def get_personal_setting(self):
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
user_id = token_info['uuid']
user_db = UserDao(session=self.session)
user_info = user_db.user(user_id)
self.set_header('Content-Type', 'image/jpg')
avatar = self.get_avatar(user_id)
# 日志
self.log_user_action(token_info.get("uuid"), "get_personal_setting",
"")
result = {
'user_type':
Users.MAPPING[token_info['role_group']],
'company':
token_info['company']['name'] if token_info.get('company') else '',
'user_name':
user_info['user_name'],
'telephone':
user_info['telephone'],
'email':
user_info['email'],
'avatar':
avatar,
'openid':
token_info['openid']
}
return result
def get_sprmgrs(self):
'''
查询得到所有的超级运营员信息(姓名,user_id,管理集团的uuid)
:return:
'''
user_db = UserDao(session=self.session)
com_db = CompanyDao(session=self.session)
sup_mgrs_info = []
user_confs = self.session.query(UserConf).filter(UserConf.type == UserConf.TYPE_ROLE_SUPMGR).all()
spr_mgrs = user_db.get_users_by_role_group(Users.ROLE_SUP_MGR)
syndicate_list = com_db.get_companys(Company.NO_PARENT)
for user_conf in user_confs:
for spr_mgr in spr_mgrs:
if spr_mgr.user_id == user_conf.user_id:
for syndicate in syndicate_list:
if user_conf.company_uuid == syndicate['uuid']:
sup_mgr_info = {
'user_id': user_conf.user_id,
'user_name': spr_mgr.user_name,
'syndicate_uuid': user_conf.company_uuid,
'syndicate_name': syndicate['name'],
'telephone': spr_mgr.telephone,
}
sup_mgrs_info.append(sup_mgr_info)
return sup_mgrs_info
def add_manager(self):
user_name = self.get_argument("user_name", "")
telephone = self.get_argument("telephone", "")
roles = self.get_arguments("role[]")
# data = json.loads(self.request.body)
# user_name = data.get("user_name","")
# telephone = data.get("telephone","")
# roles = data.get("role",[])
self.logger.info("username:"******" telephone:" + telephone +
" role:" + ','.join(roles))
if user_name == '' or telephone == '' or roles == []:
self.set_status(400)
return {"result": False, 'msg': err_msgs['PARAMS_MISSING']}
match = False
try:
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
company_uuid = token_info.get('company_uuid', None)
usr_db = UserDao(session=self.session)
match, usr_id, user_name = usr_db.insert_user(
user_name, telephone, Users.ROLE_MANAGER) #增加用户。
except Exception, e:
self.logger.error(traceback.format_exc())
def get_admins(self):
'''
查询得到所有的管理员信息(姓名,电话号码,user_id)及其拥有权限
:return:
'''
role_rule_db = RoleRulesDao(session=self.session)
user_db = UserDao(session=self.session)
admin_roles = role_rule_db.get_roles(Users.ROLE_ADMIN)
admins = user_db.get_users_by_role_group(Users.ROLE_ADMIN)
admin_confs = self.session.query(UserConf).filter(UserConf.type == UserConf.TYPE_ROLE_ADMIN).all()
admin_infos = []
for admin in admins:
role_info_list = []
for admin_conf in admin_confs:
if admin.user_id == admin_conf.user_id:
for admin_role in admin_roles:
if admin_role['name'] == admin_conf.rule:
role_info_list.append({
'role_name': admin_role['name'],
'role_title': admin_role['title']
})
admin_info = {
'user_id': admin.user_id,
'user_name': admin.user_name,
'telephone': admin.telephone,
'roles': role_info_list
}
admin_infos.append(admin_info)
return admin_infos
def update_personal_setting(self):
user_name = self.get_argument('user_name', "")
email = self.get_argument('email', "")
self.logger.info("user_name:" + user_name + "email:" + email)
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
user_id = token_info['uuid']
# 更新用户信息
usr_db = UserDao(session=self.session)
usr_db.update_user_v2(user_id, user_name)
# 更新用户配置信息
usr_conf_db = UserConfDao(session=self.session)
usr_conf_db.update_account(user_id, UserConf.TYPE_EMAIL, email)
# 更新token 不需要重新生产token
token_info['name'] = user_name
redis.set_token(token, json.dumps(token_info))
# 日志
self.log_user_action(token_info.get("uuid"), "update_personal_setting",
"-")
return {'result': True}
def captcha(self):
telephone = self.get_argument("telephone", '')
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
user_id = token_info['uuid']
user = UserDao(session=self.session)
user_info = user.user(user_id)
old_tel = user_info['telephone']
if old_tel != telephone and user.get_user_id_by_tel(telephone):
result = {'result': False, 'msg': err_msgs['TEL_EXIST']}
self.set_status(400)
return result
if setting.SMS_SEND:
send_res = AuthCode().send_msg(telephone)
if send_res['result']:
code = send_res['code']
else:
result = send_res
self.set_status(400)
return result
else:
code = '123456'
r_captcha = self.redis_captcha(telephone)
redis.set_value(r_captcha, code)
redis.expire(r_captcha, setting.SET_CAPT_EXPIRE_TIME)
result = {'result': True, 'msg': "OK"}
return result
def create_syndicate(self):
name = self.get_argument("name","")
desc = self.get_argument("desc","")
uuid = self.get_argument("uuid","")
user_name = self.get_argument("user_name","")
telephone = self.get_argument("telephone","")
self.logger.info("name:"+name+" desc:"+desc+" user_name:"+user_name+" telephone:"+telephone)
if name == "" or user_name == "" or telephone == "" or uuid == "":
self.set_status(400)
return {"result":False,'msg':err_msgs['PARAMS_MISSING']}
usr_db = UserDao(session= self.session)
# 一个超级运营员只允许管理一个集团
if usr_db.exist_role_group_by_tel(telephone, Users.ROLE_SUP_MGR):
result = {
'result': False,
'msg': err_msgs['ROLE_SUP_MGR_EXIST']
}
self.set_status(400)
return result
match, usr_id, user_name = usr_db.insert_user(user_name,telephone, Users.ROLE_SUP_MGR)
if not match:
result = {
'result': False,
'msg': err_msgs['TEL_NAME_NOT_MATCH'],
'name': user_name
}
self.set_status(400)
return result
token = self.request.headers.get("user_token",None)
redis = RedisBase()
token_info = redis.get_token_info(token)
user_id = token_info['uuid']
com_db = CompanyDao(session=self.session)
# 当uuid已存在时插入失败,返回推荐uuid
if not com_db.insert_company(name,desc,None,user_id,Company.NO_PARENT,uuid,None):
result = {
'result': False,
'msg': err_msgs['COM_UUID_EXIST'],
'recommendation': self.build_company_uuid(uuid)
}
self.set_status(400)
return result
usr_rle_db = UserConfDao(session=self.session)
usr_rle_db.insert_role(usr_id,uuid,UserConf.SUB_ROLE_SUP_MGR,UserConf.TYPE_ROLE_SUPMGR)
# 日志
self.log_user_action(token_info.get("uuid"),"create_syndicate",uuid)
result = {
'result': True
}
return result
def get_managers_count(self, role_name):
self.logger.info("role_name:" + role_name)
usr_db = UserDao(session=self.session)
# 日志
self.log_user_action(self.get_token().get("uuid"),
"get_managers_count", role_name)
result = {'count': usr_db.get_role_count(role_name)}
return result
def get_manager(self, user_id):
'''
获取运营员员的详细信息。包括其管理了几个公司,在每个公司的角色。
:return:
'''
result = {
'result': False,
}
token_info = self.get_token()
# 日志
self.log_user_action(token_info.get("uuid"), "get_manager", user_id)
if (token_info is not None):
syndicate_uuid = token_info.get("syndicate_uuid")
#获取当前集团的所有公司
com_db = CompanyDao(session=self.session)
company_list = com_db.get_companys(syndicate_uuid)
cmpy_dict = {
com_item['uuid']: com_item['name']
for com_item in company_list
}
company_ids = cmpy_dict.keys()
#获取此运营员所管理的公司及在每个公司的角色。
user_conf_db = UserConfDao(session=self.session)
cmpy_role_dict = user_conf_db.get_manager_companies(
user_id, company_ids
) #{company_id2:[role_1,role_2],company_id2:[role_2]}
#获取这些运营员的信息。
user_db = UserDao(session=self.session)
result = user_db.user(user_id, Users.ROLE_MANAGER)
result['user_id'] = str(user_id)
result["roles"] = cmpy_role_dict
result["result"] = True
del result['role']
else:
result = {'result': False, 'msg': err_msgs['No_AUTHENTICATION']}
self.set_status(400)
return result
def get_managers_infos(self):
'''
获取当前公司所有运营员信息。
:return:
'''
beg = self.get_argument("beg", 0)
count = self.get_argument("count", 30)
search = self.get_argument("search", "")
sort = self.get_argument("sort", "telephone")
self.logger.info("sort:" + sort)
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
company_uuid = token_info['company_uuid']
results = []
usr_rules_db = UserConfDao(session=self.session)
mgr_list = usr_rules_db.get_managers_by_company_uuid(company_uuid)
usr_db = UserDao(session=self.session)
for mgr in mgr_list:
usr_info = usr_db.user(mgr['user_id'])
if usr_info['user_name'].find(
search) == -1 and usr_info['telephone'].find(search) == -1:
continue
mgr['user_name'] = usr_info['user_name']
mgr['telephone'] = usr_info['telephone']
results.append(mgr)
results.sort(key=lambda manager: manager['telephone'])
# 日志
self.log_user_action(token_info.get("uuid"), "get_managers_infos", "-")
result = {
"result":
True,
"count":
len(results),
"managers":
results[int(beg):int(beg) + int(count)] if
(int(beg) + int(count)) <= len(results) else results[int(beg):]
}
return result
def delete_manager_v2(self, user_id):
token_info = self.get_token()
# 日志
self.log_user_action(token_info.get("uuid"), "delete_manager_v2",
user_id)
result = {
'result': True,
}
if (token_info is not None):
syndicate_uuid = token_info.get("syndicate_uuid")
#获取当前集团的所有公司
com_db = CompanyDao(session=self.session)
company_list = com_db.get_companys(syndicate_uuid)
cmpy_dict = {
com_item['uuid']: com_item['name']
for com_item in company_list
}
company_ids = cmpy_dict.keys()
#删除用户的原来角色配置。
usr_rfg_db = UserConfDao(session=self.session)
usr_rfg_db.delete_manager_by_user_and_companys(
user_id, company_ids)
#判断此用户是否还有其他的角色,如果没有其他角色就删除此用户。
usr_has_other = usr_rfg_db.has_role(user_id,
UserConf.TYPE_ROLE_MGR)
if (not usr_has_other):
usr_db = UserDao(session=self.session)
usr_db.delete_user(user_id, Users.ROLE_MANAGER)
# 通知该用户,其已经发生变化。
redis = RedisBase()
redis.user_change(user_id, CODE_USER_DELETED, Users.ROLE_MANAGER)
else:
result = {'result': False, 'msg': err_msgs['No_AUTHENTICATION']}
self.set_status(400)
return result
def __add_manager_v2(self, user_name, telephone, roles, syndicate_uuid):
'''
增加用户的内核操作。
:param user_name:
:param telephone:
:param roles: [dict] 结构为{"company_uuid":[role1,role2],}
:return:
'''
try:
user_db = UserDao(session=self.session)
match, user_id, user_name_new = user_db.insert_user(
user_name, telephone, Users.ROLE_MANAGER) #增加用户。
# 如果是更新则更新用户
if not match and user_id:
user_db.update_user(user_id, user_name, telephone)
#获取当前集团的所有公司
com_db = CompanyDao(session=self.session)
company_list = com_db.get_companys(syndicate_uuid)
cmpy_dict = {
com_item['uuid']: com_item['name']
for com_item in company_list
}
company_ids = cmpy_dict.keys()
#删除用户的原来角色配置。
usr_rfg_db = UserConfDao(session=self.session)
usr_rfg_db.delete_manager_by_user_and_companys(
user_id, company_ids)
if (roles is not None):
#插入新的角色配置。
usr_rfg_db.insert_manager_roles(user_id, roles)
# 通知该用户,其已经发生变化。
redis = RedisBase()
redis.user_change(user_id, CODE_USER_MODIFIED, Users.ROLE_MANAGER)
except Exception, e:
self.logger.error(traceback.format_exc())
def get_viewers_infos(self):
# 从query string获取参数
beg = self.get_argument("beg", 0)
count = self.get_argument("count", 30)
search = self.get_argument("search", "")
sort = self.get_argument("sort", "")
# 组织日志
self.logger.info("sort:" + sort)
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
company_uuid = token_info['company_uuid']
results = []
usr_rules_db = UserConfDao(session=self.session)
view_list = usr_rules_db.get_viewers_by_company_uuid(company_uuid)
usr_db = UserDao(session=self.session)
for viewer in view_list:
usr_info = usr_db.user(viewer['user_id'])
if usr_info['user_name'].find(
search) == -1 and usr_info['telephone'].find(search) == -1:
continue
viewer['user_name'] = usr_info['user_name']
viewer['telephone'] = usr_info['telephone']
results.append(viewer)
results.sort(key=lambda viewer: viewer['telephone'])
# 日志
self.log_user_action(token_info.get("uuid"), "get_viewers_infos", "-")
result = {
"result":
True,
"count":
len(results),
"viewers":
results[int(beg):int(beg) + int(count)] if
(int(beg) + int(count)) <= len(results) else results[int(beg):]
}
return result
def delete_viewer(self, user_id):
self.logger.info("user_id:" + user_id)
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
company_uuid = token_info['company_uuid']
usr_rle_db = UserConfDao(session=self.session)
if usr_rle_db.delete_viewer(user_id, company_uuid):
usr_db = UserDao(session=self.session)
usr_db.delete_user(user_id, Users.ROLE_VIEWER)
# 通知该用户,其已经发生变化。
redis.user_change(user_id, CODE_USER_DELETED, Users.ROLE_VIEWER)
# 日志
self.log_user_action(token_info.get("uuid"), "delete_viewer", user_id)
result = {'result': True}
return result
def delete_syndicate(self,uuid):
self.logger.info("uuid:"+uuid)
com_db = CompanyDao(session=self.session)
if com_db.delete_company(uuid):
redis = RedisBase()
# 改变当前登录超级运营员的token状态
tokens = redis.get_all_tokens()
for r_token in tokens:
t_info = json.loads(redis.get_value(r_token))
if t_info.get('syndicate_uuid') == uuid and t_info.get('role_group') == Users.ROLE_SUP_MGR:
t_info['status'] = {
'code': CODE_COM_MODIFIED,
'msg': token_status[CODE_COM_MODIFIED]['msg']
}
redis.set_value(r_token,json.dumps(t_info))
redis.expire(r_token,setting.KICKED_EXPIRE_TIME)
# 删除其他表里该集团超级管理员的相关信息
user_db = UserDao(session=self.session)
user_status_db = UserLastStatusDao(session=self.session)
user_conf_db = UserConfDao(session=self.session)
supers = user_conf_db.get_super_by_synid(uuid)
for super in supers:
# 改变当前登录的超级运营员的状态
user_status_db.del_status(super.user_id, Users.ROLE_SUP_MGR)
user_conf_db.delete_user_by_usrid_and_type(super.user_id, UserConf.TYPE_ROLE_SUPMGR)
user_db.delete_user(super.user_id, Users.ROLE_SUP_MGR)
# 日志
self.log_user_action(self.get_token().get("uuid"),"delete_syndicate",uuid)
return {'result': True}
# 集团下还有公司删除失败
else:
result = {
'result': False,
'msg': err_msgs['HAS_COMS']
}
self.set_status(400)
return result
def unbind_wx(self):
# 获取参数
token = self.request.headers.get("user_token", None)
platform = self.get_argument("from", "web")
# 从token中获取user_id
token_info = self.redis.get_token_info(token)
uuid = token_info['uuid']
# 查找拥有此user_id的用户
user_db = UserDao(session=self.session)
user = user_db.get_user_by_uuid(uuid)
result = {}
if not user:
result.update({"result": False, "msg": err_msgs['USER_NOT_FOUND']})
self.set_status(400)
# 用户没有绑定
elif not user.openid:
result.update({"result": False, "msg": err_msgs['USER_NOT_BOUND']})
self.set_status(400)
else:
# 解绑定
user_db.unbind_user_with_openid(user.user_id,
token_info['role_group'])
# 更新token
# kwargs = {
# "openid": None,
# }
info = json.dumps(
self.gen_token_info(user.user_id, user.role, platform))
self.redis.set_token(token, info)
# 日志
self.log_user_action(user.user_id, "unbind_wx", "-")
result.update({
"result": True,
"msg": "OK",
})
return result
def add_supmanager(self):
user_name = self.get_argument("user_name", "")
telephone = self.get_argument("telephone", "")
syndicate = self.get_argument("syndicate", "")
self.logger.info("username:"******" telephone:" + telephone +
" syndicate:" + syndicate)
if user_name == '' or telephone == '' or syndicate == '':
self.set_status(400)
return {"result": False, 'msg': err_msgs['PARAMS_MISSING']}
usr_db = UserDao(session=self.session)
# 一个超级运营员只允许管理一个集团
if usr_db.exist_role_group_by_tel(telephone, Users.ROLE_SUP_MGR):
result = {'result': False, 'msg': err_msgs['ROLE_SUP_MGR_EXIST']}
self.set_status(400)
return result
match, usr_id, user_name = usr_db.insert_user(user_name, telephone,
Users.ROLE_SUP_MGR)
if not match:
result = {
'result': False,
'msg': err_msgs['TEL_NAME_NOT_MATCH'],
'name': user_name
}
self.set_status(400)
return result
usr_rle_db = UserConfDao(session=self.session)
usr_rle_db.insert_role(usr_id, syndicate, UserConf.SUB_ROLE_SUP_MGR,
UserConf.TYPE_ROLE_SUPMGR)
# 日志
self.log_user_action(self.get_token().get("uuid"), "add_supmgr",
usr_id)
result = {'result': True, 'user_id': usr_id}
return result
def delete_admins(self, user_id):
self.logger.info("user_id:" + user_id)
usr_rle_db = UserConfDao(session=self.session)
admins = usr_rle_db.get_admins()
if len(admins) <= 1:
result = {'result': False, 'msg': err_msgs['CANT_DEL_LAST_ADMIN']}
self.set_status(400)
return result
usr_rle_db.delete_user_by_usrid_and_type(user_id,
UserConf.TYPE_ROLE_ADMIN)
redis = RedisBase()
usr_status_db = UserLastStatusDao(session=self.session)
statuses = usr_status_db.get_status_by_userid_and_role_group(
user_id, Users.ROLE_ADMIN)
for status in statuses:
if redis.exists_token(status.token):
u_token_info = redis.get_token_info(status.token)
u_token_info['status'] = {
'code': CODE_USER_DELETED,
'msg': token_status[CODE_USER_DELETED]['msg']
}
redis.set_token(status.token, json.dumps(u_token_info), False)
usr_status_db.del_status(user_id, Users.ROLE_ADMIN)
usr_db = UserDao(session=self.session)
usr_db.delete_user(user_id, Users.ROLE_ADMIN)
# 日志
self.log_user_action(self.get_token().get("uuid"), "delete_admin",
user_id)
result = {'result': True}
return result
def delete_manager(self, user_id):
self.logger.info("user_id:" + user_id)
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
company_uuid = token_info['company_uuid']
usr_rle_db = UserConfDao(session=self.session)
usr_rle_db.delete_company_user(user_id, company_uuid,
UserConf.TYPE_ROLE_MGR)
usr_status_db = UserLastStatusDao(session=self.session)
statuses = usr_status_db.get_status_by_userid_and_role_group(
user_id, Users.ROLE_MANAGER)
for status in statuses:
if company_uuid == status.company_uuid and redis.exists_token(
status.token):
u_token_info = redis.get_token_info(status.token)
u_token_info['status'] = {
'code': CODE_USER_DELETED,
'msg': token_status[CODE_USER_DELETED]['msg']
}
redis.set_token(status.token, json.dumps(u_token_info), False)
has_managers = usr_rle_db.has_role(user_id, UserConf.TYPE_ROLE_MGR)
if not has_managers:
usr_db = UserDao(session=self.session)
usr_db.delete_user(user_id, Users.ROLE_MANAGER)
usr_status_db.del_status(user_id, Users.ROLE_MANAGER)
# 通知该用户,其已经发生变化。
redis.user_change(user_id, CODE_USER_MODIFIED, Users.ROLE_VIEWER)
# 日志
self.log_user_action(token_info.get("uuid"), "delete_manager", user_id)
result = {'result': True}
return result
def captcha(self):
telephone = self.get_argument("telephone", '')
role = self.get_argument("role", None)
user = UserDao(session=self.session)
user_id = user.get_user_id_by_tel_and_role(telephone, role)
if not user_id: # 判断手机号是否存在
result = {
'result': False,
'msg': err_msgs['TEL_OR_ROLE_NOT_EXIST']
}
self.set_status(400)
return result
# if not user.exist_role_group(user_id, role): # 判断用户是否存在该角色
# result = {
# 'result': False,
# 'msg': err_msgs['ROLE_NOT_EXIST']
# }
# self.set_status(400)
# return result
if setting.SMS_SEND:
send_res = AuthCode().send_msg(telephone)
if send_res['result']:
code = send_res['code']
else:
result = send_res
self.set_status(400)
return result
else:
code = '123456'
r_captcha = self.redis_captcha(telephone)
self.redis.set_value(r_captcha, code)
self.redis.expire(r_captcha, setting.CAPTCHA_EXPIRE_TIME)
result = {'result': True, 'msg': "OK"}
return result
def add_admin(self):
user_name = self.get_argument("user_name", "")
telephone = self.get_argument("telephone", "")
roles = self.get_arguments("role[]")
if user_name == '' or telephone == '':
self.set_status(400)
return {"result": False, 'msg': err_msgs['PARAMS_MISSING']}
usr_db = UserDao(session=self.session)
# 一个手机号只能存在一个管理员角色
if usr_db.exist_role_group_by_tel(telephone, Users.ROLE_ADMIN):
result = {'result': False, 'msg': err_msgs['ROLE_ADMIN_EXIST']}
self.set_status(400)
return result
match, usr_id, user_name = usr_db.insert_user(user_name, telephone,
Users.ROLE_ADMIN)
if not match:
result = {
'result': False,
'msg': err_msgs['TEL_NAME_NOT_MATCH'],
'name': user_name
}
self.set_status(400)
return result
usr_rle_db = UserConfDao(session=self.session)
for role in roles:
usr_rle_db.insert_role(usr_id, UserConf.ACC_COM_ID, role,
UserConf.TYPE_ROLE_ADMIN)
# 日志
self.log_user_action(self.get_token().get("uuid"), "add_admin", usr_id)
result = {'result': True, 'user_id': usr_id}
return result
def edit_super(self):
user_id = self.get_argument("user_id", "")
user_name = self.get_argument("user_name", "")
telephone = self.get_argument("telephone", "")
syndicate = self.get_argument("syndicate", "")
self.logger.info("user_id:" + user_id + " username:"******" telephone:" + telephone + " syndicate:" +
syndicate)
if user_id == "" or user_name == "" or telephone == "" or syndicate == "":
self.set_status(400)
return {"result": False, 'msg': err_msgs['PARAMS_MISSING']}
# 更新User表中的信息
usr_db = UserDao(session=self.session)
user_info = usr_db.user(user_id)
old_tel = user_info['telephone']
# 当手机号发生改变时判断该手机号是否存在
if old_tel != telephone and usr_db.get_user_id_by_tel(telephone):
result = {'result': False, 'msg': err_msgs['TEL_EXIST']}
self.set_status(400)
return result
usr_db.update_user(user_id, user_name, telephone)
usr_rle_db = UserConfDao(session=self.session)
old_syn = usr_rle_db.get_companys_by_userid_and_type(
user_id, UserConf.TYPE_ROLE_SUPMGR)[0]
# 当超级运营员集团发生改变时更新其最后一次状态表,如果正登录,改变其登录状态
if old_syn != syndicate:
usr_rle_db.update_synid(user_id, syndicate)
usr_status_db = UserLastStatusDao(session=self.session)
usr_status_db.set_company(user_id, None, Users.ROLE_SUP_MGR)
statuses = usr_status_db.get_status_by_userid_and_role_group(
user_id, Users.ROLE_SUP_MGR)
redis = RedisBase()
for status in statuses:
if redis.exists_token(status.token):
u_token_info = redis.get_token_info(status.token)
u_token_info['status'] = {
'code': CODE_COM_MODIFIED,
'msg': token_status[CODE_COM_MODIFIED]['msg']
}
redis.set_token(status.token, json.dumps(u_token_info),
False)
# 日志
self.log_user_action(self.get_token().get("uuid"), "edit_super",
user_id)
result = {'result': True}
return result
def bind_telephone(self):
telephone_old = self.get_argument('telephone_old', "")
telephone_new = self.get_argument('telephone_new', "")
captcha = self.get_argument("captcha", "")
self.logger.info(" telephone:" + telephone_new)
token = self.request.headers.get("user_token", None)
redis = RedisBase()
token_info = redis.get_token_info(token)
user_id = token_info['uuid']
usr_db = UserDao(session=self.session)
user_info = usr_db.user(user_id)
if telephone_old != user_info["telephone"]:
result = {'result': False, 'msg': err_msgs['TEL_NOT_SAME']}
self.set_status(400)
return result
if telephone_old != telephone_new and usr_db.get_user_id_by_tel(
telephone_new):
result = {'result': False, 'msg': err_msgs['TEL_ALREADY_BOUND']}
self.set_status(400)
return result
r_captcha = self.redis_captcha(telephone_old)
authcode = redis.get_value(r_captcha)
if not authcode:
result = {'result': False, 'msg': err_msgs['SMS_TIMEOUT']}
self.set_status(400)
return result
if authcode != captcha:
result = {'result': False, 'msg': err_msgs['SMS_ERR']}
self.set_status(400)
return result
# 删除redis中的验证码信息
redis.del_key(r_captcha)
usr_db.bind_user_with_tel(user_id, telephone_new)
token_info['telephone'] = telephone_new
redis.set_token(token, json.dumps(token_info))
# 日志
self.log_user_action(token_info.get("uuid"), "bind_telephone",
telephone_new)
return {'result': True}
def edit_admins(self):
user_id = self.get_argument("user_id", "")
user_name = self.get_argument("user_name", "")
telephone = self.get_argument("telephone", "")
roles = self.get_arguments("role[]")
self.logger.info("user_id:" + user_id + " username:"******" telephone:" + telephone)
if user_id == "" or user_name == "" or telephone == "":
self.set_status(400)
return {"result": False, 'msg': err_msgs['PARAMS_MISSING']}
# 更新User表中的信息
usr_db = UserDao(session=self.session)
user_info = usr_db.user(user_id)
old_tel = user_info['telephone']
# 当手机号发生改变时判断该手机号是否存在
if old_tel != telephone and usr_db.get_user_id_by_tel(telephone):
result = {'result': False, 'msg': err_msgs['TEL_EXIST']}
self.set_status(400)
return result
usr_db.update_user(user_id, user_name, telephone)
usr_rle_db = UserConfDao(session=self.session)
# 通知该用户,其已经发生变化。
redis = RedisBase()
redis.user_change(user_id, CODE_USER_MODIFIED, Users.ROLE_ADMIN)
# 删除admin的相关信息
usr_rle_db.delete_company_user(user_id, UserConf.ACC_COM_ID,
UserConf.TYPE_ROLE_ADMIN)
# 重新插入admin
for role in roles:
usr_rle_db.insert_role(user_id, UserConf.ACC_COM_ID, role,
UserConf.TYPE_ROLE_ADMIN)
# 日志
self.log_user_action(self.get_token().get("uuid"), "edit_admin",
user_id)
result = {'result': True}
return result
def test_insert_user(self):
usr_db = UserDao(session=self.session)
print usr_db.insert_user(u"小gg", "133132132132", Users.ROLE_ADMIN)
def login_wx(self):
# 获取参数
code = self.get_argument("code", None)
platform = self.get_argument("from", "web")
state = self.get_argument("state", None)
syn_uuid = self.get_argument("syn_uuid", None)
# 获取state中存储的信息
state_info = self.redis.get_state_info(state) if state else None
result = {}
# 未获取认证码
if (platform == setting.PLATFORM_WEB and
(not code or not state)) or (platform == setting.PLATFORM_MOBILE
and (not code or not syn_uuid)):
result.update({"result": False, "msg": err_msgs['PARAMS_MISSING']})
self.set_status(400)
elif platform == setting.PLATFORM_WEB and not state_info:
result.update({
"result": False,
"msg": err_msgs['STATE_TIME_OUT'],
})
self.set_status(400)
else:
if platform == setting.PLATFORM_WEB:
# 获取角色
role = state_info.get('role')
else:
role = Users.ROLE_VIEWER
# 换取access_token等信息
auth_info = exchange_for_access_token(code, None, platform)
# auth_info获取失败
if auth_info.get('errcode', 0):
result.update({
"result": False,
"msg": err_msgs[str(auth_info.get('errcode', 0))]
})
self.set_status(502)
else:
# 查找拥有此openid的用户
user_db = UserDao(session=self.session)
user = user_db.get_user_by_openid_and_role(
auth_info['openid'], role)
if not user:
result.update({
"result": False,
"msg": err_msgs['WX_NOT_BOUND']
})
self.set_status(400)
else:
# 用户已登录将其踢出
usr_status_db = UserLastStatusDao(session=self.session)
status = usr_status_db.get_specific_status(
user.user_id, role, platform)
if status and status.token and self.redis.exists_token(
status.token):
old_token = self.redis.get_token_info(status.token)
old_token['status'] = {
'code': CODE_USER_KICKED,
'msg': token_status[CODE_USER_KICKED]['msg']
}
self.redis.set_token(status.token,
json.dumps(old_token), False)
# 设置token信息
info = json.dumps(
self.gen_token_info(user.user_id, role, platform, {}))
token = self.build_token(user.telephone)
self.redis.set_token(token, info, platform=platform)
# 设置用户最后一次状态表中的token信息
usr_status_db = UserLastStatusDao(session=self.session)
usr_status_db.set_token(user.user_id,
role,
token,
platform=platform)
# 日志
self.log_user_action(user.user_id, "login_wx", "-")
result.update({
"result": True,
"msg": "OK",
"token": token,
})
if platform == setting.PLATFORM_MOBILE:
# 如果是手机端,则在登陆时一次性将公司列表也返回
usr_conf_db = UserConfDao(session=self.session)
com_db = CompanyDao(session=self.session)
companys = usr_conf_db.get_companys_by_userid_and_type(
user.user_id, UserConf.TYPE_ROLE_VIEWER)
company_list = []
for com_uuid in companys:
company = com_db.get_company_by_uuid(
com_uuid, False)
t_item = {
'uuid': com_uuid,
'name': company['name'],
'desc': company['desc'],
'property': company['property'],
'py': company['py'],
'id': company['id']
}
company_list.append(t_item)
company_list.sort(key=lambda com: com["py"])
result.update(companys=company_list,
hostname=syn_uuid +
setting.HOST_NAME_SUFFIX)
return result
def bind_wx(self):
# 获取参数
code = self.get_argument("code", None)
token = self.request.headers.get("user_token", None)
platform = self.get_argument("from", "web")
result = {}
# 未获取认证码
if not code:
result.update({"result": False, "msg": err_msgs['PARAMS_MISSING']})
self.set_status(400)
else:
# 从token中获取user_id
token_info = self.redis.get_token_info(token)
#user = user_db.get_user_by_uuid(uuid)
if not token_info:
result.update({
"result": False,
"msg": err_msgs['USER_NOT_FOUND']
})
self.set_status(400)
else:
# 查找拥有此user_id的用户
user_db = UserDao(session=self.session)
uuid = token_info['uuid']
openid = token_info["openid"]
role_group = token_info["role_group"]
if not user_db.isbind_wx_user(uuid): # 微信号被绑定过之后不再允许绑定
# 换取access_token等信息
auth_info = exchange_for_access_token(code, None, platform)
# 获取auth_info失败
if auth_info.get('errcode', 0):
result.update({
"result":
False,
"msg":
err_msgs[str(auth_info.get('errcode', 0))],
})
self.set_status(502)
# openid和之前的不相同--添加或更新
elif auth_info.get('openid',
0) and auth_info['openid'] != openid:
user_db.bind_user_with_openid(uuid,
auth_info['openid'],
role_group)
# 更新token
info = json.dumps(
self.gen_token_info(uuid, role_group, platform,
{}))
self.redis.set_token(token, info)
# 日志
self.log_user_action(uuid, "bind_wx", "-")
result.update({
"result": True,
"msg": "OK",
})
else:
result.update({
"result": False,
"msg": err_msgs['WX_ALREADY_BOUND'],
"bound": True,
})
self.set_status(400)
# result.update({
# "result":True,
# "msg":"OK",
# })
return result
def pkg_token(self, user_id, role_group, platform):
'''
:param user_id:
:param role_group:
:param platform:
:return:
'''
#TODO: 此方法要修改成逻辑更清晰的,且需要的数据都是通过参数传入,而不依赖数据库。依赖之前的token,如果之前的为NONE,则使用当前传入数据重新构建一个。
# 获取用户相关信息
user_db = UserDao(session=self.session)
user_info = user_db.user(user_id)
if (platform == 'mobile'):
expire_time = setting.TOKEN_EXPIRE_TIME_FOR_MOBILE
else:
expire_time = setting.TOKEN_EXPIRE_TIME
if role_group == Users.ROLE_ADMIN:
token = {
"uuid": user_id,
"openid":user_info['openid'],
"name": user_info['user_name'],
"expire_time": expire_time,
"role_group": role_group,
"rule": ['rule_sys_manager_syndicate','rule_sys_manager_super'],
"status": {
'code': CODE_OK,
'msg': token_status[CODE_OK]['msg']
}
}
return token
# 获取用户user_conf表中对应的role_type
role_type = self.get_user_conf_type(role_group)
# 根据最后状态表得到用户的company_id
usr_status_db = UserLastStatusDao(session=self.session)
status = usr_status_db.get_specific_status(user_id, role_group, platform)
com_db = CompanyDao(session=self.session)
if status and status.company_uuid and com_db.com_exists(status.company_uuid): # 最后状态表没有数据或者上次操作的公司不存在需要重新选择公司
company_uuid = status.company_uuid
# 查询公司的相关信息
com_db = CompanyDao(session=self.session)
com_info = com_db.get_company_by_uuid(company_uuid)
# 查询该角色在该公司下的角色和权限
user_conf = UserConfDao(session=self.session)
if role_group == Users.ROLE_SUP_MGR:
roles = user_conf.get_spec_roles(user_id,com_info['parent']['uuid'],role_type)
else:
roles = user_conf.get_spec_roles(user_id,company_uuid,role_type)
role_rule_db = RoleRulesDao(session=self.session)
rules = []
for role in roles:
rules.extend(role_rule_db.get_role_rules(role))
token = {
"name": user_info['user_name'],
"uuid": user_id,
"openid":user_info['openid'],
"role": roles,
"role_group": role_group,
"expire_time": expire_time,
"rule": rules,
"company_uuid": company_uuid,
"company": {
'name': com_info['name'],
'es_host': ES_HOST,
'es_index': com_info['index']
},
"syndicate_uuid": com_info['parent']['uuid'],
"syndicate": com_info['parent']['name']
}
else:
user_conf_db = UserConfDao(session=self.session)
syndicate_uuid = user_conf_db.get_companys_by_userid_and_type(user_id,role_type)[0]
syndicate_info = com_db.get_company_by_uuid(syndicate_uuid,False)
roles = user_conf_db.get_spec_roles(user_id,syndicate_uuid,role_type)
role_rule_db = RoleRulesDao(session=self.session)
rules = []
for role in roles:
rules.extend(role_rule_db.get_role_rules(role))
token = {
"name": user_info['user_name'],
"uuid": user_id,
"openid":user_info['openid'],
"role": roles,
"role_group": role_group,
"expire_time": expire_time,
"rule": rules,#['rule_setting_personal','rule_ac_manager_company'],
"syndicate_uuid": syndicate_uuid,
"syndicate": syndicate_info['name']
}
token['status'] = {
'code': CODE_OK,
'msg': token_status[CODE_OK]['msg']
}
return token
def gen_token_info(self, user_id=None, role_group=None, platform='web', old_token_info=None, **kwargs):
'''
查询与生成token_info相关的信息,并调用组装函数组装token
:param user_id: 用户ID
:param role_group: 用户角色组
:param platform: 登录平台
:param old_token_info: 旧的token
:param kwargs: 需要更新的内容,不管是重新生成还是更新旧的token,格式需要注意:指定的key可以是openid,name,update_at,role,role_group,rule,company,syndicate_uuid,syndicate.
:return:
'''
#TODO: 此方法要修改成逻辑更清晰的,且需要的数据都是通过参数传入,而不依赖数据库。依赖之前的token,如果之前的为NONE,则使用当前传入数据重新构建一个。
token_info = {}
# 移动端存入app的版本信息和登录平台信息
if platform == setting.PLATFORM_MOBILE:
token_info.update(expire_time=setting.TOKEN_EXPIRE_TIME_FOR_MOBILE,app_version_info=kwargs.get("app_version_info"),platform=platform)
else:
token_info.update(expire_time=setting.TOKEN_EXPIRE_TIME,platform=platform)
# 根据之前的token更新键值对,不需要重新生成新token
if old_token_info:
for k,v in kwargs.items():
if old_token_info.has_key(k):
old_token_info.update({k:v})
token_info.update(old_token_info)
else:
user_db = UserDao(session=self.session)
usr_status_db = UserLastStatusDao(session=self.session)
com_db = CompanyDao(session=self.session)
user_conf_db = UserConfDao(session=self.session)
role_rule_db = RoleRulesDao(session=self.session)
# 获取用户相关信息
user_info = user_db.user(user_id)
# 获取用户user_conf表中对应的role_type
role_type = self.get_user_conf_type(role_group)
if role_group == Users.ROLE_ADMIN:
# TODO 获取admin角色rules的函数可能需要修改成通过role_group参数获取,当前是role参数,也可以通过新建一个函数获取
roles = user_conf_db.get_spec_roles(user_id,UserConf.ACC_COM_ID,role_type)
com_and_synd_info = None
else:
# 根据最后状态表得到用户的company_id
status = usr_status_db.get_specific_status(user_id, role_group, platform)
com_and_synd_info = {}
# 查询公司的相关信息(包括公司和集团)
if status and status.company_uuid and com_db.com_exists(status.company_uuid): # 最后状态表没有数据或者上次操作的公司不存在需要重新选择公司
com_and_synd_info.update(com_db.get_company_by_uuid(status.company_uuid))
else:
syndicate_uuid = user_conf_db.get_companys_by_userid_and_type(user_id,role_type)[0]
com_and_synd_info.update(com_db.get_company_by_uuid(syndicate_uuid,False))
# 获取roles
if com_and_synd_info.get('parent') and role_group == Users.ROLE_SUP_MGR:
roles = user_conf_db.get_spec_roles(user_id,com_and_synd_info['parent']['uuid'],role_type)
else:
roles = user_conf_db.get_spec_roles(user_id,com_and_synd_info['uuid'],role_type)
# 获取rules
rules = []
for role in roles:
rules.extend(role_rule_db.get_role_rules(role))
token_info.update(self.pkg_token_v2(user_info, role_group, roles=roles, rules=rules,com_and_synd_info=com_and_synd_info,**kwargs))
return token_info
def verify_args(self,captcha=None,telephone=None,v_id=None,v_code=None,role=None,platform=None,app_version=None,m_platform=None, syn_uuid=None):
'''
判断短信验证码和图形验证码是否正确
:param captcha: 用户填写的手机验证码
:param telephone: 手机号
:param v_id: 图形验证码id
:param v_code: 用户填写的图形验证码
:param app_version
:param m_platform
:param syn_uuid
:return:
'''
authcode = self.redis.get_value(self.redis_captcha(telephone))
verify_code = self.redis.get_value(self.redis_verify(v_id))
user = UserDao(session=self.session)
user_id = user.get_user_id_by_tel_and_role(telephone,role)
result = {}
if not authcode: # 判断短信验证码是否失效
result.update({
'result': False,
'msg': err_msgs['SMS_TIMEOUT'],
})
self.set_status(417)
elif authcode and authcode != captcha: # 判断短信验证码是否一致
if self.redis.error_num_over(telephone):
pass #连续输入错误5次锁死该用户
result.update({
'result': False,
'msg': err_msgs['SMS_ERR'],
})
self.set_status(400)
elif v_id and not verify_code:# 判断图形验证码是否失效
result.update({
'result': False,
'msg': err_msgs['VERIFY_TIMEOUT'],
})
self.set_status(417)
elif verify_code and verify_code.lower() != v_code.lower():# 判断图形验证码是否一致
result.update({
'result': False,
'msg': err_msgs['VERIFY_ERR'],
})
self.set_status(400)
elif not user_id: # 判断用户
result.update({
'result': False,
'msg': err_msgs['TEL_OR_ROLE_NOT_EXIST']
})
self.set_status(404)
elif platform == setting.PLATFORM_MOBILE and (not app_version or not m_platform or not syn_uuid):
result.update({
'result': False,
'msg': err_msgs['PARAMS_MISSING']
})
self.set_status(400)
else:
result.update({
'user_id':user_id,
'result': True,
})
# 删除redis中的短信验证码信息
self.redis.del_key(self.redis_captcha(telephone))
# 删除redis中的图形验证码信息
self.redis.del_key(self.redis_verify(v_id))
# 删除用户验证码输入错误相关的信息
self.redis.del_key(self.redis_err_num(telephone))
return result
