def get(self, request):
if not admin_work_weixin_departments_check():
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
data = {
'access_token': access_token,
}
department_id = request.GET.get('department_id', None)
if department_id:
data['id'] = department_id
api_response = requests.get(WORK_WEIXIN_DEPARTMENTS_URL, params=data)
api_response_dic = handler_work_weixin_api_response(api_response)
if not api_response_dic:
logger.error('can not get work weixin departments response')
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if WORK_WEIXIN_DEPARTMENT_FIELD not in api_response_dic:
logger.error(json.dumps(api_response_dic))
logger.error(
'can not get department list in work weixin departments response'
)
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
return Response(api_response_dic)
def get(self, request, department_id):
if not admin_work_weixin_departments_check():
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
error_msg = '获取企业微信组织架构成员失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
data = {
'access_token': access_token,
'department_id': department_id,
}
fetch_child = request.GET.get('fetch_child', None)
if fetch_child:
if fetch_child not in ('true', 'false'):
error_msg = 'fetch_child invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
data['fetch_child'] = 1 if fetch_child == 'true' else 0
api_response = requests.get(WORK_WEIXIN_DEPARTMENT_MEMBERS_URL,
params=data)
api_response_dic = handler_work_weixin_api_response(api_response)
if not api_response_dic:
logger.error('can not get work weixin department members response')
error_msg = '获取企业微信组织架构成员失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
if WORK_WEIXIN_DEPARTMENT_MEMBERS_FIELD not in api_response_dic:
logger.error(json.dumps(api_response_dic))
logger.error(
'can not get userlist in work weixin department members response'
)
error_msg = '获取企业微信组织架构成员失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
api_user_list = api_response_dic[WORK_WEIXIN_DEPARTMENT_MEMBERS_FIELD]
# todo filter ccnet User database
social_auth_queryset = SocialAuthUser.objects.filter(
provider=WORK_WEIXIN_PROVIDER,
uid__contains=WORK_WEIXIN_UID_PREFIX)
for api_user in api_user_list:
uid = WORK_WEIXIN_UID_PREFIX + api_user.get('userid', '')
api_user['contact_email'] = api_user['email']
# # determine the user exists
if social_auth_queryset.filter(uid=uid).exists():
api_user['email'] = social_auth_queryset.get(uid=uid).username
else:
api_user['email'] = ''
return Response(api_response_dic)
def do_action(self):
# work weixin check
if not admin_work_weixin_departments_check():
self.log_error('Feature is not enabled.')
return
access_token = get_work_weixin_access_token()
if not access_token:
self.log_error('can not get work weixin access_token')
return
# list departments from work weixin
api_department_list = self.list_departments_from_work_weixin(
access_token)
if api_department_list is None:
self.log_error('获取企业微信组织架构失败')
return
api_department_list = sorted(api_department_list,
key=lambda x: x['id'])
self.log_debug('Total %d work-weixin departments.' %
len(api_department_list))
# main
count = 0
exists_count = 0
for department_obj in api_department_list:
# check department argument
group_name = department_obj.get('name')
department_obj_id = department_obj.get('id')
if department_obj_id is None or not group_name:
continue
# check department exist
exist_department = ExternalDepartment.objects.get_by_provider_and_outer_id(
WORK_WEIXIN_PROVIDER, department_obj_id)
if exist_department:
exists_count += 1
continue
# sync to db
group = self.get_group_by_name(group_name)
if group:
ExternalDepartment.objects.create(
group_id=group.id,
provider=WORK_WEIXIN_PROVIDER,
outer_id=department_obj_id,
)
count += 1
self.log_debug('%d work-weixin departments exists in db.' %
exists_count)
self.log_debug('Sync %d work-weixin departments to db.' % count)
def post(self, request):
if not admin_work_weixin_departments_check():
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
api_user_list = request.data.get(WORK_WEIXIN_DEPARTMENT_MEMBERS_FIELD,
None)
if not api_user_list or not isinstance(api_user_list, list):
error_msg = 'userlist invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
success = []
failed = []
social_auth_queryset = SocialAuthUser.objects.filter(
provider=WORK_WEIXIN_PROVIDER,
uid__contains=WORK_WEIXIN_UID_PREFIX)
for api_user in api_user_list:
error_data = _handler_work_weixin_user_data(
api_user, social_auth_queryset)
if not error_data:
email = gen_user_virtual_id()
if _import_user_from_work_weixin(email, api_user):
success.append({
'userid': api_user.get('userid'),
'name': api_user.get('name'),
'email': email,
})
else:
failed.append({
'userid': api_user.get('userid'),
'name': api_user.get('name'),
'error_msg': '导入失败'
})
else:
failed.append(error_data)
return Response({'success': success, 'failed': failed})
def post(self, request):
"""import department from work weixin
permission: IsProVersion
"""
if not request.user.admin_permissions.can_manage_user():
return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
# argument check
department_id = request.data.get('work_weixin_department_id')
try:
department_id = int(department_id)
except Exception as e:
logger.error(e)
error_msg = 'work_weixin_department_ids invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# is pro version and work weixin check
if not IsProVersion or not admin_work_weixin_departments_check():
error_msg = 'Feature is not enabled.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# list departments from work weixin
api_department_list = self._list_departments_from_work_weixin(
access_token, department_id)
if api_department_list is None:
error_msg = '获取企业微信组织架构失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# list department members from work weixin
api_user_list = self._list_department_members_from_work_weixin(
access_token, department_id)
if api_user_list is None:
error_msg = '获取企业微信组织架构成员失败'
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# main
success = list()
failed = list()
department_map_to_group_dict = dict()
for index, department_obj in enumerate(api_department_list):
# check department argument
new_group_name = department_obj.get('name')
department_obj_id = department_obj.get('id')
if department_obj_id is None or not new_group_name or not validate_group_name(
new_group_name):
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门参数错误')
failed.append(failed_msg)
continue
# check parent group
if index == 0:
parent_group_id = -1
else:
parent_department_id = department_obj.get('parentid')
parent_group_id = department_map_to_group_dict.get(
parent_department_id)
if parent_group_id is None:
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '父级部门不存在')
failed.append(failed_msg)
continue
# check department exist by group name
exist, exist_group = self._admin_check_group_name_conflict(
new_group_name)
if exist:
department_map_to_group_dict[
department_obj_id] = exist_group.id
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门已存在')
failed.append(failed_msg)
continue
# import department
try:
group_id = ccnet_api.create_group(
new_group_name,
DEPARTMENT_OWNER,
parent_group_id=parent_group_id)
seafile_api.set_group_quota(group_id, -2)
department_map_to_group_dict[department_obj_id] = group_id
success_msg = self._api_department_success_msg(
department_obj_id, new_group_name, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_department_failed_msg(
department_obj_id, new_group_name, '部门导入失败')
failed.append(failed_msg)
# todo filter ccnet User database
social_auth_queryset = SocialAuthUser.objects.filter(
provider=WORK_WEIXIN_PROVIDER,
uid__contains=WORK_WEIXIN_UID_PREFIX)
# import api_user
for api_user in api_user_list:
uid = WORK_WEIXIN_UID_PREFIX + api_user.get('userid', '')
api_user['contact_email'] = api_user['email']
api_user_name = api_user.get('name')
# determine the user exists
if social_auth_queryset.filter(uid=uid).exists():
email = social_auth_queryset.get(uid=uid).username
else:
# create user
email = gen_user_virtual_id()
create_user_success = _import_user_from_work_weixin(
email, api_user)
if not create_user_success:
failed_msg = self._api_user_failed_msg(
'', api_user_name, department_id, '导入用户失败')
failed.append(failed_msg)
continue
# bind user to department
api_user_department_list = api_user.get('department')
for department_obj_id in api_user_department_list:
group_id = department_map_to_group_dict.get(department_obj_id)
if group_id is None:
# the api_user also exist in the brother department which not import
continue
if ccnet_api.is_group_user(group_id, email):
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_obj_id, '部门成员已存在')
failed.append(failed_msg)
continue
try:
ccnet_api.group_add_member(group_id, DEPARTMENT_OWNER,
email)
success_msg = self._api_user_success_msg(
email, api_user_name, department_obj_id, group_id)
success.append(success_msg)
except Exception as e:
logger.error(e)
failed_msg = self._api_user_failed_msg(
email, api_user_name, department_id, '导入部门成员失败')
failed.append(failed_msg)
return Response({
'success': success,
'failed': failed,
})
