def frozen_user(desc):
'''
说明:冻结用户接口
参数:Authorization,dmp_user_id,说明:指定用户标识token,没有dmp_user_id默认指定冻结自己,有dmp_user_id冻结指定id的用户,将confirmed改为false,数据类型:JSON
返回值:成功返回状态码及对应提示信息,数据类型:JSON,数据格式:{'msg':'pass','results':null,'status':xxx}
'''
if request.method == 'POST':
data = request.json
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
try:
# 没有dmp_user_id,默认冻结自己
if data == None:
frozen_user_obj = Users.query.filter(
Users.id == res['id']).first()
else:
dmp_user_id = data.get('dmp_user_id')
frozen_user_obj = Users.query.filter(
Users.id == dmp_user_id).first()
# 超级管理员不可以冻结
if frozen_user_obj.id == 1:
return resp_hanlder(code=4003, msg=RET.alert_code[4003])
frozen_user_obj.confirmed = False
db.session.commit()
return resp_hanlder(code=4004, msg=RET.alert_code[4004])
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def icon(desc):
'''
说明:修改用户头像接口
参数:Authorization,说明:修改指定用户的头像信息,数据类型:JSON
返回值:成功返回状态码、对应提示信息及头像地址,数据类型:JSON,数据格式:{'msg':'pass','results':'http://pass','status':xxx}
'''
if request.method == 'POST':
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
data = request.json
if data == None:
return resp_hanlder(code=999)
icon_obj_str = data.get('bin')
icon_obj_str = icon_obj_str.split(',')[-1]
current_obj = Users.query.filter(Users.id == res['id']).first()
icon_data = base64.b64decode(icon_obj_str)
icon_name = uuid_str() + '.jpg'
save_url = current_app.config.get("SAVE_URL")
origin_icon = current_obj.icon
if origin_icon:
origin_icon_path = os.path.join(save_url, origin_icon)
if os.path.exists(origin_icon_path):
os.remove(origin_icon_path)
new_icon_path = os.path.join(save_url, icon_name)
with open(new_icon_path, 'wb') as new_icon:
new_icon.write(icon_data)
current_obj.icon = current_app.config.get("ICON_URL") + icon_name
current_obj.put()
icon_url = current_obj.icon
return resp_hanlder(code=4001, msg=RET.alert_code[4001], result=icon_url)
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, msg=str(err))
def ugdel(desc):
'''
说明:删除用户组接口
参数:Authorization,dmp_group_id,说明:删除指定
dmp_permission为用户组对应的权限,creator为创建者,若有creator参数则选择,没有creator则默认为当前登录的用户,数据类型:JSON
返回值:成功返回状态码、对应提示信息及添加的用户组信息,数据类型:JSON,数据格式:{'msg':'...','results':{'x':'x'},'status':xxx}
'''
if request.method == 'DELETE':
# 删除用户组
try:
# +
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
dmp_group_id = data.get('dmp_group_id')
del_group_obj = Groups.query.filter(
Groups.id == dmp_group_id).first()
# 没有设置级联删除,手动删除用户组关联的所有用户对象
Users.query.filter(Users.dmp_group_id == dmp_group_id).delete()
db.session.delete(del_group_obj)
db.session.commit()
return resp_hanlder(code=5007, msg=RET.alert_code[5007])
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def register(desc):
'''
说明:用户注册及超级管理员单一添加用户接口
参数:dmp_username,real_name,password,email;说明:客户端请求参数信息,数据类型:JSON
返回值:成功与失败返回对应的状态码及提示信息,数据类型:JSON,数据格式:{'msg':'pass','results':null,'status':xxx}
'''
try:
user_obj = Users.query.filter_by(id=1).first()
# 判断初始状态有没有超级用管理员,没有则不能创建用户,必须要先创建一个超级管理员
ret = UserVerify.judge_superuser(user_obj)
if ret:
return resp_hanlder(code=999, msg=ret)
data = request.json
if data == None:
return resp_hanlder(code=999)
auth_token = data.get('Authorization')
dmp_username = data.get('dmp_username')
real_name = data.get('real_name')
passwd = data.get('password')
email = data.get('email')
user = Users(dmp_username=dmp_username, real_name=real_name, password=passwd,
email=email, leader_dmp_user_id=1)
res_token = PuttingData.get_obj_data(Users, auth_token)
if auth_token != None and isinstance(res_token, dict):
res = PuttingData.root_add_user(
data, res_token, user, dmp_username, real_name)
# 返回字典-管理员单一添加成功
if isinstance(res, dict):
return resp_hanlder(code=0, msg=res)
# 返回元组-管理员/教师单一添加缺少参数
elif isinstance(res, tuple):
return resp_hanlder(code=999, msg=res[1])
# 普通管理员和教师无法添加管理员角色,需要超级管理员添加
elif res == -1:
return resp_hanlder(code=999, msg='无法添加管理员用户组用户,请联系管理员添加.')
elif res == -2:
return resp_hanlder(code=999, msg='无法添加管理员或教师用户组用户,请联系管理员添加.')
# 返回token错误的字符串-注册成功(注册时无token)
db.session.add(user)
db.session.commit()
ValidationEmail().activate_email(user, email)
return resp_hanlder(code=1001, msg=RET.alert_code[1001])
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, msg=str(err))
def update_archive_by_id(id, desc):
"""
修改文件夹信息
---
tags:
- BI
parameters:
- name: id
in: path
type: int
required: true
description: url参数id
- name: dashboard_archive_name
in: path
type: string
required: true
description: 修改之后的文件夹名称
responses:
0:
description: ok
"""
if request.method == 'PUT':
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
dashboard_archive_name = data.get('dashboard_archive_name')
# 字段表单验证
form = ArchiveForm(meta={"csrf": False})
if not form.validate_on_submit():
return resp_hanlder(code=999, err=str(form.errors))
update_dashboard_archive_obj = DashboardArchive.query.filter(
DashboardArchive.id == id).first()
if update_dashboard_archive_obj.created_dmp_user_id == res.get(
'id'):
if dashboard_archive_name and update_dashboard_archive_obj:
update_dashboard_archive_obj.dashboard_archive_name = dashboard_archive_name
update_dashboard_archive_obj.changed_dmp_user_id = res.get(
'id')
db.session.commit()
return resp_hanlder(code=0,
msg='看板文件夹信息修改成功.',
result=update_dashboard_archive_obj.
dashboard_archive_to_dict())
else:
return resp_hanlder(code=999, msg='请正确输入修改文件夹信息.')
else:
return resp_hanlder(code=301, msg='没有权限修改其他看板文件夹信息.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def get_secret_key(desc):
"""
获取个人密钥
---
tags:
- Bi
parameters:
- name: expires
in: path
type: int
required: true
description: 到期时间
responses:
0:
description: ok
"""
import datetime
import jwt
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
payload = {
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=0, seconds=60*60*24),
'iat': datetime.datetime.utcnow(),
'user_id': res.get('id')
}
jwt_token_bytes = jwt.encode(
payload,
current_app.config.get('SECRET_KEY'),
algorithm='HS256'
)
return resp_hanlder(code=0, msg='个人密钥获取成功.',
result={'self_token': jwt_token_bytes.decode('utf-8')})
else:
expires = data.get('expires')
expires = int(expires)
payload = {
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=0, seconds=expires),
'iat': datetime.datetime.utcnow(),
'user_id': res.get('id')
}
jwt_token_bytes = jwt.encode(
payload,
current_app.config.get('SECRET_KEY'),
algorithm='HS256'
)
return resp_hanlder(code=0, msg='个人密钥获取成功.',
result={'self_token': jwt_token_bytes.decode('utf-8')})
except Exception as err:
return resp_hanlder(code=999, err=str(err))
def permission_init(cls, auth_token):
# 当前角色对应的权限列表
user_permissions_list = []
res = PuttingData.get_obj_data(Users, auth_token)
user_group_obj = Groups.query.filter(
Groups.id == res.get('dmp_group_id')).first()
user_permissions_obj_list = user_group_obj.permissions
for p in user_permissions_obj_list:
d = {}
d['route'] = p.route
user_permissions_list.append(d)
return user_permissions_list
def post_group(desc):
'''
说明:添加编辑用户组接口
参数:Authorization,dmp_group_id,dmp_group_name,creator,dmp_permission
说明:用户标识信息token,dmp_group_name为用户组名,dmp_group_id为编辑的用户组id,dmp_permission为用户组对应的权限(列表),
creator为创建者,若有creator参数则选择,没有creator则默认为当前登录的用户,数据类型:JSON
返回值:成功返回状态码、对应提示信息及添加的用户组信息,数据类型:JSON,数据格式:{'msg':'...','results':{'x':'x'},'status':xxx}
'''
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
data = request.json
dmp_group_id = data.get('dmp_group_id')
dmp_group_name = data.get('dmp_group_name')
creator = data.get('creator')
dmp_permission_str = data.get('dmp_permission')
dmp_permission_list = [int(p) for p in dmp_permission_str]
# 添加用户组信息
if request.method == 'POST' and dmp_group_id == None:
try:
group_obj = Groups(dmp_group_name=dmp_group_name)
db.session.add(group_obj)
db.session.commit()
ret_data = EnvelopedData.post_edit(res, group_obj, creator,
dmp_permission_list,
dmp_group_name)
return resp_hanlder(code=5005,
msg=RET.alert_code[5005],
result=ret_data)
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, msg=str(err))
# 编辑用户组信息
elif request.method == 'PUT' and dmp_group_id != None:
try:
edit_group_obj = Groups.query.filter(
Groups.id == dmp_group_id).first()
edit_group_obj.dmp_group_name = dmp_group_name
ret_data = EnvelopedData.post_edit(res, edit_group_obj, creator,
dmp_permission_list,
dmp_group_name)
return resp_hanlder(code=5004,
msg=RET.alert_code[5004],
result=ret_data)
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, msg=str(err))
return resp_hanlder(code=999)
def delete_charts_by_id(id, desc):
"""
删除图表
---
tags:
- BI
parameters:
- name: id
in: path
type: int
required: true
description: url参数id
responses:
0:
description: ok
"""
try:
auth_token = request.headers.get('Authorization')
data = request.json
if data == None:
return resp_hanlder(code=999)
dmp_dashboard_id = data.get('dmp_dashboard_id')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
d_chart_obj = Chart.query.filter(Chart.id == id).first()
# 1. 判断该表所属的看板是否存在
chart_belong_dashboard_obj = Dashboard.query.filter(
Dashboard.id == dmp_dashboard_id).first()
if chart_belong_dashboard_obj == None:
return resp_hanlder(code=999, msg='当前看板已被删除')
# 2. 看板存在,表不存在
if chart_belong_dashboard_obj != None and d_chart_obj == None:
return resp_hanlder(code=999, msg='当前图表已被删除')
if Chart.exist_item_by_id(id):
del_chart_obj = Chart.get(id)
if del_chart_obj.created_dmp_user_id == res.get('id') or res.get(
'id') == 1:
del_chart_obj.delete()
return resp_hanlder(code=0, msg='图表删除成功.')
else:
return resp_hanlder(code=999, msg='没有权限删除图表,请联系超级管理员.')
else:
return resp_hanlder(code=999, msg='图表ID错误或对象不存在,请重新确认.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def get_charts_by_dashboard_id(dashboard_id, desc):
"""
获取图表信息
---
tags:
- BI
parameters:
- name: dashboard_id
in: path
type: int
required: true
description: url参数id(看板ID)
responses:
0:
description: ok
"""
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
get_chart_obj = Chart.query.filter(
Chart.dmp_dashboard_id == dashboard_id).first()
if get_chart_obj:
change_chart_obj = Chart.query.filter(
Chart.dmp_dashboard_id == dashboard_id).all()
change_chart_obj_dict_list = [
c.chart_to_dict() for c in change_chart_obj
]
for d in change_chart_obj_dict_list:
data_table_obj = DataTable.query.filter(
DataTable.id == d.get('dmp_data_table_id')).first()
if d.get('dmp_data_table_id'
) != None and data_table_obj != None:
table_case_id = data_table_obj.dmp_case_id
d['dmp_case_id'] = table_case_id
else:
d['dmp_data_table_id'] = None
d['dmp_case_id'] = None
return resp_hanlder(code=0,
msg='获取图表信息成功.',
result=change_chart_obj_dict_list)
return resp_hanlder(code=999, msg='看板ID获取失败.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def rbac_middleware():
url_rule = str(request.path)
print('url_rule:', url_rule)
# 白名单
for i in Config.WHITE_LIST:
if re.match(i, url_rule):
return
# 登录状态的校验
# 验证有没有token,有继续执行,没有报错
try:
auth_token = request.headers['Authorization']
except Exception as err:
return resp_hanlder(code=201, err=err)
# 有token,验证其有效性
if auth_token:
res = UserVerify.verify_token(auth_token)
if res == True:
pass
# token失效或token验证失败,重新登陆
else:
return resp_hanlder(code=201, msg=res)
# 免认证的校验
for i in Config.NO_PERMISSION_LIST:
if re.match(i, url_rule):
return
# 管理员拥有所有权限
try:
res = PuttingData.get_obj_data(Users, auth_token)
if isinstance(res, dict):
if res.get('dmp_group_id') == 1:
return
else:
return resp_hanlder(code=999, msg=res)
except Exception as err:
return resp_hanlder(code=999, err=err)
# 权限校验
permissions = INIT_PERMISSION.permission_init(auth_token)
for i in permissions:
if re.match(r'^{}$'.format(i['route']), url_rule):
return
print('The user does not have access rights')
return resp_hanlder(code=301)
def all(desc):
if request.method == 'GET':
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
# 获取当前所有权限信息
permissions_all = Permissions.query.all()
permissions_list = []
for per_permission_obj in permissions_all:
permissions_list.append(per_permission_obj)
res_permission_list = [
p.permission_to_dict() for p in permissions_list
]
return resp_hanlder(code=6001,
msg=RET.alert_code[6001],
result=res_permission_list)
except Exception as err:
resp_hanlder(code=999, msg=str(err))
def activate(desc):
'''
说明:用户邮箱激活接口
参数:Authorization,说明:邮件生成的客户端标识,通过json传入,数据类型:JSON
返回值:成功返回状态码及对应提示信息,数据类型:JSON,数据格式:{'msg':'pass','results':null,'status':xxx}
'''
try:
# 激活邮箱--注册时激活、token失效或者忘记导致未激活
token = request.json.get('authorization')
res = PuttingData.get_obj_data(Users, token)
# 校验token的有效期及正确性
if isinstance(res, dict):
if res.get('confirmed') == True:
return resp_hanlder(code=999, msg=RET.alert_code[1014])
# 已激活,confirmed为True
if Users.check_activate_token(res) == True:
return resp_hanlder(code=1009, msg=RET.alert_code[1009])
else:
return resp_hanlder(code=2002, msg=RET.alert_code[2002])
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def udel(desc):
'''
说明:删除用户接口
参数:Authorization,dmp_user_id,说明:指定用户标识token,超级管理员无法删除,根据dmp_user_id删除指定的用户信息,数据类型:JSON
返回值:成功返回状态码及对应提示信息,数据类型:JSON,数据格式:{'msg':'pass','results':null,'status':xxx}
'''
if request.method == 'DELETE':
try:
# +
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
dmp_user_id = data.get('dmp_user_id')
del_user_obj = Users.query.filter(Users.id == dmp_user_id).first()
# 超级管理员无法删除
if del_user_obj.id == 1:
return resp_hanlder(code=4005, msg=RET.alert_code[4005])
else:
# 逻辑删除,并改变用户名(加了时间戳)
del_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
del_time = del_time.split(
' ')[0] + "-" + del_time.split(' ')[1]
if '[' and ']' not in del_user_obj.dmp_username:
del_user_obj.is_deleted = True
del_user_obj.dmp_username = del_user_obj.dmp_username + \
'[DELETED ON:' + del_time + ']'
del_user_obj.email = del_user_obj.email + \
'[DELETED ON:' + del_time + ']'
db.session.commit()
else:
dn = del_user_obj.dmp_username.split('[')[0]
del_user_obj.dmp_username = dn + '[' + del_time + ']'
db.session.commit()
return resp_hanlder(code=4006, msg=RET.alert_code[4006])
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def delete_archive_by_id(id, desc):
"""
删除文件夹
---
tags:
- BI
parameters:
- name: id
in: path
type: int
required: true
description: url参数id
responses:
0:
description: ok
"""
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
del_archive_obj = DashboardArchive.query.filter(
DashboardArchive.id == id).first()
if del_archive_obj == None:
return resp_hanlder(code=999, msg='当前看板文件夹已被删除')
if del_archive_obj.created_dmp_user_id == res.get('id') or res.get(
'id') == 1:
if del_archive_obj and id:
del_archive_obj.delete()
return resp_hanlder(code=0, msg='看板文件夹删除成功.')
else:
return resp_hanlder(code=999, msg='看板文件夹ID错误或对象不存在,请重新确认.')
else:
return resp_hanlder(code=999, msg='没有权限删除看板文件夹,请联系超级管理员.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def add_dashboard(desc):
"""
创建看板
---
tags:
- BI
parameters:
- name: dmp_dashboard_name
in: path
type: string
required: true
description: 看板名称
- name: upper_dmp_dashboard_archive_id
in: path
type: int
required: false
description: 父文件夹ID
- name: charts_position
in: path
type: string
required: false
description: 图表布局信息
responses:
0:
description: ok
"""
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
dmp_dashboard_name = data.get('dmp_dashboard_name')
charts_position = data.get('charts_position')
upper_dmp_dashboard_archive_id = data.get(
'upper_dmp_dashboard_archive_id')
form = DashboardForm(meta={"csrf": False})
if not form.validate_on_submit():
return resp_hanlder(code=999, err=str(form.errors))
# 不允许用户A在用户B创建的文件夹下新建看板
dashboard_archive_obj = DashboardArchive.query.filter(
DashboardArchive.id == upper_dmp_dashboard_archive_id).first()
# 登录用户的id与文件夹创建者的id不相同 不能创建(排除created_dmp_user_id=None的情况,等于None可以创建)
if dashboard_archive_obj != None:
if res.get('id') != dashboard_archive_obj.created_dmp_user_id \
and upper_dmp_dashboard_archive_id != None:
return resp_hanlder(code=999, msg='无法在其他用户文件夹下创建看板')
else:
if dmp_dashboard_name:
dashboard_obj = Dashboard(
dmp_dashboard_name=dmp_dashboard_name,
upper_dmp_dashboard_archive_id=
upper_dmp_dashboard_archive_id,
charts_position=charts_position,
release=0,
created_dmp_user_id=res.get('id'),
changed_dmp_user_id=res.get('id'))
db.session.add(dashboard_obj)
db.session.commit()
return resp_hanlder(
code=0,
msg='数据看板创建成功.',
result=dashboard_obj.dashboard_to_dict())
else:
return resp_hanlder(code=999,
msg='请确认新创建的看板名称是否存在并确认其是否正确.')
else:
if dmp_dashboard_name:
dashboard_obj = Dashboard(
dmp_dashboard_name=dmp_dashboard_name,
upper_dmp_dashboard_archive_id=
upper_dmp_dashboard_archive_id,
charts_position=charts_position,
release=0,
created_dmp_user_id=res.get('id'),
changed_dmp_user_id=res.get('id'))
db.session.add(dashboard_obj)
db.session.commit()
return resp_hanlder(code=0,
msg='数据看板创建成功.',
result=dashboard_obj.dashboard_to_dict())
else:
return resp_hanlder(code=999, msg='请确认新创建的看板名称是否存在并确认其是否正确.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def info(desc):
'''
说明:获取用户资料接口
参数:Authorization,dmp_user_id,说明:没有dmp_user_id默认返回当前用户信息,有dmp_user_id返回指定id的用户信息,数据类型:JSON
返回值:成功返回状态码、对应提示信息及用户资料信息,数据类型:JSON,数据格式:{'msg':'pass','results':{'x':'x'},'status':xxx}
'''
if request.method == 'GET':
# 默认返回当前用户信息,若传dmp_user_id参数,则返回指定id的用户信息
# 返回json中包含当前用户的权限信息
try:
data = request.json
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
# 没有dmp_user_id:表示当前用户信息
if data == None:
# 当前用户
current_obj = Users.query.filter(Users.id == res['id']).first()
dmp_group_name = Groups.query.filter(
Groups.id == res['dmp_group_id']).first().dmp_group_name
# 当前用户所对应的用户组
u_group = current_obj.groups
ret = EnvelopedData.info_s2_data(u_group, res, dmp_group_name)
# 教师及管理员登录时,则展示所有管理员及教师--直属管理者,以及展示属于is_show=1或者is_show=2的用户组用户
user_obj_list = Users.query.filter(
Users.is_deleted == 0,
or_((Users.dmp_group_id == 1), (Users.dmp_group_id == 2))).all()
# 判断属于新添加用户组的用户,如果他们的用户组的is_show=1或者is_show=2,则append进入
add_user_list = Users.query.filter(
Users.is_deleted == 0,
Users.dmp_group_id != 1,
Users.dmp_group_id != 2,
Users.dmp_group_id != 3).all()
user_dict = EnvelopedData.build_data_structures_ulist(
add_user_list)
show_class_root_teacher_list = []
for k, v in user_dict.items():
is_show = EnvelopedData.estimate_classify(v)
if is_show == 1 or is_show == 2:
add_show_user_obj = Users.query.filter(
Users.id == k).first()
show_class_root_teacher_list.append(add_show_user_obj)
user_obj_list = user_obj_list + show_class_root_teacher_list
new_res = EnvelopedData.info_s1_data(user_obj_list, ret)
return resp_hanlder(code=3002, msg=RET.alert_code[3002], result=new_res)
dmp_user_id = data.get('dmp_user_id')
get_user_info_obj = Users.query.filter(
Users.id == dmp_user_id).first()
get_user_info_dict = get_user_info_obj.user_to_dict()
u_group = get_user_info_obj.groups
dmp_group_name = Groups.query.filter(
Groups.id == get_user_info_dict['dmp_group_id']).first().dmp_group_name
ret = EnvelopedData.info_s2_data(
u_group, get_user_info_dict, dmp_group_name)
# 展示所有管理员及教师
user_obj_list = Users.query.filter(
Users.is_deleted == 0,
or_((Users.dmp_group_id == 1), (Users.dmp_group_id == 2))).all()
# 判断属于新添加用户组的用户,如果他们的用户组的is_show=1或者is_show=2,则append进入
add_user_list = Users.query.filter(
Users.is_deleted == 0,
Users.dmp_group_id != 1,
Users.dmp_group_id != 2,
Users.dmp_group_id != 3).all()
user_dict = EnvelopedData.build_data_structures_ulist(
add_user_list)
show_class_root_teacher_list = []
for k, v in user_dict.items():
is_show = EnvelopedData.estimate_classify(v)
if is_show == 1 or is_show == 2:
add_show_user_obj = Users.query.filter(
Users.id == k).first()
show_class_root_teacher_list.append(add_show_user_obj)
user_obj_list = user_obj_list + show_class_root_teacher_list
new_ret = EnvelopedData.info_s1_data(user_obj_list, ret)
return resp_hanlder(code=3003, msg=RET.alert_code[3003], result=new_ret)
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def changeprofile(desc):
'''
说明:修改用户资料接口
参数:Authorization,dmp_user_id,password,email,confirmed,dmp_group_id,leader_dmp_user_id,
说明:指定用户标识token,没有dmp_user_id默认修改当前用户信息,有dmp_user_id修改指定id的用户信息,email为用户邮箱,
confirmed为用户状态是否激活,dmp_group_id为用户所属组,leader_dmp_user_id为用户所属直属领导者,数据类型:JSON
返回值:成功返回状态码、对应提示信息及修改后的用户资料信息,数据类型:JSON,数据格式:{'msg':'pass','results':{'x':'x'},'status':xxx}
'''
if request.method == 'PUT':
# + try
try:
# 修改信息-不允许修改权限信息(与用户组关联),展示的时候默认阴影,不能勾选;要是想修改权限,只能修改用户组权限
data = request.json
if data == None:
return resp_hanlder(code=999)
dmp_user_id = data.get('dmp_user_id')
passwd = data.get('password')
email = data.get('email')
confirmed = data.get('confirmed')
dmp_group_id = data.get('dmp_group_id')
leader_dmp_user_id = data.get('leader_dmp_user_id')
dmp_username = data.get('dmp_username')
real_name = data.get('real_name')
dmp_user_info = data.get('dmp_user_info')
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
current_obj = Users.query.filter(Users.id == res['id']).first()
if not dmp_user_id:
# 管理员、教师、学生--只修改dmp_username、real_name、password和email四个字段信息
# 修改邮箱时,发送邮件进行验证
if confirmed == None and dmp_group_id == None and leader_dmp_user_id == None:
# 单独修改用户简介的信息
if dmp_user_info != None and not dmp_username and not real_name and not passwd and not email:
current_obj.dmp_user_info = dmp_user_info
db.session.commit()
return resp_hanlder(code=1015, msg=RET.alert_code[1015])
# 单独修改密码的信息
elif passwd and not dmp_username and not real_name and not email and not dmp_user_info:
current_obj.password = passwd
db.session.commit()
return resp_hanlder(code=1015, msg=RET.alert_code[1015])
# 获取当前登录用户信息(同时修改4个参数信息-新邮箱需要重新发送邮箱校验),并进行修改--root、teacher、student都可
else:
ret = EnvelopedData.edit_private_info(
current_obj, email, passwd, dmp_username, real_name)
if isinstance(ret, str):
return resp_hanlder(code=0, msg=ret)
else:
return resp_hanlder(code=999, msg=ret[1])
EnvelopedData.changeprofile(current_obj, email, passwd, dmp_group_id,
confirmed, leader_dmp_user_id, dmp_username, real_name)
# 构建返回数据:包括用户对应的用户组及用户组权限
select_group_obj = Groups.query.filter(
Groups.id == dmp_group_id).first()
ret_obj = Users.query.filter(Users.id == res['id']).first()
ret_obj_dict = ret_obj.user_to_dict()
ret_obj_dict = EnvelopedData.p_changeprofile(
select_group_obj, ret_obj_dict)
return resp_hanlder(code=3004, msg=RET.alert_code[3004], result=ret_obj_dict)
choose_user_obj = Users.query.filter(
Users.id == dmp_user_id).first()
choose_user_obj_dict = choose_user_obj.user_to_dict()
# ori_dmp_group_id = choose_user_obj_dict.get('dmp_group_id')
EnvelopedData.changeprofile(choose_user_obj, email, passwd, dmp_group_id,
confirmed, leader_dmp_user_id, dmp_username, real_name)
select_group_obj = Groups.query.filter(
Groups.id == dmp_group_id).first()
choose_user_obj_dict = EnvelopedData.p_changeprofile(
select_group_obj, choose_user_obj_dict)
return resp_hanlder(code=3006, msg=RET.alert_code[3006], result=choose_user_obj_dict)
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, msg=str(err))
def update_charts_by_id(id, desc):
"""
修改图表
---
tags:
- BI
parameters:
- name: chart_name
in: path
type: string
required: true
description: 图表名称
- name: dmp_data_table_id
in: path
type: int
required: false
description: 数据源表ID
- name: query_string
in: path
type: string
required: false
description: 查询语句
- name: chart_data
in: path
type: string
required: false
description: 图表数据
- name: chart_type
in: path
type: int
required: true
description: 图表类型代码,柱状图1,折线图2,饼图3,地图4,雷达图5
- name: chart_params
in: path
type: string
required: false
description: 图表参数
- name: description
in: path
type: string
required: false
description: 图表简介
- name: charts_position
in: path
type: string
required: true
description: 图表布局信息
- name: dmp_dashboard_id
in: path
type: id
required: int
description: 数据看板ID
responses:
0:
description: ok
"""
if request.method == 'PUT':
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
chart_name = data.get('chart_name')
dmp_data_table_id = data.get('dmp_data_table_id')
query_string = data.get('query_string')
chart_data = data.get('chart_data')
chart_type = data.get('chart_type')
chart_params = data.get('chart_params')
description = data.get('description')
charts_position = data.get('charts_position')
dmp_dashboard_id = data.get('dmp_dashboard_id')
form = ChartForm(meta={"csrf": False})
if not form.validate_on_submit():
return resp_hanlder(code=999, err=str(form.errors))
chart_obj = Chart.query.filter(Chart.id == id).first()
# 1. 判断该表所属的看板是否存在
chart_belong_dashboard_obj = Dashboard.query.filter(
Dashboard.id == dmp_dashboard_id).first()
if chart_belong_dashboard_obj == None:
return resp_hanlder(code=999, msg='当前看板已被删除')
# 2. 看板存在,表不存在
if chart_belong_dashboard_obj != None and chart_obj == None:
return resp_hanlder(code=999, msg='当前图表已被删除')
# 3. 已发布看板不能修改图表信息
if chart_belong_dashboard_obj.release == 1:
return resp_hanlder(code=999, msg='当前看板已被发布')
# 图表信息只能自己修改,其他人无权修改
if chart_obj.created_dmp_user_id == res.get('id'):
if chart_name and chart_type and dmp_dashboard_id \
and charts_position and chart_obj:
chart_obj.chart_name = chart_name
chart_obj.chart_type = chart_type
chart_obj.charts_position = charts_position
chart_obj.dmp_dashboard_id = dmp_dashboard_id
if dmp_data_table_id != None:
chart_obj.dmp_data_table_id = dmp_data_table_id
if query_string != None:
chart_obj.query_string = query_string
if chart_data != None:
chart_obj.chart_data = chart_data
if chart_params != None:
chart_obj.chart_params = chart_params
if description != None:
chart_obj.description = description
chart_obj.changed_dmp_user_id = res.get('id')
db.session.commit()
return resp_hanlder(code=0,
msg='图表信息修改成功.',
result=chart_obj.chart_to_dict())
else:
return resp_hanlder(code=999, msg='请正确输入修改图表所必要的参数信息.')
else:
return resp_hanlder(code=301, msg='没有权限修改其他图表信息.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def add_chart(desc):
"""
添加图表接口
---
tags:
- BI
parameters:
- name: chart_name
in: path
type: string
required: true
description: 图表名称
- name: dmp_data_table_id
in: path
type: int
required: false
description: 数据源表ID
- name: query_string
in: path
type: string
required: false
description: 查询语句
- name: chart_data
in: path
type: string
required: false
description: 图表数据
- name: chart_type
in: path
type: int
required: true
description: 图表类型代码,柱状图1,折线图2,饼图3,地图4,雷达图5
- name: chart_params
in: path
type: string
required: false
description: 图表参数
- name: description
in: path
type: string
required: false
description: 图表简介
- name: charts_position
in: path
type: string
required: true
description: 图表布局数据
- name: dmp_dashboard_id
in: path
type: id
required: int
description: 数据看板ID
responses:
0:
description: ok
"""
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
chart_name = data.get('chart_name')
dmp_data_table_id = data.get('dmp_data_table_id')
query_string = data.get('query_string')
chart_data = data.get('chart_data')
chart_type = data.get('chart_type')
chart_params = data.get('chart_params')
description = data.get('description')
charts_position = data.get('charts_position')
dmp_dashboard_id = data.get('dmp_dashboard_id')
# 字段表单验证
form = ChartForm(meta={"csrf": False})
if not form.validate_on_submit():
return resp_hanlder(code=999, msg=str(form.errors))
chart_belong_dashboard_obj = Dashboard.query.filter(
Dashboard.id == dmp_dashboard_id).first()
if chart_belong_dashboard_obj == None:
return resp_hanlder(code=999, msg='当前看板已被删除')
if chart_belong_dashboard_obj.release == 1:
return resp_hanlder(code=999, msg='当前看板已被发布')
if chart_name and chart_type and dmp_dashboard_id and charts_position:
chart_obj = Chart(chart_name=chart_name,
dmp_data_table_id=dmp_data_table_id,
query_string=query_string,
chart_data=chart_data,
chart_type=chart_type,
params=chart_params,
description=description,
charts_position=charts_position,
dmp_dashboard_id=dmp_dashboard_id,
created_dmp_user_id=res.get('id'),
changed_dmp_user_id=res.get('id'))
db.session.add(chart_obj)
db.session.commit()
return resp_hanlder(code=0,
msg='图表添加成功.',
result=chart_obj.chart_to_dict())
else:
return resp_hanlder(code=999, msg='缺少必要参数,并确定其参数是否正确.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, msg=str(err), err=str(err))
def belong(desc):
if request.method == 'GET':
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
# 判断当前登录用户的is_show的值,如果is_show=2,则都显示,如果is_show=1,则属于教师组分类,则显示教师组以下的用户组,is_show=3,学生无法进入changeprofile接口
# 超级管理员可以获取所有用户组信息,并选择添加
if res.get('id') == 1:
groups_all = Groups.query.all()
res_group_list = EnvelopedData.return_group_list(groups_all)
return resp_hanlder(code=5001,
msg=RET.alert_code[5001],
result=res_group_list)
# 普通管理员---is_show=1,展示除了管理员用户组的所有用户组,在判断新添加的用户组所属类别
if res.get('id') != 1 and res.get('dmp_group_id') == 1:
except_admin_groups_list = Groups.query.filter(
Groups.id != 1).all() # 教师、学生及新添加
add_groups_list = Groups.query.filter(Groups.id != 1,
Groups.id != 2,
Groups.id != 3).all()
# 表示有新添加的用户组,需要判断is_show的值并返回
if len(add_groups_list) != None:
ag_dict = EnvelopedData.build_data_structures(
add_groups_list)
for k, v in ag_dict.items():
is_show = EnvelopedData.estimate_classify(v)
# 除了管理员类别的新添加用户组
# is_show = 1,则表示为管理员类别组,不显示,移除
if is_show == 1:
except_admin_groups_list.remove(
Groups.query.filter(Groups.id == k).first())
continue
else:
# 不进行操作
continue
res_group_list = EnvelopedData.return_group_list(
except_admin_groups_list)
return resp_hanlder(
code=5001,
msg='Display all user group information successfully.',
result=res_group_list)
else:
res_group_list = EnvelopedData.return_group_list(
except_admin_groups_list)
return resp_hanlder(
code=5001,
msg='Display all user group information successfully.',
result=res_group_list)
# 教师展示可分配用户组--展示教师用户组以下级别的用户组(student),以及新添加的用户组is_show=0
if res.get('dmp_group_id') == 2:
except_teacher_groups_list = Groups.query.filter(
Groups.id != 1, Groups.id != 2).all() # 排除管理员、教师的用户组列表
# 新添加的用户组,需要筛选is_show=0的用户组作为显示
add_groups_list = Groups.query.filter(Groups.id != 1,
Groups.id != 2,
Groups.id != 3).all()
if len(add_groups_list) != None:
ag_dict = EnvelopedData.build_data_structures(
add_groups_list)
for k, v in ag_dict.items():
is_show = EnvelopedData.estimate_classify(v)
# 除了管理员类别的新添加用户组
# is_show = 1 或者 is_show = 2,则表示为管理员类别组或者教师类别组,不显示,移除
if is_show == 1 or is_show == 2:
except_teacher_groups_list.remove(
Groups.query.filter(Groups.id == k).first())
continue
else:
# 不进行操作
continue
res_group_list = EnvelopedData.return_group_list(
except_teacher_groups_list)
return resp_hanlder(
code=5001,
msg='Display all user group information successfully.',
result=res_group_list)
else:
# 没有新添加的用户组,默认仅展示学生用户组
res_group_list = EnvelopedData.return_group_list(
except_teacher_groups_list)
return resp_hanlder(
code=5001,
msg='Display all user group information successfully.',
result=res_group_list)
# 属于新添加用户组的用户登录--判断新添加的用户组的is_show的值,如果is_show=2--普通管理员,如果is_show=1--教师,如果is_show=3--学生,不考虑
if res.get('dmp_group_id') != 1 and res.get(
'dmp_group_id') != 2 and res.get('dmp_group_id') != 3:
add_group_obj = Groups.query.filter(
Groups.id == res.get('dmp_group_id')).first()
add_group_obj_list = []
add_group_obj_list.append(add_group_obj)
ag_dict = EnvelopedData.build_data_structures(
add_group_obj_list)
for k, v in ag_dict.items():
is_show = EnvelopedData.estimate_classify(v)
# is_show = 1 ---相当于管理员类,显示除了管理员组,级别以下的所有用户组
if is_show == 1:
# 重新判断新添加用户组的is_show,并判断是否展示
except_admin_groups_list = Groups.query.filter(
Groups.id != 1).all() # 教师、学生及新添加
add_groups_list = Groups.query.filter(
Groups.id != 1, Groups.id != 2,
Groups.id != 3).all()
child_ag_dict = EnvelopedData.build_data_structures(
add_groups_list)
for k, v in child_ag_dict.items():
child_is_show = EnvelopedData.estimate_classify(v)
# 如果新添加用户组的is_show=1---相当于管理员类,则不显示,删除
if child_is_show == 1:
except_admin_groups_list.remove(
Groups.query.filter(
Groups.id == k).first())
continue
else:
# 不进行操作
continue
res_group_list = EnvelopedData.return_group_list(
except_admin_groups_list)
return resp_hanlder(
code=5001,
msg=
'Display all user group information successfully.',
result=res_group_list)
if is_show == 2:
except_teacher_groups_list = Groups.query.filter(
Groups.id != 1,
Groups.id != 2).all() # 排除管理员、教师的用户组列表
add_groups_list = Groups.query.filter(
Groups.id != 1, Groups.id != 2,
Groups.id != 3).all()
child_ag_dict = EnvelopedData.build_data_structures(
add_groups_list)
for k, v in child_ag_dict.items():
child_is_show = EnvelopedData.estimate_classify(v)
# 如果新添加用户组的is_show=1 或者 is_show=2---相当于管理员类或者教师组类,则不显示,删除
if child_is_show == 1 or child_is_show == 2:
except_teacher_groups_list.remove(
Groups.query.filter(
Groups.id == k).first())
continue
else:
# 不进行操作
continue
res_group_list = EnvelopedData.return_group_list(
except_teacher_groups_list)
return resp_hanlder(
code=5001,
msg=
'Display all user group information successfully.',
result=res_group_list)
else:
return resp_hanlder(
code=999,
msg=
'The permissions of the user group are displayed incorrectly. '
'Please contact the administrator to check.')
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def info(desc):
'''
说明:获取用户组信息接口
参数:Authorization,说明:用户标识信息token,管理员具有的权限,数据类型:String
返回值:成功返回状态码、对应提示信息及所有用户组信息,数据类型:JSON,数据格式:{'msg':'...','results':[{'x':'x'},...],'status':xxx}
'''
if request.method == 'GET':
try:
# +
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
# 超级管理员可以获取所有用户组信息及用户组对应的权限,并选择添加
if res.get('id') == 1:
groups_all = Groups.query.all()
res_group_list = EnvelopedData.return_group_list(
groups_all)
return resp_hanlder(code=5001,
msg=RET.alert_code[5001],
result=res_group_list)
# 普通管理员--获取低于此用户组的所有用户组信息,包括新添加的用户组的is_show=2 / is_show=3
# 或者新添加的用户组属于管理员用户组分类,和普通管理员显示的用户组信息一样
# 凡是可以进入此接口的必然是 超级管理员和普通管理员或者是属于管理员分类的用户组
# 默认普通管理员
if res.get('id') != 1:
except_admin_groups_list = Groups.query.filter(
Groups.id != 1).all() # 教师、学生及新添加
add_groups_list = Groups.query.filter(
Groups.id != 1, Groups.id != 2, Groups.id != 3).all()
# 表示有新添加的用户组,需要判断is_show的值并返回
if len(add_groups_list) != None:
ag_dict = EnvelopedData.build_data_structures(
add_groups_list)
for k, v in ag_dict.items():
is_show = EnvelopedData.estimate_classify(v)
# 除了管理员类别的新添加用户组
# is_show = 1,则表示为管理员类别组,不显示,移除
if is_show == 1:
except_admin_groups_list.remove(
Groups.query.filter(
Groups.id == k).first())
continue
else:
# 不进行操作
continue
res_group_list = EnvelopedData.return_group_list(
except_admin_groups_list)
return resp_hanlder(code=5001,
msg=RET.alert_code[5001],
result=res_group_list)
else:
res_group_list = EnvelopedData.return_group_list(
except_admin_groups_list)
return resp_hanlder(code=5001,
msg=RET.alert_code[5001],
result=res_group_list)
else:
dmp_group_id = data.get('dmp_group_id')
current_group_obj = Groups.query.filter(
Groups.id == dmp_group_id).first()
current_group_permission_list = current_group_obj.permissions
current_group_obj_dict = EnvelopedData.grouplist(
current_group_permission_list, current_group_obj)
return resp_hanlder(code=5002,
msg=RET.alert_code[5002],
result=current_group_obj_dict)
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
def update_dashboard_by_id(id, desc):
"""
修改看板
---
tags:
- BI
parameters:
- name: id
in: path
type: int
required: true
description: url参数id
- name: dmp_dashboard_name
in: path
type: string
required: false
description: 看板名称
- name: description
in: path
type: string
required: false
description: 简介
- name: upper_dmp_dashboard_archive_id
in: path
type: int
required: false
description: 父文件夹ID
- name: charts_position
in: path
type: string
required: false
description: 图表布局信息
- name: release
in: path
type: int
required: false
description: 发布状态
responses:
0:
description: ok
"""
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
dmp_dashboard_name = data.get('dmp_dashboard_name')
description = data.get('description')
charts_position = data.get('charts_position')
release = data.get('release')
upper_dmp_dashboard_archive_id = data.get(
'upper_dmp_dashboard_archive_id')
form = DashboardForm(meta={"csrf": False})
if not form.validate_on_submit():
return resp_hanlder(code=999, err=str(form.errors))
dashboard_obj = Dashboard.query.filter(Dashboard.id == id).first()
if dashboard_obj == None:
return resp_hanlder(code=999, msg='当前看板已被删除')
# 已发布的看板不能修改看板信息
if release:
pass
else:
if dashboard_obj.release == 1:
return resp_hanlder(code=999, msg='当前看板已被发布')
else:
pass
# 看板只有自己和超级管理员能修改,别人无权利修改
if dashboard_obj.created_dmp_user_id == res.get('id') or res.get(
'id') == 1:
# if dmp_dashboard_name and id:
if dmp_dashboard_name != None:
dashboard_obj.dmp_dashboard_name = dmp_dashboard_name
if description != None:
dashboard_obj.description = description
if charts_position != None:
dashboard_obj.charts_position = charts_position
if release != None:
dashboard_obj.release = release
if upper_dmp_dashboard_archive_id != None:
dashboard_obj.upper_dmp_dashboard_archive_id = upper_dmp_dashboard_archive_id
dashboard_obj.changed_dmp_user_id = res.get('id')
# db.session.commit()
dashboard_obj.save()
return resp_hanlder(code=0,
msg='看板数据修改成功.',
result=dashboard_obj.dashboard_to_dict())
else:
return resp_hanlder(code=301, msg='没有权限修改其他看板信息.')
except Exception as err:
db.session.rollback()
return resp_hanlder(code=999, err=str(err))
def add_archive(desc):
"""
创建文件夹
---
tags:
- BI
parameters:
- name: dashboard_archive_name
in: path
type: string
required: true
description: 文件夹名称
- name: upper_dmp_dashboard_archive_id
in: path
type: int
required: false
description: 父文件夹名称
responses:
0:
description: ok
"""
if request.method == 'POST':
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
if not isinstance(res, dict):
return resp_hanlder(code=999)
data = request.json
if data == None:
return resp_hanlder(code=999)
dashboard_archive_name = data.get('dashboard_archive_name')
upper_dmp_dashboard_archive_id = data.get(
'upper_dmp_dashboard_archive_id')
# 字段表单验证
form = ArchiveForm(meta={"csrf": False})
if not form.validate_on_submit():
return resp_hanlder(code=999, err=str(form.errors))
if upper_dmp_dashboard_archive_id:
upper_archive_obj = DashboardArchive.query.filter(
DashboardArchive.id ==
upper_dmp_dashboard_archive_id).first()
if upper_archive_obj:
if upper_archive_obj.created_dmp_user_id == res.get('id'):
da_obj = DashboardArchive(
dashboard_archive_name=dashboard_archive_name,
upper_dmp_dashboard_archive_id=
upper_dmp_dashboard_archive_id,
created_dmp_user_id=res.get('id'),
changed_dmp_user_id=res.get('id'))
db.session.add(da_obj)
db.session.commit()
return resp_hanlder(
code=0,
msg='子看板文件夹创建成功.',
result=da_obj.dashboard_archive_to_dict())
else:
return resp_hanlder(code=999, msg='无法在其他用户文件夹下创建文件夹.')
else:
return resp_hanlder(code=999, msg='父文件夹对象不存在,请重新操作.')
else:
if dashboard_archive_name:
da_obj = DashboardArchive(
dashboard_archive_name=dashboard_archive_name,
upper_dmp_dashboard_archive_id=
upper_dmp_dashboard_archive_id,
created_dmp_user_id=res.get('id'),
changed_dmp_user_id=res.get('id'))
db.session.add(da_obj)
db.session.commit()
return resp_hanlder(
code=0,
msg='看板文件夹创建成功.',
result=da_obj.dashboard_archive_to_dict())
else:
return resp_hanlder(code=999,
msg='请确认新创建的看板文件夹名称是否存在并确认其是否正确.')
except Exception as err:
db.session.rollback()
return resp_hanlder(err=err)
def ulist(desc):
'''
说明:获取用户列表接口,管理员显示所有用户,教师显示直属管理者是自己的用户
参数:Authorization,说明:用户登录标识token,数据类型:String
返回值:成功返回状态码、对应提示信息及用户列表,数据类型:JSON,数据格式:{'msg':'pass','results':[{'x':'x'},..'],'status':xxx}
'''
if request.method == 'GET':
# 获取用户列表
try:
auth_token = request.headers.get('Authorization')
res = PuttingData.get_obj_data(Users, auth_token)
# 超级管理员显示所有的用户
if res.get('id') == 1:
all_user_obj_list = Users.query.filter(
Users.is_deleted == 0).all()
new_user_obj_dict_list = EnvelopedData.ulist(
all_user_obj_list, res=None)
return resp_hanlder(code=3001, msg=RET.alert_code[3001], result=new_user_obj_dict_list)
# 普通管理员只显示管理员级别以下的所有用户(teacher/student或者一些属于新添加用户组的用户等),
# 即只拥有用户管理或用户组管理(理论上,实际不可能单独拥有用户组管理权限)之一的权限
if res.get('dmp_group_id') == 1 and res.get('id') != 1:
# 新添加用户组的所有用户对象
add_user_obj = Users.query.filter(
Users.dmp_group_id != 1,
Users.dmp_group_id != 2,
Users.dmp_group_id != 3).all()
user_dict = EnvelopedData.build_data_structures_ulist(
add_user_obj)
show_user_list = []
for k, v in user_dict.items():
is_show = EnvelopedData.estimate_classify(v)
# 新添加的用户组 没有同时 拥有用户管理和用户组管理权限,则普通管理员显示
if is_show != 1:
add_show_user_obj = Users.query.filter(
Users.id == k, Users.is_deleted == 0).first()
if add_show_user_obj == None:
continue
if add_show_user_obj:
show_user_list.append(add_show_user_obj)
else:
continue
# 普通管理员默认只展示教师和学生,不展示新添加的用户组用户,需要判断才能决定是否展示
all_user_obj_list = Users.query.filter(
Users.is_deleted == 0,
or_((Users.dmp_group_id == 2), (Users.dmp_group_id == 3))).all()
# 将默认初始化的可以展示的用户和新添加判断后可以展示的用户 相加
all_user_obj_list = all_user_obj_list + show_user_list
new_user_obj_dict_list = EnvelopedData.ulist(
all_user_obj_list, res=None)
return resp_hanlder(code=3001, msg=RET.alert_code[3001], result=new_user_obj_dict_list)
# 教师登录,只显示直属管理者是自己的学生,且排除逻辑删除的学生
# else:
if res.get('dmp_group_id') == 2:
# 新添加用户组的所有用户对象
add_user_obj = Users.query.filter(
Users.dmp_group_id != 1,
Users.dmp_group_id != 2,
Users.dmp_group_id != 3).all()
user_dict = EnvelopedData.build_data_structures_ulist(
add_user_obj)
show_child_user_list = []
for k, v in user_dict.items():
is_show = EnvelopedData.estimate_classify(v)
# 新添加的用户组 同时没有 拥有用户管理和用户组管理权限,则教师显示
# 相当于is_show==3,先判断是属于学生用户组类别
if is_show != 1 and is_show != 2 and is_show != 4:
add_show_user_obj = Users.query.filter(
Users.id == k, Users.is_deleted == 0).first()
if add_show_user_obj == None:
continue
if add_show_user_obj.leader_dmp_user_id == res.get('id'):
show_child_user_list.append(add_show_user_obj)
else:
continue
# 教师默认只展示直属领导的学生,不展示新添加的用户组用户,需要判断同时没有那两种权限才能展示
# all_students_list = Users.query.filter(and_((Users.leader_dmp_user_id == res['id']), (Users.is_deleted == 0))).all()
# 筛选默认用户组中:剔除逻辑删除用户、学生属于当前老师的
all_students_list = Users.query.filter(
and_(Users.dmp_group_id > 0, Users.dmp_group_id < 4),
Users.leader_dmp_user_id == res['id'],
Users.is_deleted == 0).all()
all_students_list = all_students_list + show_child_user_list
new_stu_obj_dict_list = EnvelopedData.ulist(
all_students_list, res)
# 教师类用户组登录时,如果超级管理员将当前登录用户的直属领导划分为自己,则展示页不展示自己
for user_obj in new_stu_obj_dict_list:
if user_obj.get('dmp_username') == res.get('dmp_username'):
new_stu_obj_dict_list.remove(user_obj)
else:
continue
return resp_hanlder(code=3001, msg=RET.alert_code[3001], result=new_stu_obj_dict_list)
# 属于新添加的用户组用户登录
else:
# 针对新添加的用户组
# 用户属于新添加的用户组,拿到用户对应的新用户组--对应的新用户组权限--判断权限中有无/user/list/,/usergroup/info/权限
# 判断is_show的值,如果为1,则相当于管理员,如果为2,则相当于教师,如果为3,则相当于学生,没权限访问ulist接口
new_obj = Users.query.filter(Users.id == res.get('id')).first()
new_group = new_obj.groups
new_permission_list = new_group.permissions
l = []
for p in new_permission_list:
l.append({'route': p.route})
is_show = EnvelopedData.estimate_classify(l)
# 相当于普通管理员,能够看到普通管理员用户组级别以下的所有用户信息(过滤掉管理员、及同级别的新用户组用户)
if is_show == 1:
all_user_obj_list = Users.query.filter(
Users.is_deleted == 0,
Users.dmp_group_id != 1,
Users.dmp_group_id != res.get('dmp_group_id')).all()
new_user_obj_dict_list = EnvelopedData.ulist(
all_user_obj_list, res=None)
g = EnvelopedData.glist(new_user_obj_dict_list)
# 进行新添用户组的is_show判断
for u in g:
u_p = u.get('u_group_permission')
is_show = EnvelopedData.estimate_classify(u_p)
# 判断新添加的用户组的is_show,如果新添加的用户组is_show等于1,相当于管理员权限,不显示,删掉
if is_show == 1:
new_user_obj_dict_list.remove(u)
return resp_hanlder(code=3001, msg=RET.alert_code[3001], result=new_user_obj_dict_list)
# 相当于教师,能够看到教师用户组级别以下的所有用户组信息,用户组只有/user/list/及其他,没有/usergroup/info/
# 将管理员用户组、教师用户组及同级别的新用户组的用户信息过滤掉,
# 还得判断新添加其他的用户组的is_show,is_show=3才能给教师权限类别 显示
if is_show == 2:
all_user_list = Users.query.filter(
Users.is_deleted == 0,
Users.dmp_group_id != 1,
Users.dmp_group_id != 2,
Users.dmp_group_id != res.get('dmp_group_id')).all()
new_user_obj_dict_list = EnvelopedData.ulist(
all_user_list, res)
g = EnvelopedData.glist(new_user_obj_dict_list)
for u in g:
u_p = u.get('u_group_permission')
is_show = EnvelopedData.estimate_classify(u_p)
# 判断新添加的用户组的is_show,如果is_show等于1或2,相对于教师权限来说就不显示,删掉
if is_show == 1 or is_show == 2:
new_user_obj_dict_list.remove(u)
return resp_hanlder(code=3001, msg=RET.alert_code[3001], result=new_user_obj_dict_list)
# 下面两个条件无法进入
if is_show == 3:
# 没有权限进入此路由
return resp_hanlder(code=999, msg='You do not have permission to access this route, '
'or the permissions are incorrectly assigned, '
'please contact the administrator')
if is_show == 4:
return resp_hanlder(code=999, msg='There is a problem with user rights allocation, '
'please contact the administrator to resolve it')
else:
return resp_hanlder(code=999, msg='There is a problem with user rights allocation, '
'please contact the administrator to resolve it')
except Exception as err:
return resp_hanlder(code=999, msg=str(err))
