def GET(self, xid):
assert (str(xid).isdigit())
if not check_right (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('user',xid, get_user())
raise web.notfound()
record = m_user.get_one (**{"id": int(xid)})
return render ('admin/user_read.html', data = {'record':record})
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [ {% for line in item.table.fields %} '{{ item.name }}_{{ line.field }}', {% endfor %} ]
cond = {}
data = {}
data['filter'] = {}
for field in fields :
if request.get(field,'').strip():
new_field = field.replace('{{item.name}}_','',1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format','') == 'xls':
data_list = m_{{item.name}}.get_many (0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '{{item.title}}'
fields = {}
fields['key'] = [ {% for line in item.table.fields %} '{{ line.field }}', {% endfor %} ]
fields['title'] = [ u'序号', {% for line in item.table.fields %} u'{{ line.title }}', {% endfor %} ]
return utils.output_excel (filename, fields, data_list)
data_list = m_{{item.name}}.get_many (index, length, 'id desc', **cond)
data_len = m_{{item.name}}.get_amount (**cond)
data["records"] = data_list
data['next_page'] = next_page (index, length, data_len)
return render ('admin/{{item.name}}_list.html', item=data)
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [ 'user_memID', 'user_userID', 'user_userCode', 'user_userName', 'user_chainID', 'user_projectID', 'user_cityID', 'user_cityName', 'user_managerID', 'user_managerName', 'user_stationID', 'user_stationName', 'user_email', 'user_tel', 'user_mobile', 'user_joinDate', 'user_status', 'user_id', 'user_create_time', 'user_create_user', 'user_update_time', 'user_update_user', 'user_valid', ]
cond = {}
data = {}
data['filter'] = {}
for field in fields :
if request.get(field,'').strip():
new_field = field.replace('user_','',1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format','') == 'xls':
data_list = m_user.get_many (0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '用户'
fields = {}
fields['key'] = [ 'memID', 'userID', 'userCode', 'userName', 'chainID', 'projectID', 'cityID', 'cityName', 'managerID', 'managerName', 'stationID', 'stationName', 'email', 'tel', 'mobile', 'joinDate', 'status', 'id', 'create_time', 'create_user', 'update_time', 'update_user', 'valid', ]
fields['title'] = [ u'序号', u'用户会员编号', u'用户ID', u'用户编号', u'用户姓名', u'分店ID', u'分店编号', u'城市ID', u'城市名称', u'经理ID', u'经理姓名', u'职位ID', u'职位名称', u'Email邮件', u'固定电话', u'手机', u'入职日期', u'状态', u'ID', u'创建时间', u'创建用户', u'最后修改时间', u'最后修改用户', u'状态', ]
return utils.output_excel (filename, fields, data_list)
data_list = m_user.get_many (index, length, 'id desc', **cond)
data_len = m_user.get_amount (**cond)
data["records"] = data_list
data['next_page'] = next_page (index, length, data_len)
return render ('admin/user_list.html', item=data)
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [ 'book_name', 'book_publisher', 'book_summary', 'book_author', 'book_amount', 'book_id', 'book_create_time', 'book_create_user', 'book_update_time', 'book_update_user', 'book_valid', ]
cond = {}
data = {}
data['filter'] = {}
for field in fields :
if request.get(field,'').strip():
new_field = field.replace('book_','',1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
data_list = m_book.get_many (index, length, 'id desc', **cond)
data_len = m_book.get_amount (**cond)
data["records"] = data_list
data['next_page'] = next_page (index, length, data_len)
data['show_confirm'] = web.input().get('show_confirm','')
return render ('admin/book_list.html', item=data)
def GET(self):
request = web.input()
index = request.get('index', '0').strip()
length = request.get('length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
cond = {}
cond['create_user_id'] = get_user()
fields = ['uid', 'code', 'name', 'role', 'dept', 'id', 'create_user_id', 'update_user_id', 'create_date', 'update_date']
for field in fields :
if request.get(field,''):
cond[field] = request.get(field).strip()
data_list = m_user.get_many (index, length, **cond)
data = {}
data["user_id"] = session.user_id
data["user_name"] = session.user_name
data["records"] = data_list
info = {}
info['index'] = index
info['length'] = length
return render ('admin/user_list.html', data=data, info=info)
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [ 'publisher_name', 'publisher_address', 'publisher_tel', 'publisher_id', 'publisher_create_time', 'publisher_create_user', 'publisher_update_time', 'publisher_update_user', 'publisher_valid', ]
cond = {}
data = {}
data['filter'] = {}
for field in fields :
if request.get(field,'').strip():
new_field = field.replace('publisher_','',1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format','') == 'xls':
data_list = m_publisher.get_many (0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '出版商'
fields = {}
fields['key'] = [ 'name', 'address', 'tel', 'id', 'create_time', 'create_user', 'update_time', 'update_user', 'valid', ]
fields['title'] = [ u'序号', u'出版商', u'地址', u'电话', u'ID', u'创建时间', u'创建用户', u'最后修改时间', u'最后修改用户', u'状态', ]
return utils.output_excel (filename, fields, data_list)
data_list = m_publisher.get_many (index, length, 'id desc', **cond)
data_len = m_publisher.get_amount (**cond)
data["records"] = data_list
data['next_page'] = next_page (index, length, data_len)
return render ('admin/publisher_list.html', item=data)
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [ 'area_title', 'area_ord', 'area_isall', 'area_id', 'area_create_time', 'area_create_user', 'area_update_time', 'area_update_user', 'area_valid', ]
cond = {}
data = {}
data['filter'] = {}
for field in fields :
if request.get(field,'').strip():
new_field = field.replace('area_','',1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format','') == 'xls':
data_list = m_area.get_many (0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '区域'
fields = {}
fields['key'] = [ 'title', 'ord', 'isall', 'id', 'create_time', 'create_user', 'update_time', 'update_user', 'valid', ]
fields['title'] = [ u'序号', u'区域名称', u'显示顺序', u'全部区域?', u'ID', u'创建时间', u'创建用户', u'最后修改时间', u'最后修改用户', u'状态', ]
return utils.output_excel (filename, fields, data_list)
data_list = m_area.get_many (index, length, 'id desc', **cond)
data_len = m_area.get_amount (**cond)
data["records"] = data_list
data['next_page'] = next_page (index, length, data_len)
data['show_confirm'] = web.input().get('show_confirm','')
return render ('admin/area_list.html', item=data)
def GET(self, xid):
assert (str(xid).isdigit())
if not check_right (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('publisher',xid, get_user())
raise web.notfound()
record = m_publisher.get_one (**{"id": int(xid)})
return render ('admin/publisher_read.html', data = {'record':record})
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [ 'policy_title', 'policy_keywords', 'policy_content', 'policy_categoryID', 'policy_areaID', 'policy_status', 'policy_id', 'policy_create_time', 'policy_create_user', 'policy_update_time', 'policy_update_user', 'policy_valid', ]
cond = {}
data = {}
data['filter'] = {}
for field in fields :
if request.get(field,'').strip():
new_field = field.replace('policy_','',1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format','') == 'xls':
data_list = m_policy.get_many (0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '政策'
fields = {}
fields['key'] = [ 'title', 'keywords', 'content', 'categoryID', 'areaID', 'status', 'id', 'create_time', 'create_user', 'update_time', 'update_user', 'valid', ]
fields['title'] = [ u'序号', u'标题', u'关键词', u'正文内容', u'分类', u'区域', u'显示状态', u'ID', u'创建时间', u'创建用户', u'最后修改时间', u'最后修改用户', u'状态', ]
return utils.output_excel (filename, fields, data_list)
data_list = m_policy.get_many (index, length, 'id desc', **cond)
data_len = m_policy.get_amount (**cond)
data["records"] = data_list
data['next_page'] = next_page (index, length, data_len)
data['show_confirm'] = web.input().get('show_confirm','')
return render ('admin/policy_list.html', item=data)
def GET(self):
request = web.input()
index = request.get('index', '0').strip()
length = request.get('length', '10').strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
cond = {}
cond['create_user_id'] = get_user()
fields = [
'name', 'ord', 'valid', 'id', 'create_user_id', 'update_user_id',
'create_date', 'update_date'
]
for field in fields:
if request.get(field, ''):
cond[field] = request.get(field).strip()
data_list = m_insp_type.get_many(index, length, **cond)
data = {}
data["user_id"] = session.user_id
data["user_name"] = session.user_name
data["records"] = data_list
return render('admin/insp_type_list.html', data=data)
def GET(self, xid):
assert (str(xid).isdigit())
if not check_right (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('{{{{name}}}}',xid, get_user())
raise web.notfound()
data = m_{{{{name}}}}.get_one ({"id": int(xid)})
return render ('admin/{{{{name}}}}_read.html', data = data)
def GET(self, xid):
assert (str(xid).isdigit())
if not check_right (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('insp_plan',xid, get_user())
raise web.notfound()
data = {}
data['record'] = m_insp_plan.get_one ({"id",int(xid)})
return render ('admin/insp_plan_read.html', data = data)
def GET(self, xid):
assert (str(xid).isdigit())
if check (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('insp_plan',xid, get_user())
raise web.notfound()
data = {}
data['record'] = m_insp_plan.get_one ({"key":"id", "value": int(xid)})
return render ('admin/insp_plan_read.html', data = data)
def GET(self, xid):
assert (str(xid).isdigit())
if check (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('insp_item',xid, get_user())
raise web.notfound()
data = {}
data['record'] = m_insp_item.get_one ({"key":"id", "value": int(xid)})
return render ('admin/insp_item_read.html', data = data)
def GET(self, xid):
assert (str(xid).isdigit())
if not check_right (xid):
print 'try to read an unauthrithm data, %s record id:%s , user id:%s' % ('user',xid, get_user())
raise web.notfound()
data = {}
data['record'] = m_user.get_one ({"id",int(xid)})
return render ('admin/user_read.html', data = data)
def GET(self):
web.header('Content-type', "text/xml; charset=utf-8")
articles = markdown_to_html(list_three_articles())
user_data = get_user_data()
return render("rss.xml",
title=user_data.username,
articles=articles,
url=web.ctx.host,
user_data=user_data,
now=now())
def render(self, template, **kwargs):
return render(template,
NAME=self.NAME,
EMAIL=self.EMAIL,
INTRO=self.INTRO,
KEYWORD=self.KEYWORD,
DESCRIPTION=self.DESCRIPTION,
EMAIL_MD5=self.EMAIL_MD5,
MAIN_TITLE=self.MAIN_TITLE,
**kwargs)
def GET(self):
# Checks if db's password matches cookie's
if valid_login():
return render('index.html')
# User does not have access to content
# Or user has been changing cookie values
else:
raise web.seeother('/')
def GET(self,xid):
assert (str(xid).isdigit())
xid = int(xid)
if xid and not check_right (xid):
print 'try to edit unauthorization data, table:%s, id:%s' % ( 'publisher', xid)
return default_error ()
data = {}
if xid:
data['record'] = m_publisher.get_one (**{"id": int(xid)})
if not data:
print 'Error, try to edit record but not found data, table:%s, id:%s' % ('publisher', xid)
raise web.notfound()
return render ('admin/publisher_edit.html', data = data)
def GET(self,xid):
assert (str(xid).isdigit())
xid = int(xid)
if xid and not self.check_right (xid):
print 'try to edit unauthorization data, table:%s, id:%s' % ( 'user', xid)
return default_error ()
data = {}
if xid:
data = m_user.get_one (**{"id": int(xid)})
if not data:
print 'Error, try to edit record but not found data, table:%s, id:%s' % ('user', xid)
raise web.notfound()
return render ('admin/user_edit.html', data = data)
def GET(self,xid):
assert (str(xid).isdigit())
xid = int(xid)
data = {}
if not xid:
#add
pass
elif not check (xid):
print 'try to edit an unauthrithm data, table %s, id:%s , user id:%s' % ('insp_plan',xid, get_user())
raise web.notfound()
else:
data['record'] = m_insp_plan.get_one ({"key":"id", "value": int(xid)})
if not data['record']:
print 'Error, try to edit record but not found data, table:%s, id:%s' % ('insp_plan', xid)
raise web.notfound()
return render ('admin/insp_plan_edit.html', data = data)
def GET(self,xid):
assert (str(xid).isdigit())
xid = int(xid)
data = {}
if not xid:
#add
pass
elif not check (xid):
print 'try to edit an unauthrithm data, table %s, id:%s , user id:%s' % ('insp_item',xid, get_user())
raise web.notfound()
else:
data['record'] = m_insp_item.get_one ({"key":"id", "value": int(xid)})
if not data['record']:
print 'Error, try to edit record but not found data, table:%s, id:%s' % ('insp_item', xid)
raise web.notfound()
return render ('admin/insp_item_edit.html', data = data)
def GET(self):
request = web.input()
index = request.get('index', '0').strip()
length = request.get('length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
cond = {}
cond['create_user_id'] = get_user()
fields = [{{{{input_fields}}}}]
for field in fields :
if request.get(field,''):
cond[field] = request.get(field).strip()
data_list = m_{{{{name}}}}.get_many (index, length, 'id desc', **cond)
data = {}
data["records"] = data_list
return render ('admin/{{{{name}}}}_list.html', data=data)
def POST (self):
request = web.input()
user_id = request.get('user_id', '').strip()
user_pw = request.get('user_pw', '').strip()
msg = ''
if not user_id or not user_pw:
msg = u'用户,密码不能为空'
elif user_id != 'admin' or user_pw !='admin':
msg = u'用户名或密码不正确'
if msg:
data = {}
data['error_msg'] = msg
return render ("admin/login.html", data = data)
if user_id == 'admin' and user_pw == 'admin':
session.user_name = u'小明'
session.user_code = user_id
session.user_id = 1234
session.admin = True
web.seeother("/admin/")
def POST(self):
request = web.input()
user_id = request.get('user_id', '').strip()
user_pw = request.get('user_pw', '').strip()
msg = ''
if not user_id or not user_pw:
msg = u'用户,密码不能为空'
elif user_id != 'admin' or user_pw != 'admin':
msg = u'用户名或密码不正确'
if msg:
data = {}
data['error_msg'] = msg
return render("admin/login.html", data=data)
if user_id == 'admin' and user_pw == 'admin':
session.user_name = u'小明'
session.user_code = user_id
session.user_id = 1234
session.admin = True
web.seeother("/admin/")
def GET(self):
request = web.input()
index = request.get('index', '0').strip()
length = request.get('length', '10') .strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
cond = {}
cond['create_user_id'] = get_user()
fields = ['user_id', 'insp_date', 'dept_id', 'chain_id', 'id', 'create_user_id', 'update_user_id', 'create_date', 'update_date']
for field in fields :
if request.get(field,''):
cond[field] = request.get(field).strip()
data_list = m_insp_plan.get_many (index, length, **cond)
data = {}
data["user_id"] = session.user_id
data["user_name"] = session.user_name
data["records"] = data_list
return render ('admin/insp_plan_list.html', data=data)
def render(self, template, **kwargs):
return render(template, NAME=self.NAME, EMAIL=self.EMAIL,
INTRO=self.INTRO, KEYWORD=self.KEYWORD, DESCRIPTION=self.DESCRIPTION,
EMAIL_MD5=self.EMAIL_MD5, MAIN_TITLE=self.MAIN_TITLE, **kwargs)
def GET (self):
return render ('index.html')
def POST(self):
uid = web.input().login_uid
pw = web.input().login_pw
# DB select based on username
# Will raise exception if not valid
try:
login_user = db.select('users', where = 'username = $uid',
vars = locals())[0]
except:
# TODO return error mesage using ajax
return render('login.html')
# This will be executed if try block is executed
# This is because except block returns value
# Each user has a different salt
# SHA256 used because it's better than default MD5
# Rehash password and check if equal to database's
salt = login_user['salt']
hashed_pw = hmac(salt, pw, sha256).hexdigest()
# Hashed password with user's salt matches!
# Moves on to process the remember me toggle
# Sets cookies accordingly
# Redirects to /home
if hashed_pw == login_user['pw']:
# Exception checking using to-string conversion
# Raises error if not remember me is not toggled
try:
# Remember me toggle is 'on'
# 'on' as in string and literally on
rmb_me = str(web.input().rmb_me)
rmb_me = True
# Oddly there is only 'on', no 'off'
# So this will trigger an AttributeError (string)
except AttributeError:
rmb_me = False
# Sets the cookie expiration to 3 months
# Resets cookie expiration on every login
if rmb_me:
# make_cookie( uid, hashed_pw, salt )
# cookie = uid|hashed_pw|salt
web.setcookie('login_info',
make_cookie(uid, hashed_pw),
7776000)
# Sets uid_login to hashed_pw for later confirmation
memcache.set(uid + '_login', hashed_pw)
raise web.seeother('/home')
# Session only login, remember me is False
else:
web.setcookie('login_info',
make_cookie(uid, hashed_pw))
# Sets uid_login to hashed_pw for later confirmation
memcache.set(uid + '_login', hashed_pw)
raise web.seeother('/home')
# Input password does not match the one in database
# Renders the html with notice
else:
# TODO do this rendering with Ajax request
return render('login.html')
def GET(self):
web.header('Content-type', "text/xml; charset=utf-8")
articles = markdown_to_html(list_three_articles())
user_data = get_user_data()
return render("rss.xml", title=user_data.username, articles=articles,
url=web.ctx.host, user_data=user_data, now=now())
def GET(self):
data = {}
data['userid'] = session.get('userid')
data['username'] = session.get('username')
return render ("admin/admin.html", data = data)
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10').strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [
'book_name',
'book_publisher',
'book_summary',
'book_author',
'book_amount',
'book_id',
'book_create_time',
'book_create_user',
'book_update_time',
'book_update_user',
'book_valid',
]
cond = {}
data = {}
data['filter'] = {}
for field in fields:
if request.get(field, '').strip():
new_field = field.replace('book_', '', 1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format', '') == 'xls':
data_list = m_book.get_many(0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '书籍'
fields = {}
fields['key'] = [
'name',
'publisher',
'summary',
'author',
'amount',
'id',
'create_time',
'create_user',
'update_time',
'update_user',
'valid',
]
fields['title'] = [
u'序号',
u'书名',
u'出版商',
u'简介',
u'作者',
u'数量',
u'ID',
u'创建时间',
u'创建用户',
u'最后修改时间',
u'最后修改用户',
u'状态',
]
return utils.output_excel(filename, fields, data_list)
data_list = m_book.get_many(index, length, 'id desc', **cond)
data_len = m_book.get_amount(**cond)
data["records"] = data_list
data['next_page'] = next_page(index, length, data_len)
return render('admin/book_list.html', item=data)
def GET(self):
data = {}
data['userid'] = session.get('userid')
data['username'] = session.get('username')
return render("admin/admin.html", data=data)
def GET(self):
data = {}
return render ("admin/login.html", data = data)
def GET (self):
items = m_item.query (0,100, 'id desc', **{})
return render ('items.html', items=items[1])
def GET(self):
request = web.input()
index = request.get('__index', '0').strip()
length = request.get('__length', '10').strip()
assert (str(index).isdigit())
assert (str(length).isdigit())
index = int(index)
length = int(length)
fields = [
'policy_title',
'policy_keywords',
'policy_content',
'policy_categoryID',
'policy_areaID',
'policy_status',
'policy_id',
'policy_create_time',
'policy_create_user',
'policy_update_time',
'policy_update_user',
'policy_valid',
]
cond = {}
data = {}
data['filter'] = {}
for field in fields:
if request.get(field, '').strip():
new_field = field.replace('policy_', '', 1)
data['filter'][new_field] = request.get(field).strip()
cond[new_field] = request.get(field).strip()
if request.get('__format', '') == 'xls':
data_list = m_policy.get_many(0, 10000000000, 'id desc', **cond)
filename = u'%s.xls' % '政策'
fields = {}
fields['key'] = [
'title',
'keywords',
'content',
'categoryID',
'areaID',
'status',
'id',
'create_time',
'create_user',
'update_time',
'update_user',
'valid',
]
fields['title'] = [
u'序号',
u'标题',
u'关键词',
u'正文内容',
u'分类',
u'区域',
u'显示状态',
u'ID',
u'创建时间',
u'创建用户',
u'最后修改时间',
u'最后修改用户',
u'状态',
]
return utils.output_excel(filename, fields, data_list)
data_list = m_policy.get_many(index, length, 'id desc', **cond)
data_len = m_policy.get_amount(**cond)
data["records"] = data_list
data['next_page'] = next_page(index, length, data_len)
data['show_confirm'] = web.input().get('show_confirm', '')
return render('admin/policy_list.html', item=data)
def GET(self):
data = {}
return render("admin/login.html", data=data)
def GET(self):
return render('login.html')
def GET(self):
return render("admin/article_add.html")
def GET(self):
return render('front.html')
def GET (self, xid):
assert (str(xid).isdigit())
item = m_item.get_by_id ({"key":"id", "value": xid})
return render ('item.html', item=item)
def GET (self):
return render ("admin/article_add.html")
def render(self, template, **kwargs):
return render(template, NAME=self.NAME, EMAIL=self.EMAIL, FRIENDS=self.FRIENDS,
INTRO=self.INTRO, KEYWORD=self.KEYWORD, DESCRIPTION=self.DESCRIPTION,
EMAIL_MD5=self.EMAIL_MD5, **kwargs)