code': RET.DBERR, 'message': '论坛不存在'})
try:
program = Program.objects.get(id=p_id)
if description:
program.description = description
if title:
program.title = title
if version:
program.version = version
if fornum_id:
program.fornum = fornum
program.update_person = request.user.id
program.update_time = datetime.now()
program.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误,修改失败'})
return JsonResponse({'code': RET.OK, 'message': '修改成功'})
def post(self, request):
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({
'code': RET.PARAMERR,
'message': '请使用json数据格式'
})
description = json_dict.get('description')
fornum_name = json_dict.get('fornum_name')
title = json_dict.get('title')
app_type = json_dict.get('app_type')
if description is None: description = ''
if title is None: title = ''
if app_type is None: app_type = 0
if fornum_name is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '缺少必要参数'})
try:
if int(app_type) not in Fornum.APP_TYPE.keys():
return JsonResponse({
'code': RET.PARAMERR,
'message': '应用类型错误'
})
except Exception:
return JsonResponse({'code': RET.PARAMERR, 'message': '应用类型错误'})
try:
fornum = Fornum.objects.create(title=title,
fornum_name=fornum_name,
description=description,
update_person=request.user.id,
founder=request.user.id,
app_type=app_type)
fornum.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误,创建失败'})
return JsonResponse({'code': RET.OK, 'message': '成功'})
def post(self, request):
f_id = request.GET.get('id')
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({
'code': RET.PARAMERR,
'message': '请使用json数据格式'
})
if f_id is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
description = json_dict.get('description')
title = json_dict.get('title')
app_type = json_dict.get('app_type')
try:
fornum = Fornum.objects.get(id=f_id)
if title:
fornum.title = title
if description:
fornum.description = description
if app_type:
if int(app_type) not in Fornum.APP_TYPE.keys():
return JsonResponse({
'code': RET.PARAMERR,
'message': '应用类型错误'
})
fornum.app_type = app_type
fornum.update_person = request.user.id
fornum.update_time = datetime.now()
fornum.save()
except Exception as e:
logger.warn(e)
return JsonResponse({'code': RET.PARAMERR, 'message': '该论坛不存在'})
return JsonResponse({'code': RET.OK, 'message': '修改成功'})
def post(self, request):
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '请使用json数据格式'})
description = json_dict.get('description')
fornum_id = json_dict.get('fornum_id')
version = json_dict.get('version')
title = json_dict.get('title')
if not all([version, fornum_id, title]):
return JsonResponse({'code': RET.PARAMERR, 'message': '缺少必要参数'})
if description is None: description = ''
try:
fornum = Fornum.objects.get(id=fornum_id)
except Fornum.DoesNotExist:
logger.debug('Fornum Does Not Exist')
return JsonResponse({'code': RET.DBERR, 'message': '论坛不存在'})
try:
program = Program.objects.create(
title=title,
fornum=fornum,
version=version,
description=description,
update_person=request.user.id,
founder=request.user.id
)
program.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误,创建失败'})
return JsonResponse({'code': RET.OK, 'message': '成功'})
def post(self, request):
"""
使用post请求以json格式传入数据
1.若快平台 用户账户
2.若快平台 用户密码
3.论坛编号 验证码所属的论坛的编号
4.验证码类型 {0:未知,1:中文,2:英文,3:数字,4:英文数字混合}
5.图片验证码的完整url
验证码类型未知的话 服务端将无法对图片做任何处理,发送至打码平台将准确率极低
:param request:
:return:
"""
json_dict = get_json_data(request)
if not json_dict:
return JsonResponse({
'code': RET.PARAMERR,
'message': '请使用json格式数据'
})
image_url = json_dict.get('img_url')
rk_username = json_dict.get('rk_username')
rk_password = json_dict.get('rk_password')
fornum_code = json_dict.get('fornum_code')
captcha_type = json_dict.get('captcha_type')
if not all([image_url, rk_username, rk_password, fornum_code]):
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
captcha_type = captcha_type if captcha_type else 0
try:
captcha_type = int(captcha_type)
if captcha_type > 4:
raise Exception('非法验证码类型参数')
except Exception:
logger.debug('Params Error')
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
if len(rk_password) != 32:
return JsonResponse({
'code': RET.PARAMERR,
'message': '密码需要32位小写md5加密传输'
})
try:
fornum = Fornum.objects.get(title=fornum_code)
except Fornum.DoesNotExist:
logger.debug('论坛编号错误')
return JsonResponse({'code': RET.PARAMERR, 'message': '论坛编号错误'})
if fornum.id == 4:
# 是豆瓣的
image_engine = DoubanCaptchaRecognition()
else:
return JsonResponse({
'code': RET.SERVERERR,
'message': '暂不支持豆瓣以外论坛的验证码识别'
})
im = image_engine.get_image_obj(image_url)
if captcha_type == 1:
# 处理中文验证码
im = image_engine.process_chinese(im)
elif captcha_type == 2:
# 处理英文验证码
im = image_engine.process_english(im)
sender = RuoKuaiCaptcha(username=rk_username, password=rk_password)
captcha_type = settings.RUOKUAI_CAPTCHA_TYPE[captcha_type]
return JsonResponse(sender.get_string(im, im_type=captcha_type))
def post(self, request):
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({"code": RET.PARAMERR, "message": "请使用json格式数据"})
# 用户名
username = json_dict.get("user_name")
# 密码 要md5加密不然不匹配
password = json_dict.get("password")
# 验证码
checkcode = json_dict.get("checkcode")
# 验证码的uuid
uuid = json_dict.get('uuid')
# 校验完整性
if not all([username, password, uuid, checkcode]):
return JsonResponse({"code": RET.PARAMERR, "message": "参数不完整"})
# 如果密码传过来没有做md5加密
if len(password) != 32:
logger.info('密码传输没有进行md5加密')
encoder = hashlib.md5()
encoder.update(password.encode(encoding='utf-8'))
password = encoder.hexdigest().lower()
if len(username) < 4:
return JsonResponse({"code": RET.USERERR, "message": "密码或账户名错误"})
# 获取redis链接,校验验证码
redis_conn = get_redis_connection('default')
imageCode_server = redis_conn.get('ImageCode:' + uuid)
try:
imageCode_server = imageCode_server.decode()
except Exception:
logger.debug("验证码过期")
return JsonResponse({"code": RET.DBERR, "message": "验证码已过期"})
if not imageCode_server:
return JsonResponse({"code": RET.DBERR, "message": "验证码已过期"})
if imageCode_server.lower() != checkcode.lower():
logger.debug('验证码错误')
return JsonResponse({"code": RET.USERERR, "message": "验证码输入错误"})
# 检查用户名密码是否错误
user = authenticate(username=username.upper(), password=password, is_delete=False)
if user is None or user.is_delete:
return JsonResponse({"code": RET.USERERR, "message": "密码或账户名错误"})
if not user.is_active:
# 判断账户是否过期
return JsonResponse({'code': RET.USERERR, "message": "账户已停用"})
try:
mem = MemberShip.objects.get(slave=user)
if mem.end_time < datetime.now():
# 过期了更改激活标记
user.is_active = False
user.save()
return JsonResponse({'code': RET.USERERR, "message": "账户已停用"})
except Exception:
logger.warning('用户{}缺乏隶属信息'.format(request.user.username))
pass
if user.role > 3:
return JsonResponse({'code': RET.USERERR, 'message': '对不起,您没有权限登陆后台管理界面'})
try:
ul = UserLogs.objects.create(
user=user,
softwareType=-1,
load_ip=getIPFromDJangoRequest(request)
)
ul.save()
except Exception as e:
logger.warn(e)
# 记录登录状态
login(request, user)
return JsonResponse({
"code": RET.OK,
"message": "登陆成功"
})
def post(self, request):
"""
创建用户接口
"""
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({"code": RET.PARAMERR, "message": "请使用json格式数据"})
user_name = json_dict.get('adminName')
name = json_dict.get('name')
password = json_dict.get('password')
email = json_dict.get('email')
role = json_dict.get('adminRole')
gender = json_dict.get('sex')
remarks = json_dict.get('remarks')
telephone = json_dict.get('phone')
accounts = json_dict.get('accounts')
end_time = json_dict.get('end_time')
try:
# 转换为时间格式
end_time = datetime.strptime(end_time, '%Y-%m-%d %H:%M:%S')
except Exception:
end_time = datetime.now() + timedelta(hours=settings.ACCOUNTS_VALID_HOURS)
# 可以缺省的参数,给定默认值
email = '*****@*****.**' if email is None else email
remarks = "" if remarks is None else remarks
telephone = '13011111111' if telephone is None else telephone
gender = 0 if gender is None else gender
role = 6 if role is None else role
accounts = 0 if accounts is None else accounts
name = name if name else user_name
# 代理商只能开临时账户,临时账户有效期为3个小时
if request.user.role == 3:
role = 6
accounts = 0
end_time = datetime.now() + timedelta(hours=3)
# 广告主只能开广告操作员,广告操作员账户有效期要小于等于开户的广告主的有效时间
if request.user.role == 4:
role = 5
accounts = 0
try:
slef_end_time = MemberShip.objects.get(slave=request.user).end_time
# 如果广告操作员有效时间超出广告主有效时间,将其置为广告主的有效操作时间
if slef_end_time < end_time:
end_time = slef_end_time
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误'})
# 广告主默认开户数为5
if role == 4:
accounts = settings.ACCOUNTS_CREATE_COUNT if accounts is None else accounts
# 校验参数
if not all([user_name, password]):
return JsonResponse({"code": RET.PARAMERR, "message": "参数不完整"})
# 如果密码传过来没有做md5加密
if len(password) != 32:
logger.info('密码没有md5加密传输')
encoder = hashlib.md5()
encoder.update(password.encode(encoding='utf-8'))
password = password.hexdigest().lower()
if len(user_name) < settings.USERNAME_MIN_LENGTH:
return JsonResponse({'code': RET.PARAMERR, 'message': '用户名长度不足'})
# 改大写
user_name = user_name.upper()
try:
gender = int(gender)
role = int(role)
accounts = int(accounts)
except Exception as e:
logger.debug(e)
return JsonResponse({'code': RET.PARAMERR, 'message': '参数格式错误'})
if role > 6 or role < 1:
logger.warning('用户的role参数错误')
return JsonResponse({'code': RET.PARAMERR, 'message': '角色参数为[1,6]的数字'})
f_id = json_dict.get('fornum_id')
if f_id is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数不足'})
if not isinstance(f_id, Iterable) or isinstance(f_id, str):
f_id = [f_id]
try:
f_id = list(filter(filter_null, f_id))
except Exception:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
if gender not in [0, 1]:
return JsonResponse({'code': RET.PARAMERR, 'message': '性别必须为0和1'})
# 检测用户名是否已经存在
try:
user = User.objects.get(username=user_name)
except User.DoesNotExist:
user = None
if user is not None:
logger.debug('用户名重复')
return JsonResponse({"code": RET.USERERR, "message": "用户名已存在"})
is_super_user = False
# 检查用户可以开户个数
try:
curr_user = UserInfo.objects.get(user=request.user)
curr_accounts = curr_user.accounts
has_accounts = curr_user.has_accounts
except Exception:
curr_accounts = -1
has_accounts = -1
is_super_user = True
if curr_accounts == 0:
logger.warning('越权创建账户')
return JsonResponse({'code': RET.USERERR, 'message': '您没有权限创建账户'})
# 检查已开户数是否满足要求
if curr_accounts > 0:
# 当前用户创建的在有效期内的账户数量
# has_accounts = MemberShip.objects.filter(master=request.user, end_time__gt=datetime.now()).count()
# 当前用户的所有账户数量
has_accounts = MemberShip.objects.filter(master=request.user).all().count()
if has_accounts >= curr_accounts:
logger.debug('超过创建用户的限制')
# 超出了允许拥有的账户数量
return JsonResponse({'code': RET.USERERR, 'message': '用户可开户账户数已到上限'})
try:
# 开启事务,防止创建表失败还添加了新用户
with transaction.atomic():
# 保存用户主表
user = User.objects.create_user(
user_name,
email,
password,
role=role,
founder=request.user.id,
name=name,
update_person=request.user.id
)
except Exception as e:
logger.info(e)
return JsonResponse({'code': RET.PARAMERR, 'message': '用户名已存在'})
try:
with transaction.atomic():
# 保存用户信息表
user_info = UserInfo.objects.create(
user=user,
remarks=remarks,
telephone=str(telephone),
gender=gender,
accounts=accounts,
founder=request.user.id,
update_person=request.user.id
)
# 保存用户关系表
mem_ship = MemberShip.objects.create(
master=request.user,
slave=user,
end_time=end_time,
founder=request.user.id,
update_person=request.user.id,
)
# 如果不是创建工作人员,记录用户指定的论坛
fornums = Fornum.objects.filter(id__in=f_id).all()
if len(fornums) != len(f_id):
raise Exception('程序id参数有误')
if request.user.role > 2:
# 操作者不是工作人员,校验其自身的论坛
user_ps = UserFornumRelation.objects.filter(user=request.user).all()
can_f_ids = [r.fornum.id for r in user_ps]
for i in f_id:
if int(i) not in can_f_ids:
raise Exception('程序id参数有误')
for fornum in fornums:
user_p = UserFornumRelation.objects.create(
user=user,
fornum=fornum,
founder=request.user.id,
update_person=request.user.id,
update_time=datetime.now()
)
user_p.save()
user.save()
user_info.save()
mem_ship.save()
if not is_super_user:
# 更新当前用户拥有的账户数
curr_user.has_accounts = has_accounts + 1
curr_user.save()
except Exception as e:
logger.error('创建用户失败:%s' % e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误'})
return JsonResponse({'code': RET.OK, 'message': '添加成功!'})
def post(self, request):
u_id = request.GET.get('id')
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '请使用json格式数据'})
password = json_dict.get('password')
email = json_dict.get('email')
role = json_dict.get('adminRole')
gender = json_dict.get('sex')
remarks = json_dict.get('remarks')
telephone = json_dict.get('phone')
accounts = json_dict.get('accounts')
end_time = json_dict.get('end_time')
fornum_id = json_dict.get('fornum_id')
name = json_dict.get('name')
if not all([role, u_id]):
return JsonResponse({"code": RET.PARAMERR, 'message': '参数错误'})
# 是否修改密码的标志位
is_update_password = not (password == '' or password is None)
# 如果密码传过来没有做md5加密
if is_update_password and len(password) != 32:
logger.warning('密码没有md5加密传输')
encoder = hashlib.md5()
encoder.update(password.encode(encoding='utf-8'))
password = password.hexdigest().lower()
if accounts is None:
accounts = 0
try:
gender = int(gender)
except Exception:
gender = 0
# 校验数字类型参数
try:
role = int(role)
accounts = int(accounts)
except Exception as e:
logger.debug(e)
return JsonResponse({'code': RET.PARAMERR, 'message': '参数类型错误'})
if role > 6 or role < 1:
logger.warning('用户要修改的role不合法')
return JsonResponse({'code': RET.PARAMERR, 'message': '身份不合法'})
try:
# 转换为时间为python日期类型对象
end_time = datetime.strptime(end_time, '%Y-%m-%d %H:%M:%S')
except Exception:
logger.warning('修改的日期时间不合法')
end_time = datetime.now() + timedelta(hours=settings.ACCOUNTS_VALID_HOURS)
try:
user = User.objects.get(id=u_id)
except Exception as e:
logger.warning(e)
return JsonResponse({'code': RET.DBERR, 'message': '修改用户不存在'})
is_alert_fornum = False
if request.user.role in [1, 2]:
is_alert_fornum = True
# 代理商
if request.user.role == 3:
if user.id == request.user.id:
# 改自己的
role = 3
else:
is_alert_fornum = True
role = 6
accounts = 0
# 广告主
if request.user.role == 4:
if user.id == request.user.id:
# 改自己的,不能该身份,所以身份不变
role = 4
else:
is_alert_fornum = True
role = 5
accounts = 0
try:
# 广告主设置的有效期不能大于自己的有效期
self_end_time = MemberShip.objects.get(slave=request.user).end_time
end_time = self_end_time if end_time > self_end_time else end_time
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误'})
# 可以修改论坛,并且传入了要修改的论坛的id值
if fornum_id and is_alert_fornum:
if not isinstance(fornum_id, Iterable) or isinstance(fornum_id, str):
fornum_id = [fornum_id]
try:
fornum_id = list(filter(filter_null, fornum_id))
fornum_id = [int(i) for i in fornum_id]
except Exception:
return JsonResponse({'code': RET.PARAMERR, 'message': '用户论坛相关参数错误'})
if len(fornum_id) == 0:
return JsonResponse({'code': RET.PARAMERR, 'message': '用户论坛相关参数错误'})
uf_rels = UserFornumRelation.objects.filter(user=user).all()
uf_f_ids = [uf_rel.fornum.id for uf_rel in uf_rels]
if uf_f_ids != fornum_id:
# 改前和改后一致,不做修改,否则要修改
# 旧的不在新的里就是要删除的
del_cols = [i for i in uf_f_ids if i not in fornum_id]
# 新的不在旧的里就是要创建的
create_cols = [i for i in fornum_id if i not in uf_f_ids]
if request.user.role > 2:
f_ids = [i.fornum.id for i in UserFornumRelation.objects.filter(user=request.user).all()]
for c in create_cols:
if c not in f_ids:
return JsonResponse({'code': RET.PARAMERR, 'message': '论坛相关参数错误'})
try:
with transaction.atomic():
# 删除
uf_rels.filter(fornum_id__in=del_cols).delete()
# 新增
for i in create_cols:
try:
fornum = Fornum.objects.get(id=i)
except Fornum.DoesNotExist:
logger.warning('论坛id错误')
return JsonResponse({'code': RET.PARAMERR, 'message': '论坛id错误'})
new_uf_rel = UserFornumRelation.objects.create(
user=user,
fornum=fornum,
founder=request.user.id,
update_person=request.user.id,
update_time=datetime.now()
)
new_uf_rel.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误,用户论坛修改失败'})
try:
# 超级用户可能没有以下两张表的数据的
user_info = UserInfo.objects.get(user=user)
if request.user.role in [3, 4] and user.id != request.user.id:
try:
mem = MemberShip.objects.get(master=request.user, slave=user)
except Exception:
logger.warning('用户修改了非自己的从属账户,修改人id为%d' % request.user.id)
return JsonResponse({'code': RET.USERERR, "message": "只能修改自己的从属账户"})
else:
mem = MemberShip.objects.get(slave=user)
user_info.update_time = datetime.now()
user_info.update_person = request.user.id
if telephone:
user_info.telephone = telephone
user_info.accounts = accounts
user_info.gender = gender
user_info.remarks = remarks
if request.user.role != 3:
logger.warning('代理商企图修改截止时间,修改人id为:%d' % request.user.id)
# 代理商无法修改有效期
mem.end_time = end_time
mem.update_person = request.user.id
mem.update_time = datetime.now()
user_info.save()
mem.save()
except Exception as e:
logger.error(e)
pass
try:
if is_update_password:
user.password = make_password(password)
# 修改时间和修改人
user.update_person = request.user.id
user.update_time = datetime.now()
user.role = role
if name:
user.name = name
if email:
user.email = email
user.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误'})
return JsonResponse({'code': RET.OK, 'message': '成功'})
def post(self, request):
"""删除接口"""
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '请使用json格式数据'})
if request.user.role > 2:
return JsonResponse({'code': RET.USERERR, 'message': '您没有删除账号的权限'})
del_ids = json_dict.get('id')
if del_ids is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
# 删除单个拿到的id是单独的一个字符串,将其变成列表用in删除s
if (not isinstance(del_ids, Iterable)) or isinstance(del_ids, str):
del_ids = [del_ids]
# 过滤掉非整形数据
del_ids = list(filter(filter_null, del_ids))
if len(del_ids) == 0:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
users = User.objects.filter(id__in=del_ids)
if len(users) != len(del_ids):
logger.info('{}中参数存在错误'.format(del_ids))
return JsonResponse({'code': RET.DBERR, 'message': 'id存在错误,删除失败'})
# 校验广告主和代理商的删除操作权限
if request.user.role in [3, 4]:
slaves = [u.slave for u in MemberShip.objects.filter(master=request.user)]
users = list(filter(lambda x: x in slaves, users))
if len(users) != len(del_ids):
logger.warning('存在越权删除现象,可能接口正在被攻击')
return JsonResponse({'code': RET.PARAMERR, 'message': '删除失败,无法删除他人的隶属账户'})
operators = [user for user in users if user.role < 3]
if operators and request.user.role > 1:
return JsonResponse({'code': RET.USERERR, 'message': '没有删除同事的权限'})
remove_users = [user for user in users]
# 代理商账户删除一切相关账户,管理员账户不删相关账户
users = [user for user in users if user.role > 2]
while True:
# 循环搜索要删除的层级用户
mems = MemberShip.objects.filter(master__in=users)
if len(mems) < 1: break
slaves = [mem.slave for mem in mems]
for mem in mems:
mem.is_delete = True
mem.save()
remove_users += slaves
users = slaves
for m in MemberShip.objects.filter(slave__in=remove_users):
m.is_delete = True
m.save()
for m in Machine.objects.filter(user__in=remove_users):
m.is_delete = True
m.save()
UserFornumRelation.objects.filter(user__in=remove_users).delete()
for ui in UserInfo.objects.filter(user__in=remove_users):
ui.is_delete = True
ui.save()
for user in remove_users:
user.is_delete = True
user.save()
return JsonResponse({'code': RET.OK, 'message': '删除成功'})
def post(self, request):
"""
通过用户role获取用户信息
post方式,Json格式传递
role参数,可为数组或int类型,数组类型为多个角色
"""
page = request.GET.get('page')
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({'code': RET.PARAMERR, 'message': '请使用json格式数据'})
role = json_dict.get('role')
if request.user.role < 2:
if not role:
return JsonResponse({'code': RET.PARAMERR, 'message': '缺少必要参数'})
if not isinstance(role, Iterable) or isinstance(role, str):
role = [role]
role = list(filter(filter_null, role))
role = [int(i) for i in role]
if not role:
return JsonResponse({'code': RET.PARAMERR, 'message': '参数错误'})
users = User.objects.filter(role__in=role).order_by('-is_active', '-date_joined')
else:
mems = MemberShip.objects.filter(master=request.user)
users = [mem.slave for mem in mems]
try:
page = int(page)
except TypeError:
logger.info('页码错误')
page = 1
# 每页10条数据
paginator = Paginator(users, settings.PER_PAGE_COUNTS)
if (page > paginator.num_pages) or (page < 0):
page = 1
users = paginator.page(page)
data = []
for user in users:
if user.is_delete:
continue
# 论坛信息展示
ufrs = UserFornumRelation.objects.filter(user=user)
u_fornums = []
for ufr in ufrs:
f = {
'fornum_name': ufr.fornum.fornum_name,
'fornum_id': ufr.fornum.id,
'fornum_code': ufr.fornum.title,
'app_type':ufr.fornum.app_type,
}
u_fornums.append(f)
try:
mem_info = MemberShip.objects.get(slave=user)
except Exception:
remain_days = -1
end_date = -1
else:
remain_days = (mem_info.end_time - datetime.now()).days
end_date = mem_info.end_time.strftime("%Y年%m月%d日 %H:%M")
remain_days = remain_days if remain_days >= 0 else -1
# 父级账户信息展示
try:
mem = MemberShip.objects.get(slave=user)
parent_name = mem.master.name
parent_id = mem.master.id
parent_role = mem.master.role
remarks = user.userinfo_set.first().remarks
except MemberShip.DoesNotExist:
logger.info('%d缺少隶属关系' % user.id)
parent_name = ''
parent_id = -1
parent_role = -1
remarks = ''
try:
d = {
'parent_role': parent_role,
'parent_name': parent_name,
'parent_id': parent_id,
'id': user.id,
'username': user.username,
'name': user.name,
'email': user.email,
'role': user.role,
'remarks': remarks,
'remain_days': remain_days,
'join_date': user.date_joined.strftime("%Y年%m月%d日 %H:%M"),
'end_date': end_date,
'is_in_use': user.is_active,
'fornums': u_fornums
}
except Exception as e:
logger.error(e)
continue
data.append(d)
return JsonResponse({'code': RET.OK, 'message': '成功', 'data': data, 'pages': paginator.num_pages,
'data_length': paginator.count})
def post(self, request):
"""
参数:
mac_address MAC地址参数
user_name 用户名
password 密 码
fornum_code 论坛编号
"""
json_dict = get_json_data(request)
if json_dict is None:
return JsonResponse({"code": RET.PARAMERR, "message": "请使用json格式数据"})
# 用户名
username = json_dict.get("user_name")
# 密码 要md5加密不然不匹配
password = json_dict.get("password")
# mac地址
mac_add = json_dict.get("mac_address")
# 论坛编号
fornum_code = json_dict.get('fornum_code')
# 校验完整性
if not all([username, password, mac_add, fornum_code]):
logger.debug('登陆参数不完整')
return JsonResponse({"code": RET.PARAMERR, "message": "参数不完整"})
if len(password) != 32:
return JsonResponse({'code': RET.PARAMERR, 'message': '密码或账户名错误'})
if len(username) < 4:
return JsonResponse({"code": RET.USERERR, "message": "密码或账户名错误"})
# 检查用户名密码是否错误
user = authenticate(username=username.upper(), password=password)
if user is None or user.is_delete:
return JsonResponse({"code": RET.USERERR, "message": "密码或账户名错误"})
if not user.is_active:
# 判断账户是否过期
return JsonResponse({'code': RET.USERERR, "message": "账户已停用"})
# 校验程序对应论坛用户是否有使用权限
try:
fornum = Fornum.objects.get(title=fornum_code)
except Exception as e:
logger.debug('论坛编号错误')
return JsonResponse({'code': RET.PARAMERR, 'message': '论坛代号错误'})
uf_ids = [uf.fornum.id for uf in UserFornumRelation.objects.filter(user=user).all()]
if fornum.id not in uf_ids:
logger.debug('账户没有使用该软件的权限')
return JsonResponse({'code': RET.USERERR, 'message': '账户没有使用该软件的权限'})
try:
mem = MemberShip.objects.get(slave=user)
if user.role == 6:
if user.last_login is None:
mem.end_time = datetime.now() + timedelta(hours=3)
mem.save()
if mem.end_time < datetime.now():
# 过期了切换账号状态
user.is_active = False
user.save()
return JsonResponse({'code': RET.USERERR, "message": "账户已停用"})
except Exception as e:
logger.warning('%s没有隶属关系记录' % user.username)
pass
# 校验用户使用的机器部分
ip_add = getIPFromDJangoRequest(request)
machines = Machine.objects.filter(user=user, mac_add=mac_add).all()
# 不是新的机器要更新ip,是新的用户要校验是否满足机器个数的限制,记录机器的mac地址和ip
if machines.count():
# 不是0,是已经登陆过的机器,记录IP地址,每个机器,对应单独用户只记录一次
try:
machine = machines.first()
if not machine.is_active:
return JsonResponse({'code': RET.USERERR, 'message': '该机器已被禁用'})
machine.last_ip_add = ip_add
machine.last_login = datetime.now()
machine.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误'})
else:
# 是0,说明是新机器,需要校验账户是否有足够的权限进行登陆操作
if user.role in [3, 5, 6]:
# 代理商和临时账号,广告操作员
if Machine.objects.filter(user=user).all().count():
return JsonResponse({'code': RET.USERERR, 'message': '使用中设备已达上限'})
elif user.role != 1:
# 广告主和后台操作员
used_machine_count = Machine.objects.filter(user=user).all().count()
try:
user_info = UserInfo.objects.get(user=user)
if user_info.accounts <= used_machine_count:
return JsonResponse({'code': RET.USERERR, 'message': '可用设备已达上限'})
except Exception as e:
logger.error("用户%s,遇到%s" % (user.username, e))
return JsonResponse({'code': RET.DBERR, 'message': '数据库错误', })
# 走到这里说明账号可以使用新机器,向machine表中插入一条数据
try:
machine = Machine.objects.create(
user=user,
mac_add=mac_add,
last_ip_add=ip_add,
last_login=datetime.now(),
is_active=True
)
machine.save()
except Exception as e:
logger.error(e)
return JsonResponse({'code': RET.DBERR, 'message': '数据库出了点问题'})
try:
ul = UserLogs.objects.create(
user=user,
softwareType=fornum.id,
load_ip=getIPFromDJangoRequest(request),
mac_add=mac_add
)
ul.save()
except Exception as e:
logger.warn(e)
# 记录登录状态
login(request, user)
return JsonResponse({
"code": RET.OK,
"message": "登陆成功"
})