def __call__(self, form, field):
if not permission_role_administrator.can():
# 非系统角色,不能修改自己的角色
condition = [
User.id == form.id.data,
User.role_id != field.data,
]
row = get_user_row(*condition)
if row:
raise ValidationError(self.message or _('Permission denied, role cannot be modified'))
def lists():
"""
账目列表
:return:
"""
template_name = 'bank_account/lists.html'
# 文档信息
document_info = DOCUMENT_INFO.copy()
document_info['TITLE'] = _('bank account lists')
# 搜索条件
form = BankAccountSearchForm(request.form)
form.bank_id.choices = get_bank_choices()
# form.id.choices = get_bank_account_choices()
# app.logger.info('')
search_condition = [
BankAccount.status_delete == STATUS_DEL_NO,
]
if request.method == 'POST':
# 表单校验失败
if not form.validate_on_submit():
flash(_('Search Failure'), 'danger')
# 单独处理csrf_token
if hasattr(form, 'csrf_token') and getattr(form,
'csrf_token').errors:
map(lambda x: flash(x, 'danger'), form.csrf_token.errors)
else:
if form.bank_id.data != DEFAULT_SEARCH_CHOICES_INT_OPTION:
search_condition.append(
BankAccount.bank_id == form.bank_id.data)
if form.type_current.data:
search_condition.append(
BankAccount.type_current == form.type_current.data)
if form.type_account.data:
search_condition.append(
BankAccount.type_account == form.type_account.data)
if form.start_record_date.data:
search_condition.append(
BankAccount.record_date >= form.start_record_date.data)
if form.end_record_date.data:
search_condition.append(
BankAccount.record_date <= form.end_record_date.data)
# 处理导出
if form.op.data == 1:
# 检查导出权限
if not permission_account_section_export.can():
abort(403)
column_names = BankAccount.__table__.columns.keys()
query_sets = get_bank_account_rows(*search_condition)
return excel.make_response_from_query_sets(
query_sets=query_sets,
column_names=column_names,
file_type='csv',
file_name='%s.csv' % _('bank account lists'))
# 批量删除
if form.op.data == 2:
bank_account_ids = request.form.getlist('bank_account_id')
# 检查删除权限
if not (permission_role_administrator.can()
or permission_role_stock_keeper.can()):
ext_msg = _('Permission Denied')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
else:
permitted = True
for bank_account_id in bank_account_ids:
# 检查是否正在使用
# 库存、货架
if count_inventory(
**{
'bank_account_id': bank_account_id,
'status_delete': STATUS_DEL_NO
}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg),
'danger')
permitted = False
break
if count_rack(
**{
'bank_account_id': bank_account_id,
'status_delete': STATUS_DEL_NO
}):
ext_msg = _('Currently In Use')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg),
'danger')
permitted = False
break
if permitted:
result_total = True
for bank_account_id in bank_account_ids:
current_time = datetime.utcnow()
bank_account_data = {
'status_delete': STATUS_DEL_OK,
'delete_time': current_time,
'update_time': current_time,
}
result = edit_bank_account(bank_account_id,
bank_account_data)
result_total = result_total and result
if result_total:
flash(_('Del Success'), 'success')
else:
flash(_('Del Failure'), 'danger')
# 翻页数据
pagination = get_bank_account_pagination(form.page.data, PER_PAGE_BACKEND,
*search_condition)
# 渲染模板
return render_template(template_name,
form=form,
pagination=pagination,
**document_info)
def lists():
"""
敏感产品列表
:return:
"""
template_name = 'production/sensitive/lists.html'
# 文档信息
document_info = DOCUMENT_INFO.copy()
document_info['TITLE'] = _('production sensitive lists')
# 搜索条件
form = ProductionSensitiveSearchForm(request.form)
form.production_brand.choices = get_production_sensitive_brand_choices()
# app.logger.info('')
search_condition = [
ProductionSensitive.status_delete == STATUS_DEL_NO,
]
if request.method == 'POST':
# 表单校验失败
if not form.validate_on_submit():
flash(_('Search Failure'), 'danger')
# 单独处理csrf_token
if hasattr(form, 'csrf_token') and getattr(form,
'csrf_token').errors:
map(lambda x: flash(x, 'danger'), form.csrf_token.errors)
else:
if form.customer_cid.data and form.customer_company_name.data:
search_condition.append(
ProductionSensitive.customer_cid == form.customer_cid.data)
if form.production_brand.data != DEFAULT_SEARCH_CHOICES_STR_OPTION:
search_condition.append(ProductionSensitive.production_brand ==
form.production_brand.data)
if form.production_model.data:
search_condition.append(
ProductionSensitive.production_model.like(
'%%%s%%' % form.production_model.data))
# 处理导出
if form.op.data == 1:
# 检查导出权限
if not permission_production_section_export.can():
abort(403)
column_names = ProductionSensitive.__table__.columns.keys()
query_sets = get_production_sensitive_rows(*search_condition)
return excel.make_response_from_query_sets(
query_sets=query_sets,
column_names=column_names,
file_type='csv',
file_name='%s.csv' % _('production sensitive lists'))
# 批量删除
if form.op.data == 2:
production_sensitive_ids = request.form.getlist(
'production_sensitive_id')
# 检查删除权限
if not permission_role_administrator.can():
ext_msg = _('Permission Denied')
flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger')
else:
result_total = True
for production_sensitive_id in production_sensitive_ids:
current_time = datetime.utcnow()
production_sensitive_data = {
'status_delete': STATUS_DEL_OK,
'delete_time': current_time,
'update_time': current_time,
}
result = edit_production_sensitive(
production_sensitive_id, production_sensitive_data)
result_total = result_total and result
if result_total:
flash(_('Del Success'), 'success')
else:
flash(_('Del Failure'), 'danger')
# 翻页数据
pagination = get_production_sensitive_pagination(form.page.data,
PER_PAGE_BACKEND,
*search_condition)
# 渲染模板
return render_template(template_name,
form=form,
pagination=pagination,
**document_info)
def edit(user_id):
"""
用户编辑
"""
user_info = get_user_row_by_id(user_id)
# 检查资源是否存在
if not user_info:
abort(404)
# 检查资源是否删除
if user_info.status_delete == STATUS_DEL_OK:
abort(410)
template_name = 'user/edit.html'
# 加载编辑表单
form = UserEditForm(request.form)
form.id.data = user_id # id 仅作为编辑重复校验
# 文档信息
document_info = DOCUMENT_INFO.copy()
document_info['TITLE'] = _('user edit')
# 进入编辑页面
if request.method == 'GET':
# 表单赋值
form.id.data = user_info.id
form.name.data = user_info.name
form.salutation.data = user_info.salutation
form.mobile.data = user_info.mobile
form.tel.data = user_info.tel
form.fax.data = user_info.fax
form.email.data = user_info.email
form.role_id.data = user_info.role_id
form.create_time.data = user_info.create_time
form.update_time.data = user_info.update_time
# 渲染页面
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 处理编辑请求
if request.method == 'POST':
# 表单校验失败
if not form.validate_on_submit():
flash(_('Edit Failure'), 'danger')
# flash(form.errors, 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 非系统角色,仅能修改自己的信息
if not permission_role_administrator.can():
if getattr(current_user, 'id') != form.id.data:
flash(_('Permission denied, only the user\'s own information can be modified'), 'danger')
# flash(form.errors, 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 表单校验成功
# 编辑用户基本信息
current_time = datetime.utcnow()
user_data = {
'name': form.name.data,
'salutation': form.salutation.data,
'mobile': form.mobile.data,
'tel': form.tel.data,
'fax': form.fax.data,
'email': form.email.data,
'role_id': form.role_id.data,
'update_time': current_time,
}
result = edit_user(user_id, user_data)
if not result:
# 编辑操作失败
flash(_('Edit Failure'), 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
user_auth_row = get_user_auth_row(user_id=user_id)
if not user_auth_row:
# 编辑操作失败
flash(_('Edit Failure'), 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 编辑用户认证信息
user_auth_data = {
'user_id': user_id,
'type_auth': TYPE_AUTH_ACCOUNT,
'auth_key': form.name.data,
'update_time': current_time,
}
result = edit_user_auth(user_auth_row.id, user_auth_data)
if not result:
# 编辑操作失败
flash(_('Edit Failure'), 'danger')
return render_template(
template_name,
user_id=user_id,
form=form,
**document_info
)
# 编辑操作成功
flash(_('Edit Success'), 'success')
return redirect(request.args.get('next') or url_for('user.lists'))
