def calendar(year):
company = g.user.company
if request.method == 'GET':
access_calendar = AccessCalendar.get_or_create(company.id, year)
elif request.method == 'PUT':
params = request.get_json() or request.form
access_calendar = AccessCalendar.get_or_create(company.id, year)
access_calendar.days = params['days']
db.session.add(access_calendar)
update_company_data_version(company)
return success_result(access_calendar.get_json())
def add_visitor():
params = request.form or request.get_json()
try:
name = params['name']
photo = request.files.get('photo')
purpose = params.get('purpose')
interviewee = params.get('interviewee')
come_from = params.get('come_from')
phone = params.get('phone')
remark = params.get('remark')
company_id = g.user.company_id
start_time = int(params.get('start_time', 0))
end_time = int(params.get('end_time', 0))
vip = bool(int(params.get('vip', False)))
subject_type = int(params.get('subject_type', 1))
description = params.get('description')
except:
import traceback
print traceback.format_exc()
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not start_time or not end_time:
start_time = g.TIMESTAMP - 5 * 60
end_time = g.TIMESTAMP + 2 * 3600
if vip:
subject_type = SubjectType.TYPE_VIP
subject = Subject(company_id=company_id,
name=name,
subject_type=subject_type,
description=description,
remark=remark,
start_time=start_time,
end_time=end_time,
purpose=purpose,
interviewee=interviewee,
come_from=come_from,
phone=phone,
password='******')
db.session.add(subject)
db.session.commit()
if photo:
photo, error = create_user_photo(photo, company_id)
if error:
return error
subject.photos.append(photo)
update_company_data_version(g.user.company, subject.id)
return success_result(subject.get_json())
def user_info(subject_id):
if subject_id is None:
subject = g.subject
else:
subject = g.subject.visitors.filter_by(id=subject_id).first()
if subject is None:
return abort(404)
if request.method == 'GET':
attendance = subject.attendances.filter_by(date=date.today()).first()
ret = subject.get_json(with_photos=True)
ret['holiday'] = is_holiday(g.subject.company_id, date.today())
ret['today'] = time.time()
ret['clock_in'] = u'无'
ret['clock_out'] = u'无'
if attendance and attendance.earliest_record:
ret['clock_in'] = timestamp_to_timestring(
attendance.earliest_event.timestamp)
if attendance and attendance.latest_record:
ret['clock_out'] = timestamp_to_timestring(
attendance.latest_event.timestamp)
ret['boxes'] = [box.get_json() for box in subject.company.boxes]
return success_result(ret)
elif request.method == 'PUT':
params = request.form or request.get_json()
fields = ('description', 'avatar', 'start_time', 'end_time', 'title',
'gender', 'department', 'name', 'email', 'phone', 'purpose',
'interviewee', 'come_from', 'job_number', 'remark',
'visit_notify', 'subject_type')
subject.update(fields, params)
if params.get('birthday'):
subject.birthday = date.fromtimestamp(int(params['birthday']))
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
return success_result(subject.get_json())
elif request.method == 'DELETE':
subject = Subject.query.get(subject_id)
if subject is None:
return abort(404)
if g.subject.visitors.filter_by(id=subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
for photo in subject.photos:
storage.remove(photo.url)
company = subject.company
db.session.delete(subject)
db.session.commit()
update_company_data_version(company, subject.id)
return success_result()
def subject_import_photo():
try:
photo = request.files['photo']
name = photo.filename.rsplit('.', 1)[0]
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
photo, error = create_user_photo(photo, g.user.company_id)
if error:
return error
subject = Subject(company_id=g.user.company_id, subject_type=SubjectType.TYPE_EMPLOYEE,
name=name, create_time=g.TIMESTAMP)
subject.photos.append(photo)
db.session.add(subject)
db.session.commit()
update_company_data_version(g.user.company, subject.id)
return success_result(subject.get_json(with_photos=True))
def login():
params = request.form or request.get_json()
try:
username = params['username']
password = params['password']
pad_id = params['pad_id']
device_type = int(params['device_type'])
if device_type not in [ScreenType.DOOR_PAD, ScreenType.FRONT_PAD]:
raise Exception()
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=username).first()
if user:
if user.check_password(password):
if not user.password_reseted:
return error_result(ErrorCode.ERROR_PASSWORD_NEED_CHANGE)
login_user(user)
ret = user.get_json()
if pad_id == 'importer':
return success_result(ret)
screen = Screen.query.filter_by(company_id=user.company_id,
token=pad_id).first()
if screen is None:
screen = Screen(
company_id=user.company_id,
token=pad_id,
name='pad',
theme='center',
type=device_type,
camera_position=ScreenType.get_desc(device_type))
db.session.add(screen)
db.session.commit()
update_company_data_version(user.company)
ret['position'] = screen.camera_position
ret['screen_token'] = screen.token
ret['boxes'] = [box.get_json() for box in user.company.boxes]
ret['company'] = user.company.get_json()
return success_result(ret)
else:
return error_result(ErrorCode.ERROR_PASSWORD_ERROR)
else:
return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
def subject_photo_delete(photo_id):
photo = Photo.query.get(photo_id)
subject = Subject.query.get(photo.subject_id)
if photo is None:
return abort(404)
if g.subject.visitors.filter_by(id=photo.subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
storage.remove(photo.url)
db.session.delete(photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == photo.subject_id).\
filter(PhotoAlternative.url == photo.url).delete()
db.session.commit()
update_company_data_version(g.subject.company, subject.id)
return success_result({})
def attendance_setting():
company = g.user.company
if request.method == 'GET':
ret = {
'door_range': json.loads(company.door_range),
'attendance_on': company.attendance_on,
'attendance_range': json.loads(company.normal_time),
'tolerance': json.loads(company.tolerance),
'weekdays': json.loads(company.door_weekdays),
'attendance_weekdays': json.loads(company.attendance_weekdays),
'warning': company.warning
}
return success_result(ret)
elif request.method == 'PUT':
params = request.get_json()
company.door_range = json.dumps(params['door_range'])
company.normal_time = json.dumps(params['attendance_range'])
company.tolerance = json.dumps(params['tolerance'])
company.attendance_on = params['attendance_on']
weekdays = json.dumps(params['weekdays'])
attendance_weekdays = json.dumps(params.get('attendance_weekdays', []))
# 更新门禁控制
if company.door_weekdays != weekdays:
access_calendar = AccessCalendar.get_or_create(
company.id,
datetime.date.today().year)
access_calendar.set_weekdays(params['weekdays'])
db.session.add(access_calendar)
company.door_weekdays = weekdays
# 更新考勤日期
if company.attendance_weekdays != attendance_weekdays:
attendance_calendar = AttendanceCalendar.get_or_create(
company.id,
datetime.date.today().year)
attendance_calendar.set_weekdays(
params.get('attendance_weekdays', []))
db.session.add(attendance_calendar)
company.attendance_weekdays = attendance_weekdays
company.warning = params['warning']
db.session.add(company)
update_company_data_version(company)
return success_result({})
def subject_avatar_create():
try:
avatar = request.files['avatar']
subject_id = int(request.form.get('subject_id', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not avatar:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
image_uri = storage.save_image(avatar.stream, 'avatar', resize=(300, 300), sync=True)
if not image_uri:
return error_result(ErrorCode.ERROR_UNKNOWN)
if subject_id:
subject = Subject.query.get(subject_id)
subject.avatar = image_uri
db.session.add(subject)
db.session.commit()
update_company_data_version(g.user.company, subject.id)
return success_result({'url': storage.get_url(image_uri)})
def update_avatar(subject_id):
if subject_id is None:
subject = g.subject
else:
subject = g.subject.visitors.filter_by(id=subject_id).first()
if subject is None:
return abort(404)
avatar_file = request.files.get('avatar')
if avatar_file is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
uri = storage.save_image(avatar_file.stream, 'avatar', resize=(300, 300))
if not uri:
return error_result(ErrorCode.ERROR_UNKNOWN)
subject.avatar = uri
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
return success_result(subject.get_json())
def subject_photo_create():
try:
payload = request.files['photo']
subject_id = int(request.form.get('subject_id', 0))
old_photo_id = int(request.form.get('old_photo_id', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not payload:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if subject_id:
subject = Subject.query.filter_by(id=subject_id).first()
if subject is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
subject_type = subject.subject_type
if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(
AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
photo, error = create_user_photo(payload, g.user.company_id)
if error:
return error
# delete old photo
if subject_id and old_photo_id:
old_photo = Photo.query.get(old_photo_id)
if old_photo and old_photo.subject_id == subject_id:
storage.remove(old_photo.url)
db.session.delete(old_photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \
filter(PhotoAlternative.url == old_photo.url).delete()
if subject_id:
photo.subject_id = subject_id
db.session.add(photo)
db.session.commit()
if subject_id:
update_company_data_version(g.user.company, subject.id)
return success_result(photo.get_json())
def add_visitor():
params = request.args or request.get_json() or request.form
device, err = get_device_from_params(params)
if err is not None:
return error_result(err)
name = params.get('name')
vip = params.get('vip', False)
photo = request.files.get('photo')
company = device.company
if not photo:
error_result(ErrorCode.ERROR_INVALID_PARAM)
if not name:
name = generate_name() + u'(临时名)'
user_photo, error = create_user_photo(photo, company.id)
if error:
return error
subject_type = SubjectType.TYPE_VIP if vip else SubjectType.TYPE_VISITOR
start_time = g.TIMESTAMP - 5 * 60
end_time = g.TIMESTAMP + 2 * 3600
subject = Subject(company_id=company.id,
name=name,
subject_type=subject_type,
start_time=start_time,
end_time=end_time)
db.session.add(subject)
db.session.commit()
user_photo.subject_id = subject.id
db.session.add(user_photo)
db.session.commit()
update_company_data_version(company, subject.id)
return success_result(subject.get_data())
def bind_box():
params = request.form or request.get_json()
try:
email = params['email']
password = params['password']
box_token = params['box_token']
is_binding = params['binding'] == 'true'
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=email).first()
if not user:
return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
if not user.check_password(password):
return error_result(ErrorCode.ERROR_PASSWORD_ERROR)
box = Box.query.filter_by(box_token=box_token).first()
if not box:
return error_result(ErrorCode.ERROR_BOX_NOT_EXIST)
if is_binding:
if box.company_id is not None:
return error_result(ErrorCode.ERROR_BOX_BINDED)
box.company_id = user.company_id
db.session.add(box)
db.session.commit()
update_company_data_version(box.company)
else:
if box.company_id is None:
return error_result(ErrorCode.ERROR_BOX_NOT_BINDED)
if box.company_id != user.company_id:
return error_result(ErrorCode.ERROR_BOX_NOT_MATCH_USER)
update_company_data_version(box.company)
box.company_id = None
db.session.add(box)
db.session.commit()
return success_result({})
def subject_detail(sid):
params = request.form or request.get_json() or request.args
subject = g.user.company.subjects.filter_by(id=sid).first()
if not subject:
return error_result(ErrorCode.ERROR_SUBJECT_NOT_EXIST)
if request.method == 'GET':
return success_result(subject.get_json(with_photos=True))
subject_type = subject.subject_type
if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
if request.method == 'PUT':
email = params.get('email')
avatar = params.get('avatar')
if email and Subject.query.filter(Subject.id != sid, Subject.email == email).first():
return error_result(ErrorCode.ERROR_EMAIL_EXISTED)
if params.get('visitor_type') is not None:
params['subject_type'] = params['visitor_type']
fields = (
'subject_type',
'description',
'title',
'gender',
'start_time',
'end_time',
'department',
'name',
'email',
'phone',
'purpose',
'interviewee',
'come_from',
'job_number',
'remark'
)
subject.update(fields, params)
if avatar is None:
pass
elif avatar.startswith('http'):
pass
elif avatar == '':
storage.remove(subject.avatar)
subject.avatar = ''
elif avatar.startswith('data:image'):
avatar_url = storage.save_image_base64(avatar, 'avatar', sync=True)
if avatar_url:
storage.remove(subject.avatar)
subject.avatar = avatar_url
DisplayDevice.query.filter_by(company_id=subject.company.id).update({'user_info_timestamp': g.TIMESTAMP})
if 'photo_ids' in params:
_update_photos(subject, params['photo_ids'])
if 'birthday' in params:
subject.birthday = datetime.date.fromtimestamp(int(params['birthday'])) if params['birthday'] else None
if 'entry_date' in params:
subject.entry_date = datetime.date.fromtimestamp(int(params['entry_date'])) if params[
'entry_date'] else None
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
elif request.method == 'DELETE':
for photo in subject.photos:
storage.remove(photo.url)
db.session.delete(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
return success_result(subject.get_json(with_photos=True))