def alloc_user(): for i in g.data['roles']: if not g.user.restrict_permission(Role.get_by_id(i).permission): return falseReturn(msg='您无法赋予他人权限不小于自己的角色') if not g.user.restrict_functions(Role.get_by_id(i).allow_functions): return falseReturn(msg='您无法赋予他人权能不在自己范围内的角色') u = User.get_by_id(g.data['id']) u.change_role(g.data['roles']) return trueReturn()
def import_user(): if 'file' not in request.files: return falseReturn(None, '无文件') f = request.files['file'] if f.filename == '': return falseReturn(None, '未选择上传') else: sheet(f) return trueReturn()
def before_request(): try: if os.path.exists('isinit.flag'): return falseReturn(msg="拒绝访问:已经初始化过") if request.get_data(): g.data = request.get_json(silent=True) except: traceback.print_exc() return falseReturn(None, '数据错误')
def remove_role(): if g.user.restrict_permission(Role.get_by_id(g.data['id']).permission): if g.user.restrict_functions( Role.get_by_id(g.data['id']).allow_functions): Role.get_by_id(g.data['id']).delete() return trueReturn() else: return falseReturn(msg='您无法删除权能比自己多的角色') else: return falseReturn(msg='您无法删除权限不小于自己的角色')
def rename_role(): if g.user.restrict_permission(Role.get_by_id(g.data['id']).permission): if g.user.restrict_functions( Role.get_by_id(g.data['id']).allow_functions): Role.get_by_id(g.data['id']).rename(g.data['name']) return trueReturn() else: return falseReturn(msg='您无法为权能比自己多的角色更名') else: return falseReturn(msg='您无法为权限不小于自己的角色更名')
def edit_role(): if g.user.restrict_permission(g.data['permission']): if g.user.restrict_functions(g.data['functions']): Role.get_by_id(g.data['id']).modify_permission( g.data['permission']) Role.get_by_id(g.data['id']).modify_functions(g.data['functions']) return trueReturn() else: return falseReturn(msg='您无法为角色分配自己没有的权能') else: return falseReturn(msg='您无法为角色分配不小于自身的权限')
def edit_domain(): d = Domain.get_by_id(g.data['id']) if g.user in d.monitors: d.modify_members(g.data['members'],g.data['monitors']) return trueReturn() else: return falseReturn(msg='您没有此域的管理权限')
def rename_domain(): d = Domain.get_by_id(g.data['id']) if g.user in d.monitors: d.rename(g.data['name']) return trueReturn() else: return falseReturn(msg='您没有此域的更名权限')
def decorator(*args, **kwargs): for i in g.user.roles: if func.__name__ in i.allow_functions or i.allow_functions == [ '*' ]: # 懒人标记* return func(*args, **kwargs) return falseReturn(None, f'没有使用{func.__name__}的权限', 401)
def remove_domain(): d = Domain.get_by_id(g.data['id']) if g.user in d.monitors: d.delete() return trueReturn() else: return falseReturn(msg='您没有此域的删除权限')
def signin(): name = g.data.get("username", "").strip() password = g.data.get("password", "") user = Admin.objects(user_id=name).first() if not user or not user.valid_password(password): return falseReturn(None, "用户名或密码有误") return trueReturn({ 'user': user.get_base_info(), 'token': generate_jwt(user) })
def do_sign(): # shift改变排班的week只是记签到目的week,不作为判断是否允许签到的依据 wk = int( (datetime.datetime.now() - Admin.objects().first().server_starttime ).total_seconds()) % (86400 * 7) r = Routine.objects(user=g.user).first() ima = datetime.datetime.now().timestamp() + 28800 m = [] if r.signtime != r.shift: # 有调班: if int((ima + 259200) % 604800 / 86400) == int(r.shift / 5) and int( ima % 86400) in time_table[r.shift % 5]: if not Sign.objects(user=g.user, week=r.shift_week): if Sign.create(user=g.user, typ='s', week=r.shift_week): r = r.recover_shift() return trueReturn() else: r = r.recover_shift() m.append('【调班】本时间段内签过到') else: r = r.recover_shift() m.append('【调班】本周已签过到') else: m.append('【调班】不在签到时段内') # print(int((ima + 259200) % 604800 / 86400) == int(r.signtime / 5)) # print(ima % 86400 in time_table[r.signtime % 5]) # print(ima % 86400) # print(time_table[r.signtime % 5]) if int((ima + 259200) % 604800 / 86400) == int(r.signtime / 5) and int( ima % 86400) in time_table[r.signtime % 5]: if not Sign.objects(user=g.user, week=wk): if Sign.create(user=g.user, typ='n', week=wk): return trueReturn() else: m.append('【正常班次】本时间段内签过到') return falseReturn(msg='\n'.join(m)) else: m.append('【正常班次】本周已签过到') return falseReturn(msg='\n'.join(m)) else: m.append('【正常班次】不在签到时段内') return falseReturn(msg='\n'.join(m))
def before_request(): try: if request.get_data(): g.data = request.get_json(silent=True) Authorization = request.headers.get('Authorization', None) print(Authorization) if Authorization: token = Authorization g.token = token g.user, msg = verify_jwt(token) else: pass except: traceback.print_exc() return falseReturn(None, '数据错误')
def remove_user(): u = User.get_by_id(g.data['id']) if not g.user.restrict_permission(u.max_permission()): return falseReturn(msg='您无法删除权限不小于自己的用户') u.delete() return trueReturn()
def rename_user(): u = User.get_by_id(g.data['id']) if not g.user.restrict_permission(u.max_permission()): return falseReturn(msg='您无法重命名权限不小于自己的用户') u.rename(g.data['name']) return trueReturn()
def new_role(): if g.user.restrict_permission(g.data['permission']): Role.new_role(g.data['name'], g.data['permission']) return trueReturn() else: return falseReturn(msg='您无法新建权限不小于自己的角色')
def decorator(*args, **kwargs): if not g.user: response = falseReturn(None, '此操作需要登陆', 401) response.status_code = 401 return response return func(*args, **kwargs)
def decorator(*args, **kwargs): for param in params: if not g.data or not param in g.data: return falseReturn(None, "缺少参数:{}".format(param)) return func(*args, **kwargs)
def decorator(*args, **kwargs): try: return func(*args, **kwargs) except: return falseReturn(None, traceback.format_exc())
def change_routine(): # 永久调班 if int(g.data['signtime']) not in range(0, 35): return falseReturn(msg='值班时间段设置不合法') u = User.get_by_id(g.data['user']) Routine.objects(user=u).first().change_signtime(g.data['signtime']) return trueReturn()