def required_no_pid_no_dec(ability=None):
if g.istrpc == 1:
return 1
if g.is_admin == 1:
return 1
roles = [
i['name'] for i in UserBusiness.query_json_by_id(g.userid)[0]['role']
]
project = None
if request.args and 'project_id' in request.args:
project = request.args.get('project_id')
if request.json and 'project_id' in request.json:
project = request.json.get('project_id')
project_list = UserBusiness.own_in_project()
if project and is_owneristrator(
roles) and project_list and is_have_project(
int(project), project_list):
return 1
abilities = AuthBusiness.query_ability_by_role_name(roles)
if has_ability(ability, abilities):
return 1
return 0
def _(*args, **kwargs):
if g.istrpc == 1:
return func(*args, **kwargs)
if g.is_admin == 1:
return func(*args, **kwargs)
roles = [
i['name']
for i in UserBusiness.query_json_by_id(g.userid)[0]['role']
]
project = None
if request.args and 'project_id' in request.args:
project = request.args.get('project_id')
if request.json and 'project_id' in request.json:
project = request.json.get('project_id')
project_list = UserBusiness.own_in_project()
if project and _is_owneristrator(
roles) and project_list and _is_have_project(
int(project), project_list):
return func(*args, **kwargs)
abilities = AuthBusiness.query_ability_by_role_name(roles)
if _has_ability(ability, abilities):
return func(*args, **kwargs)
raise OperationPermissionDeniedException
def project_unless_user():
"""
@api {get} /v1/user/unless/user_list 获取 不是当前项目的用户列表
@apiName GetUserListsByUnlessPorject
@apiGroup 用户
@apiDescription 获取不是当前项目的用户列表
@apiParam {int} project_id 项目id
@apiParam {int} [limit] limit
@apiParam {int} [offset] offset
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"project_id": 4
}
],
"message": "ok"
}
"""
user_list = []
user_data = UserBusiness.query_user_list()
# 项目列表的用户
for i in range(0, len(user_data)):
user_list.append(int(user_data[i]['user_id']))
# 过滤admin用户
# admin_list = UserBusiness.query_admin_list()
user_list = list(set(user_list))
data = UserBusiness.query_unless_user_list(user_list)
return json_detail_render(0, data)
def gain_role_project():
user_id = request.args.get('user_id')
roles = []
project_list = UserBusiness.owner_project_list()
roles_list = UserBusiness.query_json_by_id(user_id)
current_app.logger.info(roles_list)
if len(roles_list) > 0:
roles = roles_list[0]['role']
data = {'role': roles, 'project': project_list}
return json_detail_render(0, data)
def no_password_login(cls, username):
ret = User.query.filter_by(name=username, status=User.ACTIVE).all()
if len(ret) == 0:
return 303, []
userid = ret[0].id
userdetail = UserBusiness.query_json_by_id(userid)
projectid = UserBusiness.query_project_by_userid(userid)
if userdetail:
userdetail[0]['projectid'] = projectid
token = cls.jwt_b_encode(userdetail[0]).decode('utf-8')
data = dict(token=token)
return 0, data
else:
return 413, []
def wx_user_bind_handler():
"""
@api {post} /v1/user/wxbinduser 关联 企业微信到老账号
@apiName WxBindUser
@apiGroup 用户
@apiDescription 企业微信关联老账号
@apiParam {int} userid 老账号的ID
@apiParam {int} wxuserid 企业微信用户的ID
@apiParamExample {json} Request-Example:
{
"wxuserid": 58,
"userid": 20
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": ""
}
"""
userid, wxuserid = parse_json_form('wxbinduser')
ret, msg = UserBusiness.wx_bind_user(userid, wxuserid)
return json_detail_render(ret, msg)
def _(*args, **kwargs):
if g.istrpc == 1:
return func(*args, **kwargs)
if g.is_admin == 1:
return func(*args, **kwargs)
# 项目外需要owner权限的在premission中@owner_required
roles = []
if not g.projectid:
raise OperationPermissionDeniedException
roles_row = UserBusiness.query_json_by_id_and_project(
g.userid, g.projectid)
roles_list = roles_row[0]['role'] if roles_row else []
for i in roles_list:
roles.append(i['name'])
if _is_owneristrator(roles):
return func(*args, **kwargs)
abilities = AuthBusiness.query_ability_by_role_name(roles)
if _has_ability(ability, abilities):
return func(*args, **kwargs)
raise OperationPermissionDeniedException
def detach_user():
"""
@api {post} /v1/user/detachuser 项目解绑用户
@apiName DetachUserForProject
@apiGroup 用户
@apiDescription 项目解绑用户
@apiParam {int} user_id 用户ID
@apiParam {int} project_id 项目ID
@apiParamExample {json} Request-Example:
{
"project_id": 75,
"user_id":1
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code":0,
"data":[],
"message":"ok"
}
"""
project_id, user_id = parse_json_form('projectdetachusers')
ret, msg = UserBusiness.project_detach_user(project_id, user_id)
return json_detail_render(ret, [], msg)
def user_detail_modify_handler(user_id):
"""
@api {post} /v1/user/{user_id} 修改 用户密码
@apiName ModifyPassword
@apiGroup 用户
@apiDescription 修改用户密码
@apiParam {string} oldpassword 旧密码
@apiParam {string} newpassword 新密码
@apiParamExample {json} Request-Example:
{
"oldpassword":"******",
"newpassword":"******"
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": "ok"
}
@apiErrorExample {json} Error-Response:
HTTP/1.1 200 OK
{
"code": 301,
"data": [],
"message": "password wrong"
}
"""
project_id = request.args.get('project_id')
oldpassword, newpassword = parse_json_form('modifypassword')
ret = UserBusiness.modify_password(user_id, oldpassword, newpassword,
project_id)
return json_detail_render(ret)
def get_json_by_id():
user_id = request.args.get('userid')
project_id = request.args.get('project_id')
if not project_id:
project_id = request.headers.get('projectid')
data = UserBusiness.query_json_by_id_and_project(user_id, project_id)
return json_detail_render(0, data)
def user_bind_role_handler():
"""
@api {post} /v1/user/userbindroles 绑定 用户角色
@apiName BindUserRole
@apiGroup 用户
@apiDescription 绑定用户角色
@apiParam {int} userid 用户ID
@apiParam {int[]} roleids role list可以为空,表示清空绑定关系
@apiParamExample {json} Request-Example:
{
"userid":6,
"roleids":[4]
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": ""
}
"""
userid, roleids, project_id = parse_json_form('userbindroles')
ret, msg = UserBusiness.user_bind_roles(userid, roleids, project_id)
return json_detail_render(ret, [], msg)
def user_bind_project_handler():
"""
@api {post} /v1/user/bindproject 绑定 项目到用户
@apiName BindProject
@apiGroup 用户
@apiDescription 给用户绑定项目,赋予访问权限等
@apiParam {int} user_id 用户ID
@apiParam {int[]} project_ids 项目
@apiParamExample {json} Request-Example:
{
"user_id":1,
"project_ids":[1]
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": ""
}
"""
user_id, pids = parse_json_form('userbindprojects')
ret, msg = UserBusiness.bind_projects(user_id, pids)
return json_detail_render(ret, [], msg)
def user_reset_handler():
"""
@api {post} /v1/user/resetpassword 重置 用户密码
@apiName ResetPassword
@apiGroup 用户
@apiDescription 重置用户密码
@apiParam {int} userid 用户ID
@apiParam {string} newpassword 新密码
@apiParamExample {json} Request-Example:
{
"userid":1,
"newpassword":"******"
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": "ok"
}
"""
project_id = request.args.get('project_id')
userid, newpassword = parse_json_form('resetpassword')
ret, msg = UserBusiness.reset_password(userid, newpassword, project_id)
return json_detail_render(ret, message=msg)
def user_index_handler():
"""
@api {post} /v1/user/add 新增 用户
@apiName CreateUser
@apiGroup 用户
@apiDescription 新增用户
@apiParam {string} username 用户名:字母[+数字]
@apiParam {string} nickname 昵称
@apiParam {string} password 密码
@apiParam {int[]} roleids 角色,可传入空数组
@apiParam {string} email 邮箱
@apiParam {string} telephone 手机号
@apiParamExample {json} Request-Example:
{
"username":"******",
"nickname":"zhangdashan",
"password":"******",
"roleids":[],
"email":"*****@*****.**",
"telephone":"13131313131"
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": "ok"
}
"""
username, nickname, password, email, telephone = parse_json_form('adduser')
ret, msg = UserBusiness.create_new_user_and_bind_roles(
username, nickname, password, email, telephone)
return json_detail_render(ret, [], msg)
def isappera_admin():
user_id = request.args.get('user_id')
project_id = request.args.get('project_id')
owner_list = UserBusiness.owner_project_list()
isappear = 1
if user_id:
roles_row = UserBusiness.query_json_by_id_and_project(user_id, project_id)
roles_list = roles_row[0]['role'] if roles_row else []
roles = [i['name'] for i in roles_list]
if g.is_admin or (roles and 'owner' in roles and owner_list and int(project_id) in owner_list):
isappear = 0
data = [{'isappear': isappear}]
return json_detail_render(0, data)
def get_user(cls, user_code):
# 读取成员 'https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token=ACCESS_TOKEN&userid=USERID'
# access_token 调用接口凭证,
# userid 成员UserID。对应管理端的帐号,企业内必须唯一。不区分大小写,长度为1~64个字节
access_token = cls.get_access_token()
errcode, user_id = cls.get_user_info(access_token, user_code)
if errcode == 102:
return 109, [], '非企业人员'
if errcode == 40014:
access_token = cls.force_get_access_token()
url = QYWXHost + 'user/get' + '?access_token={}&userid={}'.format(access_token, user_id)
current_app.logger.info(url)
ret = requests.get(url=url)
current_app.logger.info(ret.text)
r = json.loads(ret.text)
if r['errcode'] is 0:
uid = r['userid']
nickname = r['name']
email = r['email']
telephone = r['mobile']
avatar = r['avatar']
current_app.logger.info("avatar:" + str(avatar))
res = User.query.filter(User.wx_userid == uid, User.status == User.ACTIVE).first()
if res:
code, data = AuthBusiness.no_password_login(res.name)
pic = User.query.get(res.id)
pic.picture = avatar
db.session.add(pic)
db.session.commit()
try:
TrackUserBusiness.user_track(res)
except Exception as e:
current_app.logger.info(e)
return code, data, ''
else:
UserBusiness.create_new_wxuser(uid, nickname, '', email, telephone, avatar)
code, data = AuthBusiness.no_password_login(uid)
return code, data, ''
else:
return r['errcode'], [], r['errmsg']
def query_user_by_project_handler(pid):
"""
@api {get} /v1/user/byproject/{pid} 查询 用户信息通过项目id
@apiName GetUserinfoByProjectId
@apiGroup 用户
@apiDescription 通过项目id查询用户信息
@apiSuccess {list} role 用户权限列表
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"nickname": "周培丽hello",
"picture": "http://p.qlogo.cn/bizmail/DLjOz7icMnHySKca5HDofMyDUHdjCM28iauyRdCl1DKx9uaJibfqpViang/0",
"role": [
{
"comment": "超级管理员",
"id": 1,
"name": "admin"
}
],
"userid": 5,
"username": "******",
"userweight": 1
}
],
"limit": 99999,
"message": "ok",
"offset": 0
}
"""
# 第一个接口查询后会只返回有角色的用户
role_id = request.args.get('role')
if role_id:
data = UserBusiness.query_by_project(pid, role_id)
else:
data = UserBusiness.query_by_project_v2(pid)
return json_detail_render(0, data)
def login(cls, username, password):
ret = User.query.filter_by(
name=username, password=parse_pwd(password),
status=User.ACTIVE).all()
if len(ret) == 0:
return 303, []
userid = ret[0].id
userdetail = UserBusiness.query_json_by_id(userid)
projectid = UserBusiness.query_project_by_userid(userid)
if userdetail:
userdetail[0]['projectid'] = projectid
token = cls.jwt_b_encode(userdetail[0]).decode('utf-8')
data = dict(token=token)
try:
res = User.query.filter(User.id == userid, User.status == User.ACTIVE).first()
TrackUserBusiness.user_track(res)
except Exception as e:
current_app.logger.info(e)
return 0, data
else:
return 413, []
def user_detail_handler(user_id):
"""
@api {get} /v1/user/{user_id} 查询 用户信息根据用户id
@apiName GetUserInfoById
@apiGroup 用户
@apiDescription 查询 用户信息根据用户id
@apiSuccess {list} role 用户权限列表
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"nickname": "张宇",
"picture": "https://p.qlogo.cn/bizmail/WRZVs2uMphoxc2918UvZzL31u6A9ibTNuqnIibzJ4GxjWIVVDxHvUGuA/0",
"role": [
{
"comment": "超级管理员",
"id": 1,
"name": "admin"
}
],
"userid": 96,
"username": "******",
"userweight": 1
}
],
"message": "ok"
}
"""
project_id = request.args.get('project_id')
if not project_id:
project_id = request.headers.get('projectid')
if not project_id:
data = UserBusiness.query_json_by_id(user_id)
else:
data = UserBusiness.query_json_by_id_and_project(user_id, project_id)
if len(data) == 0:
return json_detail_render(101, data)
return json_detail_render(0, data)
def user_list_handler():
"""
@api {get} /v1/user/ 获取 用户信息
@apiName GetUserInfo
@apiGroup 用户
@apiDescription 分页查询用户信息,可选参数角色
@apiParam {int} [role] roleid
@apiSuccess {list} role 用户权限列表
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"nickname": "朱林林",
"picture": "",
"role": [
{
"comment": "测试",
"id": 3,
"name": "test"
}
],
"userid": 106,
"username": "******",
"userweight": 1
}
],
"limit": 1,
"message": "ok",
"offset": 0
}
"""
base_info = request.args.get('base_info')
if base_info:
data = UserBusiness.query_all_base_info()
else:
data = UserBusiness.query_all_json()
return json_detail_render(0, data)
def user_delete_handler(user_id):
"""
@api {delete} /v1/user/{user_id} 删除 用户
@apiName DeleteUser
@apiGroup 用户
@apiDescription 删除 用户
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": "ok"
}
"""
ret = UserBusiness.delete_user(user_id)
return json_detail_render(ret)
def project_role_list_user():
"""
@api {get} /v1/user/project_role_list 获取 项目的所有用户列表和角色
@apiName GetProjectAndRoleListsByUser
@apiGroup 用户
@apiDescription 获取项目的所有用户列表和角色
@apiParam {int} [limit] limit
@apiParam {int} [offset] offset
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"nickname": "吴茂澍",
"project": [
{
"id": 4,
"name": "云测平台66"
}
],
"role": [
{
"comment": "测试",
"id": 3,
"name": "test"
}
],
"userid": 110,
"username": "******",
"userweight": 1
}
],
"limit": 1,
"message": "ok",
"offset": 2
}
"""
limit, offset = parse_list_args()
data = UserBusiness.query_user_project_role(limit, offset)
return json_list_render(0, data, limit, offset)
def user_is_reset_handler(user_id):
"""
@api {get} /v1/user/isresetpassword/{user_id} 判断 是否重置过密码
@apiName IsResetPassword
@apiGroup 用户
@apiDescription 判断是否重置过密码
@apiSuccess {int} is_reset_password 为0代表未重置过,1代表重置过
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"is_reset_password": 0
}
],
"message": "ok"
}
"""
ret, data = UserBusiness.is_reset_passwd(user_id)
return json_detail_render(ret, data)
def project_single_role_list_user(user_id):
"""
@api {get} /v1/user/project_role_list/{user_id} 获取 项目的单个用户列表和角色
@apiName GetSingleProjectAndRoleListsByUser
@apiGroup 用户
@apiDescription 项目的单个用户列表和角色
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code":0,
"data":[
{
"email":"*****@*****.**",
"nickname":"王金龙",
"project":[
{
"id":11,
"name":"z_test"
}
],
"role":[
{
"comment":"超级管理员",
"id":1,
"name":"admin"
}
],
"userid":1,
"username":"******",
"userweight":1
}
],
"message":"ok"
}
"""
data = UserBusiness.query_user_single_project_role(user_id)
return json_detail_render(0, data)
def user_all_list():
"""
@api {get} /v1/user/all 获取 所有用户列表和昵称
@apiName GetAllUser
@apiGroup 用户
@apiDescription 获取所有用户列表和昵称
@apiParam {int} [limit] limit
@apiParam {int} [offset] offset
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"id": 117,
"nickname": "李晓龙"
},
],
"message": "ok"
}
"""
data = UserBusiness.query_all_user_list()
return json_detail_render(0, data)
def user_project_list():
"""
@api {get} /v1/user/currentuser/project_list 获取 当前用户的项目列表
@apiName GetProjectListsByUser
@apiGroup 用户
@apiDescription 获取当前用户的项目列表
@apiParam {int} user_id 用户id
@apiSuccess {string} project_id 拥有的项目
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [
{
"project_id": 4
}
],
"message": "ok"
}
"""
user_id = request.args.get('user_id')
data = UserBusiness.query_user_in_project(user_id)
return json_detail_render(0, data)
def add_users():
"""
@api {post} /v1/user/adduser 项目绑定用户
@apiName AddUserForProject
@apiGroup 用户
@apiDescription 项目绑定用户
@apiParam {list} user_list 用户ID
@apiParam {int} project_id 项目ID
@apiParamExample {json} Request-Example:
{
"project_id": 75,
"user_list":[1,2]
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code":0,
"data":[],
"message":"ok"
}
"""
project_id, user_list = parse_json_form('projectadduser')
ret, msg = UserBusiness.project_add_users(project_id, user_list)
return json_detail_render(ret, [], msg)
def required_no_dec(ability=None):
if g.istrpc == 1:
return 1
if g.is_admin == 1:
return 1
roles = []
if not g.projectid:
raise PermissionDeniedException
roles_row = UserBusiness.query_json_by_id_and_project(
g.userid, g.projectid)
roles_list = roles_row[0]['role'] if roles_row else []
for i in roles_list:
roles.append(i['name'])
if is_owneristrator(roles):
return 1
abilities = AuthBusiness.query_ability_by_role_name(roles)
if has_ability(ability, abilities):
return 1
return 0
def user_modify_name_handler():
"""
@api {post} /v1/user/nickname 修改 昵称
@apiName ModifyNickName
@apiGroup 用户
@apiDescription 修改昵称
@apiParam {int} userid 用户ID
@apiParam {string} nickname 新的昵称
@apiParamExample {json} Request-Example:
{
"userid":1,
"nickname":"嘻嘻哈哈"
}
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"code": 0,
"data": [],
"message": ""
}
"""
userid, nickname = parse_json_form('modifynickname')
ret = UserBusiness.modify_nickname(userid, nickname)
return json_detail_render(ret)
def get_user_by_wxemail():
wxemail = request.args.get('email')
ret = UserBusiness.query_json_by_wxemail(wxemail)
return json_detail_render(0, ret)