def subject_photo_create(): try: payload = request.files['photo'] subject_id = int(request.form['subject_id']) old_photo_id = int(request.form.get('old_photo_id', 0)) except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if not payload: return error_result(ErrorCode.ERROR_INVALID_PARAM) if g.subject.visitors.filter_by(id=subject_id).first() is None: return error_result(ErrorCode.ERROR_NOT_ALLOWED) photo, error = create_user_photo(payload, g.subject.company_id) if error: return error photo.subject_id = subject_id db.session.add(photo) db.session.commit() #delete old photo if old_photo_id: old_photo = Photo.query.get(old_photo_id) if old_photo.subject.inviter_id != g.subject.id: return error_result(ErrorCode.ERROR_NOT_ALLOWED) storage.remove(old_photo.url) db.session.delete(old_photo) db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \ filter(PhotoAlternative.url == old_photo.url).delete() db.session.commit() if subject_id: update_company_data_version(g.subject.company, subject_id) return success_result(photo.get_json())
def box_bind(company_id): box_token = request.form.get('box_token') if box_token is None: return error_result(ErrorCode.ERROR_INVALID_PARAM) box = Box.query.filter_by(box_token=box_token).first() if box is None: return error_result(ErrorCode.ERROR_BOX_NOT_EXIST) box.company_id = company_id for screen in box.screens: db.session.delete(screen) try: db.session.commit() except IntegrityError: return error_result(ErrorCode.ERROR_COMPANY_NOT_EXIST) #主机的模型用company的模型版本 company = Company.query.get(company_id) box.model = company.feature_version db.session.commit() clear_updater_cache(box.box_token) set_box_bind_cache(box_token) return success_result( box.get_json(with_box_version=True, with_company=True, with_all_screens=True))
def add_organization(): params = request.form or request.get_json() or request.args name = params.get('name') remark = params.get('remark') username = params.get('username') password = params.get('password') if not name or not username or not password: return error_result(ErrorCode.ERROR_INVALID_PARAM) if Organization.query.filter_by(name=name).first() is not None: return error_result(ErrorCode.ERROR_ORGANIZATION_ALREADY_EXIST) if User.query.filter_by(username=username).first() is not None: return error_result(ErrorCode.ERROR_USERNAME_EXISTED) org = Organization(name=name, remark=remark, create_time=g.TIMESTAMP) db.session.add(org) db.session.commit() user = User(organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION, username=username, password=password, password_reseted=True) db.session.add(user) db.session.commit() ret = org.get_json() ret['username'] = username return success_result(ret)
def set_info(): params = request.form or request.get_json() box_token = params.get('box_token') pad_id = params.get('pad_id') position = params.get('position') screen = Screen.query.filter_by(company_id=g.user.company_id, token=pad_id).first() if not screen: return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST) if box_token: box = Box.query.filter_by(box_token=box_token).first() if not box: return error_result(ErrorCode.ERROR_BOX_NOT_EXIST) screen.box_id = box.id if position: screen.camera_position = position fields = ('network_switcher', 'network_switcher_token') screen.update(fields, params) db.session.commit() if params.get('network_switcher') or params.get('network_switcher_token'): update_company_data_version(g.user.company) return success_result({})
def get_display_device_info(): params = request.args or request.get_json() or request.form token = params.get('device_token') if not token: resp = error_result(ErrorCode.ERROR_INVALID_PARAM) else: device = DisplayDevice.query.filter_by(token=token).first() if not device: resp = error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST) else: # prevent db from being updated too frequently if g.TIMESTAMP > device.heartbeat + 60: device.heartbeat = g.TIMESTAMP db.session.commit() screens = [] for screen in device.screens: screens.append(screen.get_json()) result = { 'screens': screens, 'device': device.get_json() } resp = success_result(result) resp.headers['Access-Control-Expose-Headers'] = 'Etag' if device: resp.headers['ETag'] = 'W/%s' % (device.reload_timestamp + device.display_info_timestamp + device.user_info_timestamp) else: resp.headers['ETag'] = 'W/0' return resp
def subject_import(): try: file_ = request.files['file'] except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if not g.user.has_permission(AccountPermission.ADD_EMPLOYEE): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) workbook = xlrd.open_workbook(file_contents=file_.read()) sheet = workbook.sheet_by_index(0) success = 0 failed = [] for i in xrange(1, sheet.nrows): try: row = sheet.row(i) name = row[0].value email = row[5].value if email and Subject.query.filter_by(email=email).first(): failed.append(dict(name=name, email=email)) continue if not name.strip(): continue db.session.add(Subject(name=name, job_number=row[1].value, department=row[2].value, password='******', title=row[3].value, phone=row[4].value, email=email, description=row[6].value, remark=row[7].value, subject_type=SubjectType.TYPE_EMPLOYEE, company_id=g.user.company_id)) db.session.commit() success += 1 except: import traceback; print traceback.format_exc() return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': failed})
def subject_import_visitor(): try: file_ = request.files['file'] except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if not g.user.has_permission(AccountPermission.ADD_VISITOR): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) workbook = xlrd.open_workbook(file_contents=file_.read()) sheet = workbook.sheet_by_index(0) success = 0 state_mapping = VisitorPurpose.state_mapping_reverse for i in xrange(1, sheet.nrows): try: row = sheet.row(i) name = row[0].value db.session.add( Subject(name=name, purpose=state_mapping[row[1].value], come_from=row[2].value, phone=row[3].value, interviewee=row[4].value, remark=row[5].value, subject_type=SubjectType.TYPE_VISITOR, company_id=g.user.company_id)) db.session.commit() success += 1 except: import traceback; print traceback.format_exc() pass return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': []})
def subject_new(): params = request.form or request.get_json() try: company_id = g.user.company_id subject_type = int(params['subject_type']) visitor_type = SubjectType.TYPE_VISITOR if params.get('visitor_type') is None else int(params['visitor_type']) name = params.get('name', '') email = params.get('email', '') phone = params.get('phone', '') gender = int(params.get('gender', Gender.MALE)) avatar = params.get('avatar', '') department = params.get('department', '') title = params.get('title', '') description = params.get('description', '') start_time = int(params['start_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0 end_time = int(params['end_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0 photo_ids = params['photo_ids'] if 'photo_ids' in params else [] purpose = int(params.get('purpose', VisitorPurpose.OTHER)) interviewee = params.get('interviewee', '') come_from = params.get('come_from', '') job_number = params.get('job_number', '') remark = params.get('remark', '') birthday = int(params.get('birthday', 0)) entry_date = int(params.get('entry_date', 0)) except: return error_result(ErrorCode.ERROR_INVALID_PARAM) if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or (subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) # VIP type if subject_type == SubjectType.TYPE_VISITOR: subject_type = visitor_type if email and Subject.query.filter_by(email=email).first(): return error_result(ErrorCode.ERROR_EMAIL_EXISTED) subject = Subject(company_id=company_id, subject_type=subject_type, name=name, email=email, department=department, gender=gender, avatar=avatar, title=title, description=description, start_time=start_time, end_time=end_time, password='******', purpose=purpose, interviewee=interviewee, phone=phone, come_from=come_from, job_number=job_number, remark=remark, create_time=g.TIMESTAMP) if birthday: subject.birthday = datetime.date.fromtimestamp(birthday) if entry_date: subject.entry_date = datetime.date.fromtimestamp(entry_date) if subject.avatar: avatar = storage.save_image_base64(subject.avatar, 'avatar', sync=True) if avatar: subject.avatar = avatar DisplayDevice.query.filter_by(company_id=company_id).update({'user_info_timestamp': g.TIMESTAMP}) try: db.session.add(subject) db.session.commit() update_company_data_version(subject.company, subject.id) _update_photos(subject, photo_ids) return success_result(subject.get_json(with_photos=True)) except: db.session.rollback() return error_result(ErrorCode.ERROR_UNKNOWN)
def account_lists(): if not g.user.can_visit('system'): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) company = g.user.company if request.method == 'GET': users = User.query.filter_by(company_id=company.id, role_id=UserRole.ROLE_NORMAL).all() data = [{ 'id': user.id, 'account': user.username, 'permission': json.loads(user.permission), 'remark': user.remark } for user in users] return success_result(data) elif request.method == 'POST': params = request.get_json() or request.form if params.get('account') is None: return error_result(ErrorCode.ERROR_INVALID_PARAM) user = User.query.filter_by(username=params.get('account')).first() if user: return error_result(ErrorCode.ERROR_USERNAME_EXISTED) try: user = User(company_id=company.id, role_id=UserRole.ROLE_NORMAL, permission=json.dumps(params['permission']), remark=params['remark'], password_reseted=False, username=params['account'], password='******') except: return error_result(ErrorCode.ERROR_INVALID_PARAM) db.session.add(user) db.session.commit() return success_result({})
def subject_list(cid): if cid not in g.user.organization.company_ids: return error_result(ErrorCode.ERROR_COMPANY_NOT_IN_ORGANIZATION) params = request.args company = Company.query.get(cid) ret = get_subject_list(company, params, is_company=False) if ret[0] is None: return error_result(ret[1]) return success_result(ret[0], ret[1])
def get_weather(): params = request.args or request.get_json() or request.form try: city_name = str(params['city']) except: return error_result(ErrorCode.ERROR_INVALID_PARAM) weather = WeatherManager.get_weather_by_city(city_name) if weather is None: return error_result(ErrorCode.ERROR_WEATHER_ERROR) return success_result(weather)
def get_one_theme(): params = request.args or request.get_json() or request.form device, err = get_device_from_params(params) if err is not None: return error_result(err) theme = device.theme theme_config = get_theme_config(THEME_DIR, device) if theme not in theme_config: return error_result(ErrorCode.ERROR_INVALID_THEME) result = dict(config=theme_config[theme], card_duration=device.card_duration) return success_result(data=result)
def get_screen_list(): box_token = request.args.get('box_token') if not box_token: return error_result(ErrorCode.ERROR_INVALID_PARAM) box = Box.query.filter_by(box_token=box_token).first() if not box: return error_result(ErrorCode.ERROR_BOX_NOT_EXIST) if not box.company: return error_result(ErrorCode.ERROR_BOX_NOT_BINDED) screens = filter(lambda screen: screen.type == ScreenType.CAMERA, box.company.screens) screens = [screen.get_json() for screen in screens] return success_result({"screens": screens})
def theme_setting(device_id): company = g.user.company device = DisplayDevice.query.filter_by(id=device_id).first() if not device: return error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST) if request.method == 'GET': return success_result(device.get_json(with_logo=True)) elif request.method == 'PUT': card_theme = request.form.get('card_theme') card_theme_vip = request.form.get('card_theme_vip') photo = request.files.get('photo') logo = request.files.get('logo') theme = request.form.get('theme') # current duration = request.form.get('duration') # stay reset_background = request.form.get('reset_background', 'false') # stay if logo is not None: company.logo = storage.save_image(logo.stream, 'logo') if photo is not None: device.background = save_screen_background(photo) if card_theme is not None: device.card_theme = card_theme if card_theme_vip is not None: device.card_theme_vip = card_theme_vip if theme is not None: device.theme = theme if duration is not None: device.card_duration = int(duration) if reset_background == 'true': device.background = '/static/screen/images/background_blue.png' device.reload_timestamp = g.TIMESTAMP db.session.commit() clear_display_config_cache(device.token) return success_result(device.get_json()) elif request.method == 'DELETE': db.session.delete(device) db.session.commit() return success_result({}) return error_result(ErrorCode.ERROR_NOT_ALLOWED)
def vip_cards_css(): params = request.args or request.get_json() or request.form device, err = get_device_from_params(params) if err is not None: return error_result(err) card = device.card_theme_vip or 'vip-card1' try: theme_file = open(SCREEN_LIB_DIR + '/vipcards/css/' + card + '.css', 'r') except: return error_result(ErrorCode.ERROR_FILE_NOT_EXIST) content = theme_file.read() theme_file.close() return Response(content, mimetype='text/css')
def custom_html(): params = request.args or request.get_json() or request.form device, err = get_device_from_params(params) if err is not None: return error_result(err) layout = BackgroundLayout.file_mapping[device.background_layout or BackgroundLayout.CENTER] try: layout_file = open(SCREEN_LIB_DIR + '/layouts/' + layout + '/template.html', 'r') except: return error_result(ErrorCode.ERROR_FILE_NOT_EXIST) content = layout_file.read() layout_file.close() return Response(content, mimetype='text/html')
def subject_invite_link(): visitor_id = request.args.get('visitor_id') if not visitor_id: return error_result(ErrorCode.ERROR_INVALID_PARAM) visitor = g.subject.visitors.filter_by(id=visitor_id).first() if visitor is None: return error_result(ErrorCode.ERROR_NOT_ALLOWED) if not visitor.job_number: visitor.job_number = str(uuid.uuid4()) db.session.commit() url = '%s/subject/invite?subject_id=%s&token=%s' % (DOMAIN, visitor_id, visitor.job_number) return success_result({'url': url})
def heartbeat(): params = request.args or request.get_json() or request.form try: key = params['key'] name = params['name'] except KeyError: return error_result(ErrorCode.ERROR_INVALID_PARAM) if authenticate(key): return error_result(ErrorCode.ERROR_INVALID_KEY) remote_addr = request.remote_addr logger.debug('Receive heartbeat from %s(%s)' % (remote_addr, name)) data = load_data(HEARTBEAT_DATA_FILE) data['remote_ips'].update({name: remote_addr}) save_data(data, HEARTBEAT_DATA_FILE) return success_result()
def subject_list(): company = g.user.company params = request.args ret = get_subject_list(company, params) if ret[0] is None: return error_result(ret[1]) return success_result(ret[0], ret[1])
def company_info(cid): if cid not in g.user.organization.company_ids: return error_result(ErrorCode.ERROR_COMPANY_NOT_IN_ORGANIZATION) user = User.query.filter_by(company_id=cid, role_id=UserRole.ROLE_ADMIN).first() params = request.form or request.get_json() or request.args username = params.get('username') password = params.get('password') name = params.get('name') remark = params.get('remark') if username or password: if username: user.username = username if password: user.password = password db.session.add(user) if name or remark: company = Company.query.get(cid) if name: company.name = name if remark: company.remark = remark db.session.add(company) db.session.commit() return success_result({})
def statistics_event(): position = request.args.get('position') page = int(request.args.get('page', 1)) size = int(request.args.get('size', 20)) unique = int(request.args.get('unique', 0)) start_time, end_time = _parse_start_end_time() query = Event.query.filter(Event.company_id == g.user.company_id, Event.timestamp > start_time, Event.timestamp <= end_time) if position: screen = Screen.query.filter_by(camera_position=position).first() if screen is None: return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST) query = query.filter(Event.screen_id == screen.id) events = query.order_by(Event.timestamp.desc()).all() result = [ event.get_json() for event in _filter_events(events, unique=bool(unique)) ] page_info = page_format(Pagination(None, page, size, len(result), None)) result = result[(page - 1) * size:page * size] return success_result(result, page_info)
def screen_detail(sid): company = g.user.company screen = Screen.query.filter(Screen.company_id == company.id, Screen.id == sid).first() if screen is None: return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST) if request.method == 'GET': return success_result(screen.get_json()) elif request.method == 'PUT': params = request.get_json() fields = ('box_id', 'name', 'camera_name', 'camera_address', 'camera_position', 'network_switcher', 'network_switcher_token' 'description', 'allow_all_subjects', 'allow_visitor', 'allowed_subject_ids') screen.update(fields, params) screen.display_devices.update({'reload_timestamp': g.TIMESTAMP}) db.session.add(screen) update_company_data_version(company) return success_result(screen.get_json()) elif request.method == 'DELETE': content = generate_delete_screen_task_content(company.id, sid) task = Task() task.name = u'删除相机' task.content = content db.session.add(task) db.session.commit() delete_screen.delay(task.id, company.id, sid) return success_result()
def organization_info(oid): org = Organization.query.get(oid) if org is None: return error_result(ErrorCode.ERROR_ORGANIZATION_NOT_EXIST) if request.method == 'GET': user = User.query.filter_by( organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION).first() data = org.get_json() if user: data['username'] = user.username return success_result(data) elif request.method == 'PUT': params = request.form or request.get_json() or request.args username = params.get('username') password = params.get('password') name = params.get('name') remark = params.get('remark') if username is not None or password is not None: user = User.query.filter_by( organization_id=org.id, role_id=UserRole.ROLE_ORGANIZATION).first() if user.username != username and User.query.filter_by( username=username).first() is not None: return error_result(ErrorCode.ERROR_USERNAME_EXISTED) if username: user.username = username if password: user.password = password db.session.add(user) if name: org.name = name if remark: org.remark = remark db.session.add(org) db.session.commit() return success_result({}) elif request.method == 'DELETE': db.session.delete(org) db.session.commit() return success_result({})
def events_delete(eid): event = Event.query.get(eid) if not event: return error_result(ErrorCode.ERROR_EVENT_NOT_EXIST) else: db.session.delete(event) db.session.commit() return success_result(event.get_json())
def subjects_list(): ORDER_TYPE_TIME = 'time' ORDER_TYPE_NAME = 'name' params = request.args name = params.get('name') category = params.get('category') order = params.get('order') subject_type = SubjectType.parse_param(category) if subject_type is None: return error_result(ErrorCode.ERROR_INVALID_PARAM) if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or (subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))): return error_result(ErrorCode.ERROR_PERMISSION_DENIED) query = g.user.company.subjects.options(db.eagerload_all(Subject.photos)) if name: name = name.replace('\\', '\\\\') query = query.filter( Subject.real_name.contains(name) | Subject.pinyin.contains(name)) if subject_type is not None: if subject_type == SubjectType.TYPE_VISITOR: # VIP is visitor, too query = query.filter( or_(Subject.subject_type == SubjectType.TYPE_VISITOR, Subject.subject_type == SubjectType.TYPE_VIP)) else: query = query.filter_by(subject_type=subject_type) #TODO add index to start_time and pinyin ... if order == ORDER_TYPE_TIME: query = query.order_by(Subject.start_time.desc()) elif order == ORDER_TYPE_NAME: query = query.order_by(Subject.pinyin.asc()) else: query = query.order_by(Subject.start_time.desc()) current, size = get_pagination(params) pagination = query.paginate(current, size, False) page = page_format(pagination) ret = [ subject.get_json(with_photos=True, with_visitor_type=True) for subject in pagination.items ] return success_result(ret, page)
def check_verification(): params = request.form or request.get_json() try: username = params['username'] password = params['password'] code = params['verify_code'] except: return error_result(ErrorCode.ERROR_INVALID_PARAM) user = User.query.filter_by(username=username).first() if not user: return error_result(ErrorCode.ERROR_USER_NOT_EXIST) if not user.check_password(password): return error_result(ErrorCode.ERROR_PASSWORD_ERROR) if not TwoFactorAuthenticator.check_code(code): return error_result(ErrorCode.ERROR_VERIFICATION_CODE) login_user(user) return success_result(user.get_json())
def login(): params = request.form or request.get_json() try: username = params['username'] password = params['password'] pad_id = params['pad_id'] device_type = int(params['device_type']) if device_type not in [ScreenType.DOOR_PAD, ScreenType.FRONT_PAD]: raise Exception() except: return error_result(ErrorCode.ERROR_INVALID_PARAM) user = User.query.filter_by(username=username).first() if user: if user.check_password(password): if not user.password_reseted: return error_result(ErrorCode.ERROR_PASSWORD_NEED_CHANGE) login_user(user) ret = user.get_json() if pad_id == 'importer': return success_result(ret) screen = Screen.query.filter_by(company_id=user.company_id, token=pad_id).first() if screen is None: screen = Screen( company_id=user.company_id, token=pad_id, name='pad', theme='center', type=device_type, camera_position=ScreenType.get_desc(device_type)) db.session.add(screen) db.session.commit() update_company_data_version(user.company) ret['position'] = screen.camera_position ret['screen_token'] = screen.token ret['boxes'] = [box.get_json() for box in user.company.boxes] ret['company'] = user.company.get_json() return success_result(ret) else: return error_result(ErrorCode.ERROR_PASSWORD_ERROR) else: return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
def user_delete(company_id, user_id): company = Company.query.get(company_id) user = User.query.get(user_id) if user.role_id == UserRole.ROLE_ROOT: return error_result(ErrorCode.ERROR_NOT_ALLOWED) company.users.filter_by(id=user_id).delete() db.session.commit() return success_result({})
def update_password(): params = request.form or request.get_json() password = params.get('password') password_verification = params.get('password_verification') if not password or not password_verification: return error_result(ErrorCode.ERROR_INVALID_PARAM) if password != password_verification: return error_result(ErrorCode.ERROR_PASSWORD_INCONSISTENT) subject = g.subject subject.password_reseted = True subject.password = password db.session.add(subject) db.session.commit() return success_result(subject.get_json())
def add_visitor(): params = request.form try: name = params['name'] photo = request.files.get('photo') purpose = params.get('purpose') interviewee = params.get('interviewee') inviter_id = g.subject.id come_from = params.get('come_from') phone = params.get('phone') remark = params.get('remark') description = params.get('description') company_id = g.subject.company_id start_time = int(params.get('start_time', 0)) end_time = int(params.get('end_time', 0)) vip = bool(int(params.get('vip', False))) subject_type = int(params.get('subject_type', 1)) except: import traceback print traceback.format_exc() return error_result(ErrorCode.ERROR_INVALID_PARAM) if not start_time or not end_time: start_time = g.TIMESTAMP - 5 * 60 end_time = g.TIMESTAMP + 2 * 3600 if vip: subject_type = SubjectType.TYPE_VIP if interviewee is None: interviewee = g.subject.name subject = Subject(company_id=company_id, name=name, subject_type=subject_type, remark=remark, description=description, start_time=start_time, end_time=end_time, purpose=purpose, interviewee=interviewee, inviter_id=inviter_id, come_from=come_from, phone=phone, password='******', create_time=g.TIMESTAMP) db.session.add(subject) db.session.commit() if photo: photo, error = create_user_photo(photo, subject.company_id) if error: return error subject.photos.append(photo) update_company_data_version(g.subject.company, subject.id) return success_result(subject.get_json())