def required_no_pid_no_dec(ability=None): if g.istrpc == 1: return 1 if g.is_admin == 1: return 1 roles = [ i['name'] for i in UserBusiness.query_json_by_id(g.userid)[0]['role'] ] project = None if request.args and 'project_id' in request.args: project = request.args.get('project_id') if request.json and 'project_id' in request.json: project = request.json.get('project_id') project_list = UserBusiness.own_in_project() if project and is_owneristrator( roles) and project_list and is_have_project( int(project), project_list): return 1 abilities = AuthBusiness.query_ability_by_role_name(roles) if has_ability(ability, abilities): return 1 return 0
def _(*args, **kwargs): if g.istrpc == 1: return func(*args, **kwargs) if g.is_admin == 1: return func(*args, **kwargs) roles = [ i['name'] for i in UserBusiness.query_json_by_id(g.userid)[0]['role'] ] project = None if request.args and 'project_id' in request.args: project = request.args.get('project_id') if request.json and 'project_id' in request.json: project = request.json.get('project_id') project_list = UserBusiness.own_in_project() if project and _is_owneristrator( roles) and project_list and _is_have_project( int(project), project_list): return func(*args, **kwargs) abilities = AuthBusiness.query_ability_by_role_name(roles) if _has_ability(ability, abilities): return func(*args, **kwargs) raise OperationPermissionDeniedException
def project_unless_user(): """ @api {get} /v1/user/unless/user_list 获取 不是当前项目的用户列表 @apiName GetUserListsByUnlessPorject @apiGroup 用户 @apiDescription 获取不是当前项目的用户列表 @apiParam {int} project_id 项目id @apiParam {int} [limit] limit @apiParam {int} [offset] offset @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "project_id": 4 } ], "message": "ok" } """ user_list = [] user_data = UserBusiness.query_user_list() # 项目列表的用户 for i in range(0, len(user_data)): user_list.append(int(user_data[i]['user_id'])) # 过滤admin用户 # admin_list = UserBusiness.query_admin_list() user_list = list(set(user_list)) data = UserBusiness.query_unless_user_list(user_list) return json_detail_render(0, data)
def gain_role_project(): user_id = request.args.get('user_id') roles = [] project_list = UserBusiness.owner_project_list() roles_list = UserBusiness.query_json_by_id(user_id) current_app.logger.info(roles_list) if len(roles_list) > 0: roles = roles_list[0]['role'] data = {'role': roles, 'project': project_list} return json_detail_render(0, data)
def no_password_login(cls, username): ret = User.query.filter_by(name=username, status=User.ACTIVE).all() if len(ret) == 0: return 303, [] userid = ret[0].id userdetail = UserBusiness.query_json_by_id(userid) projectid = UserBusiness.query_project_by_userid(userid) if userdetail: userdetail[0]['projectid'] = projectid token = cls.jwt_b_encode(userdetail[0]).decode('utf-8') data = dict(token=token) return 0, data else: return 413, []
def wx_user_bind_handler(): """ @api {post} /v1/user/wxbinduser 关联 企业微信到老账号 @apiName WxBindUser @apiGroup 用户 @apiDescription 企业微信关联老账号 @apiParam {int} userid 老账号的ID @apiParam {int} wxuserid 企业微信用户的ID @apiParamExample {json} Request-Example: { "wxuserid": 58, "userid": 20 } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "" } """ userid, wxuserid = parse_json_form('wxbinduser') ret, msg = UserBusiness.wx_bind_user(userid, wxuserid) return json_detail_render(ret, msg)
def _(*args, **kwargs): if g.istrpc == 1: return func(*args, **kwargs) if g.is_admin == 1: return func(*args, **kwargs) # 项目外需要owner权限的在premission中@owner_required roles = [] if not g.projectid: raise OperationPermissionDeniedException roles_row = UserBusiness.query_json_by_id_and_project( g.userid, g.projectid) roles_list = roles_row[0]['role'] if roles_row else [] for i in roles_list: roles.append(i['name']) if _is_owneristrator(roles): return func(*args, **kwargs) abilities = AuthBusiness.query_ability_by_role_name(roles) if _has_ability(ability, abilities): return func(*args, **kwargs) raise OperationPermissionDeniedException
def detach_user(): """ @api {post} /v1/user/detachuser 项目解绑用户 @apiName DetachUserForProject @apiGroup 用户 @apiDescription 项目解绑用户 @apiParam {int} user_id 用户ID @apiParam {int} project_id 项目ID @apiParamExample {json} Request-Example: { "project_id": 75, "user_id":1 } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code":0, "data":[], "message":"ok" } """ project_id, user_id = parse_json_form('projectdetachusers') ret, msg = UserBusiness.project_detach_user(project_id, user_id) return json_detail_render(ret, [], msg)
def user_detail_modify_handler(user_id): """ @api {post} /v1/user/{user_id} 修改 用户密码 @apiName ModifyPassword @apiGroup 用户 @apiDescription 修改用户密码 @apiParam {string} oldpassword 旧密码 @apiParam {string} newpassword 新密码 @apiParamExample {json} Request-Example: { "oldpassword":"******", "newpassword":"******" } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "ok" } @apiErrorExample {json} Error-Response: HTTP/1.1 200 OK { "code": 301, "data": [], "message": "password wrong" } """ project_id = request.args.get('project_id') oldpassword, newpassword = parse_json_form('modifypassword') ret = UserBusiness.modify_password(user_id, oldpassword, newpassword, project_id) return json_detail_render(ret)
def get_json_by_id(): user_id = request.args.get('userid') project_id = request.args.get('project_id') if not project_id: project_id = request.headers.get('projectid') data = UserBusiness.query_json_by_id_and_project(user_id, project_id) return json_detail_render(0, data)
def user_bind_role_handler(): """ @api {post} /v1/user/userbindroles 绑定 用户角色 @apiName BindUserRole @apiGroup 用户 @apiDescription 绑定用户角色 @apiParam {int} userid 用户ID @apiParam {int[]} roleids role list可以为空,表示清空绑定关系 @apiParamExample {json} Request-Example: { "userid":6, "roleids":[4] } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "" } """ userid, roleids, project_id = parse_json_form('userbindroles') ret, msg = UserBusiness.user_bind_roles(userid, roleids, project_id) return json_detail_render(ret, [], msg)
def user_bind_project_handler(): """ @api {post} /v1/user/bindproject 绑定 项目到用户 @apiName BindProject @apiGroup 用户 @apiDescription 给用户绑定项目,赋予访问权限等 @apiParam {int} user_id 用户ID @apiParam {int[]} project_ids 项目 @apiParamExample {json} Request-Example: { "user_id":1, "project_ids":[1] } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "" } """ user_id, pids = parse_json_form('userbindprojects') ret, msg = UserBusiness.bind_projects(user_id, pids) return json_detail_render(ret, [], msg)
def user_reset_handler(): """ @api {post} /v1/user/resetpassword 重置 用户密码 @apiName ResetPassword @apiGroup 用户 @apiDescription 重置用户密码 @apiParam {int} userid 用户ID @apiParam {string} newpassword 新密码 @apiParamExample {json} Request-Example: { "userid":1, "newpassword":"******" } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "ok" } """ project_id = request.args.get('project_id') userid, newpassword = parse_json_form('resetpassword') ret, msg = UserBusiness.reset_password(userid, newpassword, project_id) return json_detail_render(ret, message=msg)
def user_index_handler(): """ @api {post} /v1/user/add 新增 用户 @apiName CreateUser @apiGroup 用户 @apiDescription 新增用户 @apiParam {string} username 用户名:字母[+数字] @apiParam {string} nickname 昵称 @apiParam {string} password 密码 @apiParam {int[]} roleids 角色,可传入空数组 @apiParam {string} email 邮箱 @apiParam {string} telephone 手机号 @apiParamExample {json} Request-Example: { "username":"******", "nickname":"zhangdashan", "password":"******", "roleids":[], "email":"*****@*****.**", "telephone":"13131313131" } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "ok" } """ username, nickname, password, email, telephone = parse_json_form('adduser') ret, msg = UserBusiness.create_new_user_and_bind_roles( username, nickname, password, email, telephone) return json_detail_render(ret, [], msg)
def isappera_admin(): user_id = request.args.get('user_id') project_id = request.args.get('project_id') owner_list = UserBusiness.owner_project_list() isappear = 1 if user_id: roles_row = UserBusiness.query_json_by_id_and_project(user_id, project_id) roles_list = roles_row[0]['role'] if roles_row else [] roles = [i['name'] for i in roles_list] if g.is_admin or (roles and 'owner' in roles and owner_list and int(project_id) in owner_list): isappear = 0 data = [{'isappear': isappear}] return json_detail_render(0, data)
def get_user(cls, user_code): # 读取成员 'https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token=ACCESS_TOKEN&userid=USERID' # access_token 调用接口凭证, # userid 成员UserID。对应管理端的帐号,企业内必须唯一。不区分大小写,长度为1~64个字节 access_token = cls.get_access_token() errcode, user_id = cls.get_user_info(access_token, user_code) if errcode == 102: return 109, [], '非企业人员' if errcode == 40014: access_token = cls.force_get_access_token() url = QYWXHost + 'user/get' + '?access_token={}&userid={}'.format(access_token, user_id) current_app.logger.info(url) ret = requests.get(url=url) current_app.logger.info(ret.text) r = json.loads(ret.text) if r['errcode'] is 0: uid = r['userid'] nickname = r['name'] email = r['email'] telephone = r['mobile'] avatar = r['avatar'] current_app.logger.info("avatar:" + str(avatar)) res = User.query.filter(User.wx_userid == uid, User.status == User.ACTIVE).first() if res: code, data = AuthBusiness.no_password_login(res.name) pic = User.query.get(res.id) pic.picture = avatar db.session.add(pic) db.session.commit() try: TrackUserBusiness.user_track(res) except Exception as e: current_app.logger.info(e) return code, data, '' else: UserBusiness.create_new_wxuser(uid, nickname, '', email, telephone, avatar) code, data = AuthBusiness.no_password_login(uid) return code, data, '' else: return r['errcode'], [], r['errmsg']
def query_user_by_project_handler(pid): """ @api {get} /v1/user/byproject/{pid} 查询 用户信息通过项目id @apiName GetUserinfoByProjectId @apiGroup 用户 @apiDescription 通过项目id查询用户信息 @apiSuccess {list} role 用户权限列表 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "nickname": "周培丽hello", "picture": "http://p.qlogo.cn/bizmail/DLjOz7icMnHySKca5HDofMyDUHdjCM28iauyRdCl1DKx9uaJibfqpViang/0", "role": [ { "comment": "超级管理员", "id": 1, "name": "admin" } ], "userid": 5, "username": "******", "userweight": 1 } ], "limit": 99999, "message": "ok", "offset": 0 } """ # 第一个接口查询后会只返回有角色的用户 role_id = request.args.get('role') if role_id: data = UserBusiness.query_by_project(pid, role_id) else: data = UserBusiness.query_by_project_v2(pid) return json_detail_render(0, data)
def login(cls, username, password): ret = User.query.filter_by( name=username, password=parse_pwd(password), status=User.ACTIVE).all() if len(ret) == 0: return 303, [] userid = ret[0].id userdetail = UserBusiness.query_json_by_id(userid) projectid = UserBusiness.query_project_by_userid(userid) if userdetail: userdetail[0]['projectid'] = projectid token = cls.jwt_b_encode(userdetail[0]).decode('utf-8') data = dict(token=token) try: res = User.query.filter(User.id == userid, User.status == User.ACTIVE).first() TrackUserBusiness.user_track(res) except Exception as e: current_app.logger.info(e) return 0, data else: return 413, []
def user_detail_handler(user_id): """ @api {get} /v1/user/{user_id} 查询 用户信息根据用户id @apiName GetUserInfoById @apiGroup 用户 @apiDescription 查询 用户信息根据用户id @apiSuccess {list} role 用户权限列表 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "nickname": "张宇", "picture": "https://p.qlogo.cn/bizmail/WRZVs2uMphoxc2918UvZzL31u6A9ibTNuqnIibzJ4GxjWIVVDxHvUGuA/0", "role": [ { "comment": "超级管理员", "id": 1, "name": "admin" } ], "userid": 96, "username": "******", "userweight": 1 } ], "message": "ok" } """ project_id = request.args.get('project_id') if not project_id: project_id = request.headers.get('projectid') if not project_id: data = UserBusiness.query_json_by_id(user_id) else: data = UserBusiness.query_json_by_id_and_project(user_id, project_id) if len(data) == 0: return json_detail_render(101, data) return json_detail_render(0, data)
def user_list_handler(): """ @api {get} /v1/user/ 获取 用户信息 @apiName GetUserInfo @apiGroup 用户 @apiDescription 分页查询用户信息,可选参数角色 @apiParam {int} [role] roleid @apiSuccess {list} role 用户权限列表 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "nickname": "朱林林", "picture": "", "role": [ { "comment": "测试", "id": 3, "name": "test" } ], "userid": 106, "username": "******", "userweight": 1 } ], "limit": 1, "message": "ok", "offset": 0 } """ base_info = request.args.get('base_info') if base_info: data = UserBusiness.query_all_base_info() else: data = UserBusiness.query_all_json() return json_detail_render(0, data)
def user_delete_handler(user_id): """ @api {delete} /v1/user/{user_id} 删除 用户 @apiName DeleteUser @apiGroup 用户 @apiDescription 删除 用户 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "ok" } """ ret = UserBusiness.delete_user(user_id) return json_detail_render(ret)
def project_role_list_user(): """ @api {get} /v1/user/project_role_list 获取 项目的所有用户列表和角色 @apiName GetProjectAndRoleListsByUser @apiGroup 用户 @apiDescription 获取项目的所有用户列表和角色 @apiParam {int} [limit] limit @apiParam {int} [offset] offset @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "nickname": "吴茂澍", "project": [ { "id": 4, "name": "云测平台66" } ], "role": [ { "comment": "测试", "id": 3, "name": "test" } ], "userid": 110, "username": "******", "userweight": 1 } ], "limit": 1, "message": "ok", "offset": 2 } """ limit, offset = parse_list_args() data = UserBusiness.query_user_project_role(limit, offset) return json_list_render(0, data, limit, offset)
def user_is_reset_handler(user_id): """ @api {get} /v1/user/isresetpassword/{user_id} 判断 是否重置过密码 @apiName IsResetPassword @apiGroup 用户 @apiDescription 判断是否重置过密码 @apiSuccess {int} is_reset_password 为0代表未重置过,1代表重置过 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "is_reset_password": 0 } ], "message": "ok" } """ ret, data = UserBusiness.is_reset_passwd(user_id) return json_detail_render(ret, data)
def project_single_role_list_user(user_id): """ @api {get} /v1/user/project_role_list/{user_id} 获取 项目的单个用户列表和角色 @apiName GetSingleProjectAndRoleListsByUser @apiGroup 用户 @apiDescription 项目的单个用户列表和角色 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code":0, "data":[ { "email":"*****@*****.**", "nickname":"王金龙", "project":[ { "id":11, "name":"z_test" } ], "role":[ { "comment":"超级管理员", "id":1, "name":"admin" } ], "userid":1, "username":"******", "userweight":1 } ], "message":"ok" } """ data = UserBusiness.query_user_single_project_role(user_id) return json_detail_render(0, data)
def user_all_list(): """ @api {get} /v1/user/all 获取 所有用户列表和昵称 @apiName GetAllUser @apiGroup 用户 @apiDescription 获取所有用户列表和昵称 @apiParam {int} [limit] limit @apiParam {int} [offset] offset @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "id": 117, "nickname": "李晓龙" }, ], "message": "ok" } """ data = UserBusiness.query_all_user_list() return json_detail_render(0, data)
def user_project_list(): """ @api {get} /v1/user/currentuser/project_list 获取 当前用户的项目列表 @apiName GetProjectListsByUser @apiGroup 用户 @apiDescription 获取当前用户的项目列表 @apiParam {int} user_id 用户id @apiSuccess {string} project_id 拥有的项目 @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [ { "project_id": 4 } ], "message": "ok" } """ user_id = request.args.get('user_id') data = UserBusiness.query_user_in_project(user_id) return json_detail_render(0, data)
def add_users(): """ @api {post} /v1/user/adduser 项目绑定用户 @apiName AddUserForProject @apiGroup 用户 @apiDescription 项目绑定用户 @apiParam {list} user_list 用户ID @apiParam {int} project_id 项目ID @apiParamExample {json} Request-Example: { "project_id": 75, "user_list":[1,2] } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code":0, "data":[], "message":"ok" } """ project_id, user_list = parse_json_form('projectadduser') ret, msg = UserBusiness.project_add_users(project_id, user_list) return json_detail_render(ret, [], msg)
def required_no_dec(ability=None): if g.istrpc == 1: return 1 if g.is_admin == 1: return 1 roles = [] if not g.projectid: raise PermissionDeniedException roles_row = UserBusiness.query_json_by_id_and_project( g.userid, g.projectid) roles_list = roles_row[0]['role'] if roles_row else [] for i in roles_list: roles.append(i['name']) if is_owneristrator(roles): return 1 abilities = AuthBusiness.query_ability_by_role_name(roles) if has_ability(ability, abilities): return 1 return 0
def user_modify_name_handler(): """ @api {post} /v1/user/nickname 修改 昵称 @apiName ModifyNickName @apiGroup 用户 @apiDescription 修改昵称 @apiParam {int} userid 用户ID @apiParam {string} nickname 新的昵称 @apiParamExample {json} Request-Example: { "userid":1, "nickname":"嘻嘻哈哈" } @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "code": 0, "data": [], "message": "" } """ userid, nickname = parse_json_form('modifynickname') ret = UserBusiness.modify_nickname(userid, nickname) return json_detail_render(ret)
def get_user_by_wxemail(): wxemail = request.args.get('email') ret = UserBusiness.query_json_by_wxemail(wxemail) return json_detail_render(0, ret)