def set_uc(self): admin = get_current_admin() data = parameter_required() ucid, ucname, ucsort = data.get('ucid'), data.get('ucname'), data.get( 'ucsort') ucdict = {} if ucname: ucdict['UCname'] = ucname if ucsort: try: ucsort = int(ucsort) except: raise ParamsError('权重只能是整数') ucdict['UCsort'] = ucsort with db.auto_commit(): if not ucid: if not ucname: raise ParamsError('分类名缺失') ucdict['UCid'] = str(uuid.uuid1()) ucinstance = UnitCategory.create(ucdict) msg = '添加成功' else: ucinstance = UnitCategory.query.filter( UnitCategory.UCid == ucid, UnitCategory.isdelete == false()).first_('分类已删除') if data.get('delete'): ucinstance.update({'isdelete': True}) msg = '删除成功' else: ucinstance.update(ucdict) msg = '更新成功' db.session.add(ucinstance) return Success(message=msg, data={'ucid': ucinstance.UCid})
def update_admin_password(self): """更新管理员密码""" if not is_admin(): raise AuthorityError('权限不足') data = parameter_required( ('password_old', 'password_new', 'password_repeat')) admin = get_current_admin() pwd_new = data.get('password_new') pwd_old = data.get('password_old') pwd_repeat = data.get('password_repeat') if pwd_new != pwd_repeat: raise ParamsError('两次输入的密码不同') with db.auto_commit(): if check_password_hash(admin.ADpassword, pwd_old): self.__check_password(pwd_new) admin.ADpassword = generate_password_hash(pwd_new) # BASEADMIN().create_action(AdminActionS.update.value, 'none', 'none') db.session.add(admin) return Success('更新密码成功') current_app.logger.info('{0} update pwd failed'.format( admin.ADname)) raise ParamsError('旧密码有误') raise AuthorityError('账号已被回收')
def get_userlevelsetting(self): admin = get_current_admin() usllist = UserLevelSetting.query.filter( UserLevelSetting.isdelete == false()).order_by( UserLevelSetting.ULSlevel.desc()).all() return Success('获取成功', data=usllist)
def update_white_list(self): admin = get_current_admin() if not admin: raise AuthorityError data = parameter_required(("usid", "action")) usid = data.get('usid') action = data.get("action", 10) if action: try: action = WhiteListAction(int(action)).value except: raise ParamsError('action 只能是整数') user = User.query.filter(User.USid == usid, User.isdelete == false()).first() if not user: raise ParamsError('用户不在本系统') with db.auto_commit(): if action == WhiteListAction.putin.value: if user.USinWhiteList: raise ParamsError('用户已在白名单') user.USinWhiteList = True elif action == WhiteListAction.delete.value: if not user.USinWhiteList: raise ParamsError('用户不在白名单') user.USinWhiteList = False else: raise ParamsError('参数异常') db.session.add(user) return Success(data='{}修改成功'.format(user.USname))
def list(self): data = parameter_required() filter_args = [ Product.isdelete == false(), ProductCategory.isdelete == false() ] if is_admin(): _ = get_current_admin() elif is_user(): user = get_current_user() if not user.USinWhiteList: raise AuthorityError('用户无权限,请联系管理员') else: raise AuthorityError pcid = data.get('pcid') prname = data.get('prname') if pcid: filter_args.append(Product.PCid == pcid) if prname: filter_args.append(Product.PRname.ilike('%{}%'.format(prname))) product_list = Product.query.join( ProductCategory, ProductCategory.PCid == Product.PCid).filter( *filter_args).order_by( Product.PRsort.desc(), Product.createtime.desc()).all_with_page() for product in product_list: self._fill_pcname(product) return Success('获取成功', data=product_list)
def get_uc(self): admin = get_current_admin() data = parameter_required(('ucid'), ) uc = UnitCategory.query.filter( UnitCategory.UCid == data.get('ucid'), UnitCategory.isdelete == false()).first_('分类已删除') self._fill_uc(uc) return Success('获取成功', data=uc)
def list_uc(self): admin = get_current_admin() uclist = UnitCategory.query.filter( UnitCategory.isdelete == false()).order_by( UnitCategory.UCsort.desc(), UnitCategory.createtime.desc()).all_with_page() for uc in uclist: self._fill_uc(uc) return Success('获取成功', data=uclist)
def set_proudct(self): admin = get_current_admin() data = parameter_required() prid, prname, pcid, prsort = data.get('prid'), data.get( 'prname'), data.get('pcid'), data.get('prsort') product_dict = {"ADid": admin.ADid} if prname: product_dict['PRname'] = prname if pcid: pc = ProductCategory.query.filter( ProductCategory.PCid == pcid, ProductCategory.isdelete == false()).first_('分类已删除') product_dict['PCid'] = pc.PCid if prsort: try: prsort = int(prsort) except: raise ParamsError('权重只能是整数') product_dict['PRsort'] = prsort with db.auto_commit(): if not prid: if not prname: raise ParamsError('缺少产品名') if not pcid: raise ParamsError('缺少分类ID') product_dict['PRid'] = str(uuid.uuid1()) product = Product.create(product_dict) msg = '添加成功' else: product = Product.query.filter( Product.PRid == prid, Product.isdelete == false()).first_('产品已删除') if data.get('delete'): product.update({'isdelete': True}) msg = '删除成功' else: product.update(product_dict) msg = '编辑成功' db.session.add(product) return Success(message=msg, data={'prid': product.PRid})
def set_userlevelsetting(self): admin = get_current_admin() data = parameter_required() ulsid, ulslevel, ulscoefficient = data.get('ulsid'), data.get( 'ulslevel'), data.get('ulscoefficient') ulsdict = {} if ulslevel or ulslevel == 0: try: ulslevel = int(ulslevel) except: raise ParamsError('等级只能是整数') ulsdict['ULSlevel'] = ulslevel if ulscoefficient or ulscoefficient == 0: try: ulscoefficient = Decimal(ulscoefficient) except: raise ParamsError('系数只能是数字') ulsdict['ULScoefficient'] = ulscoefficient with db.auto_commit(): if not ulsid: if not ulslevel: raise ParamsError('等级参数缺失') if not ulscoefficient: raise ParamsError('系数缺失') ulsdict['ULSid'] = str(uuid.uuid1()) # 同级校验 uls = UserLevelSetting.query.filter( UserLevelSetting.isdelete == false(), UserLevelSetting.ULSlevel == ulslevel).first() if uls: raise ParamsError('该等级已设置对应系数') ulsinstance = UserLevelSetting.create(ulsdict) msg = '添加成功' else: ulsinstance = UserLevelSetting.query.filter( UserLevelSetting.isdelete == false(), UserLevelSetting.ULSid == ulsid).first_('系数设置已删除') if data.get('delete'): ulsinstance.update({'isdelete': True}) msg = '删除成功' else: ulsinstance.update(ulsdict) msg = '更新成功' db.session.add(ulsinstance) return Success(msg, data={'ulsid': ulsinstance.ULSid})
def get(self): if is_admin(): _ = get_current_admin() elif is_user(): user = get_current_user() if not user.USinWhiteList: raise AuthorityError('用户无权限,请联系管理员') else: raise AuthorityError data = parameter_required(('prid', )) prid = data.get('prid') product = Product.query.join( ProductCategory, ProductCategory.PCid == Product.PCid).filter( Product.PRid == prid, Product.isdelete == false(), ProductCategory.isdelete == false()).first_("产品已删除") self._fill_pcname(product) return Success('获取成功', data=product)
def set_pc(self): _ = get_current_admin() data = parameter_required() pcid, pcname, pcsort, pcurl, pcicon = data.get('pcid'), data.get( 'pcname'), data.get('pcsort'), data.get('pcurl'), data.get( 'pcicon') pc_dict = {} if pcname: pc_dict['PCname'] = pcname # if pcurl: pc_dict['PCurl'] = pcurl if pcicon: pc_dict['PCicon'] = pcicon if pcsort: try: pcsort = int(pcsort) except: raise ParamsError('权重只能是整数') pc_dict['PCsort'] = pcsort with db.auto_commit(): if not pcid: if not pcname: raise ParamsError('缺少分类名') if not pcicon: raise ParamsError('缺少icon') pc_dict['PCid'] = str(uuid.uuid1()) pc = ProductCategory.create(pc_dict) msg = '添加成功' else: pc = ProductCategory.query.filter( ProductCategory.PCid == pcid, ProductCategory.isdelete == false()).first_('分类已删除') if data.get('delete'): pc.update({'isdelete': True}) msg = '删除成功' else: pc.update(pc_dict, null='not ignore') msg = '编辑成功' db.session.add(pc) return Success(message=msg, data={'pcid': pc.PCid})
def update_user_level(self): admin = get_current_admin() if not admin: raise AuthorityError data = parameter_required(("usid", "uslevel")) usid = data.get('usid') uslevel = data.get("uslevel", 0) if uslevel or uslevel == 0: try: uslevel = int(uslevel) except: raise ParamsError('uslevel 只能是整数') user = User.query.filter(User.USid == usid, User.isdelete == false()).first() if not user: raise ParamsError('用户不在本系统') with db.auto_commit(): user.USlevel = uslevel db.session.add(user) return Success(data='{}修改成功'.format(user.USname))
def list_pp(self): data = parameter_required(('prid', )) if is_admin(): _ = get_current_admin() elif is_user(): user = get_current_user() if not user.USinWhiteList: raise AuthorityError('用户无权限,请联系管理员') else: raise AuthorityError prid = data.get('prid') product = Product.query.filter( Product.PRid == prid, Product.isdelete == false()).first_('产品已删除') pplist = ProductParams.query.filter( ProductParams.PRid == prid, ProductParams.isdelete == false()).order_by( ProductParams.PPsort.desc(), ProductParams.createtime.desc()).all() for pp in pplist: pp.fill('prname', product.PRname) # 产品参数填充 self._fill_ppv(pp) return Success('获取成功', data=pplist)
def get_admin_list(self): """获取管理员列表""" superadmin = get_current_admin() if superadmin.ADlevel != AdminLevel.super_admin.value or \ superadmin.ADstatus != AdminStatus.normal.value: raise AuthorityError('当前非超管权限') args = request.args.to_dict() page = args.get('page_num') count = args.get('page_size') if page and count: admins = Admin.query.filter( Admin.isdelete == false(), Admin.ADlevel == AdminLevel.common_admin.value).order_by( Admin.createtime.desc()).all_with_page() else: admins = Admin.query.filter( Admin.isdelete == false(), Admin.ADlevel == AdminLevel.common_admin.value).order_by( Admin.createtime.desc()).all() for admin in admins: admin.fields = [ 'ADid', 'ADname', 'ADheader', 'createtime', 'ADnum' ] admin.fill('adlevel', AdminLevel(admin.ADlevel).zh_value) admin.fill('adstatus', AdminStatus(admin.ADstatus).zh_value) admin.fill('adpassword', '*' * 6) admin.fill('adtelphone', admin.ADtelephone) admin_login = UserLoginTime.query.filter_by_( USid=admin.ADid, ULtype=UserLoginTimetype.admin.value).order_by( UserLoginTime.createtime.desc()).first() logintime = None if admin_login: logintime = admin_login.createtime admin.fill('logintime', logintime) return Success('获取管理员列表成功', data=admins)
def get_user_list(self): admin = get_current_admin() if not admin: raise AuthorityError data = parameter_required() ustelphone = data.get('ustelphone') usname = data.get('usname') uslevel = data.get('uslevel') filter_args = [User.isdelete == false()] if ustelphone: filter_args.append(User.UStelphone.ilike( '%{}%'.format(ustelphone))) if usname: filter_args.append(User.USname.ilike('%{}%'.format(usname))) if uslevel or uslevel == 0: try: uslevel = int(uslevel) except Exception: raise ParamsError('等级只能是整数') filter_args.append(User.USlevel == uslevel) user_list = User.query.filter(*filter_args).all_with_page() return Success('获取成功', data=user_list)
def set_pp(self): _ = get_current_admin() data = parameter_required() ppid, prid, ppname, pprequired, pptype, ppremarks, ppunit, ppsort, ppvlist = data.get( 'ppid'), data.get('prid'), data.get('ppname'), data.get( 'pprequired'), data.get('pptype'), data.get( 'ppremarks'), data.get('ppunit'), data.get( 'ppsort'), data.get('ppvlist', []) pp_dict = {} if ppname: pp_dict['PPname'] = ppname if prid: _ = Product.query.filter( Product.PRid == prid, Product.isdelete == false()).first_('商品已删除') pp_dict['PRid'] = prid # if pprequired: pp_dict['PPrequired'] = bool(pprequired) if ppsort: try: ppsort = int(ppsort) except: raise ParamsError('权重只能是整数') pp_dict['PPsort'] = ppsort if pptype: try: pptype = ProductParamsType(int(pptype)).value except: raise ParamsError('类型有误') pp_dict['PPtype'] = pptype # if ppunit: pp_dict['PPunit'] = ppunit if ppremarks: pp_dict['PPremarks'] = ppremarks with db.auto_commit(): if not ppid: # if not prid: # raise ParamsError('需绑定产品') if not ppname: raise ParamsError('缺少参数名') if not pptype: raise ParamsError('缺少参数类型') pp_dict['PPid'] = str(uuid.uuid1()) pp = ProductParams.create(pp_dict) msg = '添加成功' else: pp = ProductParams.query.filter( ProductParams.PPid == ppid, ProductParams.isdelete == false()).first_('参数已删除') if data.get('delete'): pp.update({'isdelete': True}) msg = '删除成功' else: pp.update(pp_dict, null='not ignore') msg = '编辑成功' db.session.add(pp) if isinstance(ppvlist, list): # ProductParamsValue.query.filter(ProductParams.PPid == pp.PPid).delete_() ppvidlist = [] instance_list = [] for ppv in ppvlist: ppvvalue = ppv.get('ppvvalue') ppvprice = ppv.get('ppvprice', 0) ppvid = ppv.get('ppvid') if ppvprice: try: ppvprice = Decimal(str(ppvprice)) except: raise ParamsError('单价只能是数字') ppvdict = { 'PPid': pp.PPid, "PPVvalue": ppvvalue, "PPVprice": ppvprice } if ppvid: ppv_instance = ProductParamsValue.query.filter( ProductParamsValue.PPVid == ppvid, ProductParamsValue.isdelete == false()).first() if ppv_instance: ppv_instance.update(ppvdict) else: ppvdict.setdefault('PPVid', str(uuid.uuid1())) ppv_instance = ProductParamsValue.create(ppvdict) else: ppvdict.setdefault('PPVid', str(uuid.uuid1())) ppv_instance = ProductParamsValue.create(ppvdict) frontids = ppv.get('frontid', []) if isinstance(frontids, list): fpids = [] for frontid in frontids: front = ProductParams.query.filter( ProductParams.PPid == frontid).first_( "后续参数已删除") fp_instance = FrontParams.query.filter( FrontParams.PPid == front.PPid, FrontParams.PPVid == ppv_instance.PPVid, FrontParams.isdelete == false()).first() if not fp_instance: fp_instance = FrontParams.create({ "FPid": str(uuid.uuid1()), "PPid": front.PPid, "PPVid": ppv_instance.PPVid, }) instance_list.append(fp_instance) fpids.append(fp_instance.FPid) front.PRid = "" instance_list.append(front) unused_fp = FrontParams.query.filter( FrontParams.PPVid == ppv_instance.PPVid, FrontParams.FPid.notin_(fpids), FrontParams.isdelete == false()).all() # 删除无用绑定 for fp in unused_fp: unused_pp = ProductParams.query.filter( ProductParams.PPid == fp.PPid, ProductParams.isdelete == false()).first() if unused_pp: unused_pp.PRid = pp.PRid instance_list.append(unused_pp) fp.isdelete = True instance_list.append(fp) ppvidlist.append(ppv_instance.PPVid) instance_list.append(ppv_instance) db.session.add_all(instance_list) unused_ppv = ProductParamsValue.query.filter( ProductParamsValue.PPid == pp.PPid, ProductParamsValue.PPVid.notin_(ppvidlist)).all() ProductParamsValue.query.filter( ProductParamsValue.PPid == pp.PPid, ProductParamsValue.PPVid.notin_(ppvidlist)).delete_( synchronize_session=False) return Success(message=msg, data={'ppid': pp.PPid})
def update_admin(self): """更新管理员信息""" if not is_admin(): raise AuthorityError('权限不足') data = request.json or {} admin = get_current_admin() if admin.ADstatus != AdminStatus.normal.value: raise AuthorityError('权限不足') update_admin = {} action_list = [] with db.auto_commit(): if data.get("adname"): update_admin['ADname'] = data.get("adname") action_list.append( str(AdminAction.ADname.value) + '为' + str(data.get("adname")) + '\n') if data.get('adheader'): update_admin['ADheader'] = data.get("adheader") action_list.append(str(AdminAction.ADheader.value) + '\n') if data.get('adtelphone'): # self.__check_identifyingcode(data.get('adtelphone'), data.get('identifyingcode')) update_admin['ADtelephone'] = data.get('adtelphone') action_list.append( str(AdminAction.ADtelphone.value) + '为' + str(data.get("adtelphone")) + '\n') password = data.get('adpassword') if password and password != '*' * 6: self.__check_password(password) password = generate_password_hash(password) update_admin['ADpassword'] = password action_list.append( str(AdminAction.ADpassword.value) + '为' + str(password) + '\n') if admin.ADlevel == AdminLevel.super_admin.value: filter_adid = data.get('adid') or admin.ADid if getattr(AdminLevel, data.get('adlevel', ""), ""): update_admin['ADlevel'] = getattr( AdminLevel, data.get('adlevel')).value action_list.append( str(AdminAction.ADlevel.value) + '为' + getattr(AdminLevel, data.get('adlevel')).zh_value + '\n') if getattr(AdminStatus, data.get('adstatus', ""), ""): update_admin['ADstatus'] = getattr( AdminStatus, data.get('adstatus')).value action_list.append( str(AdminAction.ADstatus.value) + '为' + getattr(AdminStatus, data.get('adstatus')).zh_value + '\n') else: filter_adid = admin.ADid self.__check_adname(data.get("adname"), filter_adid) update_admin = { k: v for k, v in update_admin.items() if v or v == 0 } update_result = Admin.query.filter( Admin.ADid == filter_adid, Admin.isdelete == false()).update(update_admin) if not update_result: raise ParamsError('管理员不存在') filter_admin = Admin.query.filter( Admin.isdelete == false(), Admin.ADid == filter_adid).first_('管理员不存在') action_str = admin.ADname + '修改' + filter_admin.ADname + ','.join( action_list) an_instance = AdminNotes.create({ 'ANid': str(uuid.uuid1()), 'ADid': filter_adid, 'ANaction': action_str, "ANdoneid": request.user.id }) db.session.add(an_instance) # if is_admin(): # self.base_admin.create_action(AdminActionS.insert.value, 'AdminNotes', str(uuid.uuid1())) return Success("操作成功")
def add_admin_by_superadmin(self): """超级管理员添加普通管理""" superadmin = get_current_admin() if superadmin.ADlevel != AdminLevel.super_admin.value or \ superadmin.ADstatus != AdminStatus.normal.value: raise AuthorityError('当前非超管权限') data = request.json current_app.logger.info("add admin data is %s" % data) parameter_required(('adname', 'adpassword', 'adtelphone')) adid = str(uuid.uuid1()) password = data.get('adpassword') # 密码校验 self.__check_password(password) adname = data.get('adname') adlevel = getattr(AdminLevel, data.get('adlevel', '')) adlevel = 2 if not adlevel else int(adlevel.value) header = data.get('adheader') or GithubAvatarGenerator().save_avatar( adid) # 等级校验 if adlevel not in [1, 2, 3]: raise ParamsError('adlevel参数错误') telephone = data.get('adtelphone') if not re.match(r'^1[0-9]{10}$', str(telephone)): raise ParamsError('手机号格式错误') # 账户名校验 self.__check_adname(adname, adid) adnum = self.__get_adnum() # 创建管理员 with db.auto_commit(): adinstance = Admin.create({ 'ADid': adid, 'ADnum': adnum, 'ADname': adname, 'ADtelephone': telephone, 'ADfirstpwd': password, 'ADfirstname': adname, 'ADpassword': generate_password_hash(password), 'ADheader': header, 'ADlevel': adlevel, 'ADstatus': 0, }) db.session.add(adinstance) # 创建管理员变更记录 an_instance = AdminNotes.create({ 'ANid': str(uuid.uuid1()), 'ADid': adid, 'ANaction': '{0} 创建管理员{1} 等级{2}'.format(superadmin.ADname, adname, adlevel), "ANdoneid": request.user.id }) db.session.add(an_instance) return Success('创建管理员成功')
def set_un(self): admin = get_current_admin() data = parameter_required() unid, ucid, unname, prid, ucrequired, ununit, ununitprice, untype, unlimit, unlimitmin, pcid, ppvid, unexnum = data.get( 'unid'), data.get('ucid'), data.get('unname'), data.get( 'prid'), data.get('ucrequired'), data.get('ununit'), data.get( 'ununitprice'), data.get('untype'), data.get( 'unlimit'), data.get('unlimitmin'), data.get( 'pcid'), data.get('ppvid'), data.get('unexnum') undict = {} if unname: undict['UNname'] = unname if ucid: uc = UnitCategory.query.filter( UnitCategory.UCid == ucid, UnitCategory.isdelete == false()).first_('分类已删除') undict['UCid'] = ucid if prid: product = Product.query.filter( Product.PRid == prid, Product.isdelete == false()).first_('商品已删除') undict['PRid'] = prid if pcid: pc = ProductCategory.query.filter( ProductCategory.PCid == pcid, ProductCategory.isdelete == false()).first_("商品分类已删除") undict['PCid'] = pcid if ununit: undict['UNunit'] = ununit if ppvid: ppv = ProductParamsValue.query.filter( ProductParamsValue.PPVid == ppvid, ProductParamsValue.isdelete == false()).first_('参数值已删除') undict['PPVid'] = ppvid if ununitprice: try: ununitprice = Decimal(ununitprice) except: raise ParamsError('单价只能是数字') undict['UNunitPrice'] = ununitprice if untype: try: untype = UnitType(int(untype)).value except: raise ParamsError('参数类型有误') undict['UNtype'] = untype or 0 if unlimit: try: unlimit = Decimal(unlimit) except: raise ParamsError('最大值只能是数字') undict['UNlimit'] = unlimit or 0 if unlimitmin: try: unlimitmin = Decimal(unlimitmin) except: raise ParamsError('最小值只能是数字') undict['UNlimitMin'] = unlimitmin or 0 undict['UCrequired'] = bool(ucrequired) if unexnum: try: ununitprice = Decimal(unexnum) except: raise ParamsError('倍数系数只能是数字') undict['UNexnum'] = unexnum with db.auto_commit(): if not unid: if not unname: raise ParamsError('计算名缺失') if not ununitprice: raise ParamsError('单价缺失') if not (pcid or prid): raise ParamsError('商品或者商品分类必须指定') if not unexnum: undict['UNexnum'] = 1 undict['UNid'] = str(uuid.uuid1()) uninstance = Unit.create(undict) msg = '添加成功' else: uninstance = Unit.query.filter( Unit.UNid == unid, Unit.isdelete == false()).first_('部件已删除') if data.get('delete'): uninstance.update({'isdelete': True}) msg = '删除成功' else: uninstance.update(undict, null='not ignore') msg = '更新成功' db.session.add(uninstance) return Success(message=msg, data={'ucid': uninstance.UNid})