def get_msg_code(): args = request.args if request.method == 'POST': args = request.form msg_phone = args.get('phone', '') uni_email = args.get('uni_email', '') user = request.environ['user'] result, msg, msg_code = False, '', None try: if user.authenticated: raise Abort(u'您已经登入.') if not msg_phone or not uni_email: raise Abort(u'无效的手机号码或集团邮箱') if user.msg_time and time.time() - user.msg_time < 120: raise Abort(u'操作太过频繁,请稍后再试') user_info = usersvc.get_bcmaanger_info(uni_email) #if not user_info or user_info['mobile'] != msg_phone: #raise Abort(u'机号码或集团邮箱不存在') msg_code = str(random.random())[2:8] print msg_code user.msg_code = msg_code user.msg_time = time.time() user.msg_phone = msg_phone user.msg_email = uni_email user.save_to_session() # send_msg() # TODO result = True except Abort, e: msg = e.msg
def admin_set_info(): u''' 管理员设置渠道 ''' args = request.args if request.method == 'POST': args = request.form channel_id = _int(args.get('channel_id', '')) sales_depart_id = _int(args.get('sales_depart_id', '')) user = request.environ['user'] result, msg = False, '' try: if not channel_id or not sales_depart_id: raise Abort(u'无效渠道id或区分id') channels = usersvc.get_channels(top=True) _channel = [c for c in channels if c['channel_id'] == channel_id] if not _channel: raise Abort(u'设置的渠道不存在') _depart = [ d for d in _channel[0]['departs'] if d['sales_depart_id'] == sales_depart_id ] if not _depart: raise Abort(u'设置的渠道和区分错误') result = usersvc.set_user_sales_info(user.user_id, channel_id, sales_depart_id) if result: user.user_info = usersvc.get_user_local_info(user.user_id) user.save_to_session() except Abort, e: msg = e.msg
def oauth2(): code = request.args.get('code') try: if not code: raise Abort(u'认证失败(oauth2返回code为空)!') params = dict(code=code, client_id=config.OAuth2['client_id'], client_secret=config.OAuth2['client_secret'], grant_type='authorization_code') resp = requests.post(config.OAuth2['token_uri'], data=params) content = {} if resp.status_code == 200 and resp.text: try: content = json.loads(resp.text) except ValueError, e: raise Abort(u'认证失败(解析token错误)') token = content.get('access_token') if not token: raise Abort(u'认证失败(获取token失败)') params = dict(access_token=token, client_id=config.OAuth2['client_id']) resp = requests.post(config.OAuth2['info_uri'], data=params) content = {} if resp.status_code == 200 and resp.text: try: content = json.loads(resp.text) except ValueError, e: raise Abort(u'认证失败(解析token错误)')
def get_user_tag(): args = request.args if request.method == 'POST': args = request.form user_id = args.get('user_id', '') adminUser = request.environ['user'] setUser = usersvc.get_user_local_info(user_id) if not setUser or \ adminUser.user_info['channel_id']!=setUser['channel_id'] or \ setUser['sales_depart_id'] not in adminUser.user_info['charge_departs']: raise Abort(u'请求的用户不存在或非负责区域') tags, result, msg = [], False, '' privsmanage = [False, False, False, False] for a in adminUser.user_info['privs']: if a == 'PRIV_ADMIN_SUPER': privsmanage[0] = True if a == 'PRIV_ADMIN': privsmanage[1] = True for s in setUser['privs']: if s == 'PRIV_ADMIN_SUPER': privsmanage[2] = True if s == 'PRIV_ADMIN': privsmanage[3] = True if privsmanage[2] or (privsmanage[1] and privsmanage[3]): raise Abort(u'无权限设置该用户的标签') try: rows = usersvc.get_pos_tag() adminTags = adminUser.user_info['tags'] if adminUser.user_info[ 'tags'] else [] setTags = setUser['tags'] if setUser['tags'] else [] for a in adminTags: for r in rows: if a == r[u'tag_id']: match = False for s in setTags: if a == s: match = True break if match: tags.append({ 'tag_id': a, 'tag_label': r[u'tag_label'], 'status': True }) else: tags.append({ 'tag_id': a, 'tag_label': r[u'tag_label'], 'status': False }) result = True except Abort, e: msg = e.msg
def upload_file(): f = request.files.get('file') result, rows, msg = False, None, '' try: if not f: raise Abort(u'文件为空') file_name = f.filename _, ext = os.path.splitext(file_name) if ext not in ('.xls', '.xlsx'): raise Abort(u'非法文件') book = xlrd.open_workbook(file_contents=f.read()) result, rows = excel_reader(book=book) except Abort, e: msg = e.msg
def _check(rows): names = [] for row in rows: if type(row) != dict: raise Abort(u'请提供JSON格式数据.(type error) ') if row.get('status') != 1: continue data = row.get('data', []) if not type(data) == list or not data or not len(data) >= 8: row['status'] = 4 row['msg'] = u'数据不完整.' continue if data[4] == '' or not data[6] or not data[7] or not data[0]: row['status'] = 4 row['msg'] = u'必填项.' continue if not str(data[7]).isdigit() or len(str(data[7])) != 11: row['status'] = 4 row['msg'] = u'手机号.' continue if data[4] in names: row['status'] = 4 row['msg'] = u'名称重复(excel).' continue names.append(data[4]) pos, _ = possvc.get_pos_list(pos_name=data[4]) if pos: row['status'] = 4 row['msg'] = u'名称已存在.' continue if not (data[8] == u'有租金' or data[8] == u'无租金'): row['status'] = 4 row['msg'] = u'租金类型不正确' row['status'] = 3
def plan_audit(): args = request.args if request.method == 'POST': args = request.form user = request.environ['user'] channel_id = user.user_info['channel_id'] charge_departs = user.user_info['charge_departs'] selected_plan = args.get('selectedPlan', '') status = args.get('status', '') cnt, msg = 0, '' try: selected_plan = selected_plan.split(',') for s in range(len(selected_plan)): selected_plan[s] = _int(selected_plan[s]) status_id = _int(status) if status_id == 2: status = [1, 4] elif status_id == 4: status = [1, 2] else: raise Abort(u'请求的状态错误') cnt = plansvc.plan_audit(status_id=status_id, status=status, channel_id=channel_id, charge_departs=charge_departs, selected_plan=selected_plan) msg = '提交' + str(len(selected_plan)) + '行,成功' + str(cnt) + '行。' except ValueError: msg = u'请求的数据错误' except Abort, e: msg = e.msg
def privsUpdate(privs, priv, state): if state == 'true' and priv not in privs: privs.append(priv) elif state == 'false' and priv in privs: privs.remove(priv) else: raise Abort(u'设置权限异常') return privs
def login_json(): args = request.args if request.method == 'POST': args = request.form msg_code = args.get('msg_code', '') result, msg = False, '' user = request.environ['user'] try: if not user.msg_code or not user.msg_email or not user.msg_time \ or time.time() - user.msg_time > 60*5: raise Abort(u'请重新获取验证码.') if not msg_code: raise Abort(u'无效的验证码.') print msg_code, user.msg_code if user.msg_code != msg_code: raise Abort(u'请输入正确的验证码.') user_info = usersvc.get_bcmaanger_info(user.msg_email) set_result = usersvc.set_user_base_info({ 'user_id': user_info['uni_email'], 'user_name': user_info['full_name'], 'mobile': user_info['mobile'] }) if not set_result: raise Abort(u'设置用户信息失败.') user.user_name = user_info['full_name'] user.user_id = user_info['uni_email'] user_local_info = usersvc.get_user_local_info(user_info['uni_email']) user.privs = user_local_info['privs'] or [] user.user_info = user_local_info user.msg_code = None user.msg_phone = None user.msg_time = None user.msg_email = None user.save_to_session() result = True except Abort, e: msg = e.msg
def add_saler(): u''' 更新, 各渠道只能更新各渠道的数据 区分也限定 ''' args = request.args if request.method == 'POST': args = request.form keys = ( 'mobile', 'saler_name', #'channel_id', 'sales_depart_id', 'unit', #'create_user_id' ) user = request.environ['user'] channel_id = user.user_info['channel_id'] # 限定只能添加自己渠道的 charge_departs = user.user_info['charge_departs'] saler = {'channel_id': channel_id, 'create_user_id': user.user_id} for k in keys: val = args.get(k, '') saler[k] = val sales_depart_id = _int(saler['sales_depart_id']) saler['sales_depart_id'] = sales_depart_id result, msg = False, '' try: mobile = saler['mobile'] if not mobile.isdigit() or len(mobile) != 11: raise Abort(u'请提供正确的手机号') if not saler['saler_name']: raise Abort(u'促销人员姓名不能为空') if not saler['sales_depart_id']: raise Abort(u'促销人员区分不能为空') if saler['sales_depart_id'] not in charge_departs: raise Abort(u'无权添加人员到该区分') check = salersvc.get_saler_list(mobile=mobile) if len(check): msg = u'手机号码已存在请作更新操作(若无法查询到该记录请联系管理员)' raise Abort(msg) result = salersvc.add_saler(saler) except Abort, e: msg = e.msg
def update_saler(): u''' 更新, 各渠道只能更新各渠道的数据 区分也限定 ''' args = request.args if request.method == 'POST': args = request.form user = request.environ['user'] mobile = args.get('mobile', '') channel_id = args.get('channel_id', '') channel_id = _int(channel_id) if channel_id else '' sales_depart_id = args.get('sales_depart_id', '') sales_depart_id = _int(sales_depart_id) if sales_depart_id else '' saler_name = args.get('saler_name', '') unit = args.get('unit', '') deleted = args.get('deleted', '') deleted = _int(deleted) if deleted else '' update_user_id = user.user_id result, msg = False, '' try: print sales_depart_id, user.user_info['charge_departs'] if sales_depart_id and channel_id: depart_info = get_depart_list(sales_depart_id=sales_depart_id) if depart_info[0]['channel_id'] != channel_id: raise Abort(u'设置的渠道与区分不符合') elif sales_depart_id: if sales_depart_id not in user.user_info['charge_departs']: raise Abort(u'设置的区分不符合') result = salersvc.update_saler(mobile=mobile, channel_id=channel_id, sales_depart_id=sales_depart_id, saler_name=saler_name, unit=unit, deleted=deleted, update_user_id=update_user_id) except Abort, e: msg = e.msg
def update_pos(): u''' 可以用作删除 更新 keys 里的字段 只能更新数据权限范围内的数据 渠道不能更改 区分只能改到自己权限范围内 ''' keys = ( 'pos_type', 'sales_id', 'pos_name', 'pos_address', #'channel_id', 'sales_depart_id', 'deleted', 'pos_man', 'pos_man_mobile', 'pos_unit', 'pos_code', 'geo_data', ) args = request.args if request.method == 'POST': args = request.form pos_id = _int(args.get('pos_id', '')) result, msg = False, '' user = request.environ['user'] try: if not pos_id: raise Abort(u'pos_id invalid.') items = {} for k in keys: val = args.get(k, '') if val: if k in ('sales_depart_id', ): val = _int(val) if not val: raise Abort(u'%s invalid' % k) items[k] = val if not len(items.keys()): raise Abort(u'请指定更新字段.') mobile = items.get('pos_man_mobile') if mobile and (len(mobile) != 11 or not mobile.isdigit()): raise Abort(u'手机号码不正确.') pos, cnt = possvc.get_pos_list(pos_id=pos_id) if not pos: raise Abort(u'更新项不存在.') pos = pos[0] if pos['channel_id'] != user.user_info['channel_id'] or\ pos['sales_depart_id'] not in user.user_info['charge_departs']\ or ('sales_depart_id' in items and items['sales_depart_id']\ not in user.user_info['charge_departs']) : raise Abort(u'无权更新.') items['update_user_id'] = user.user_id items['pos_id'] = pos_id result = possvc.update_pos(items) except Abort, e: msg = e.msg
def set_sales_info(): u''' 第一次登入需要设置 渠道, 区分信息 市公司管理不能通过此接口设置 ''' args = request.args if request.method == 'POST': args = request.form channel_id = _int(args.get('channel_id', '')) sales_depart_id = _int(args.get('sales_depart_id', '')) user = request.environ['user'] result, msg = False, '' try: if not channel_id or not sales_depart_id: raise Abort(u'无效渠道id或区分id') # 检查是否已设置过 user_info = usersvc.get_user_local_info(user.user_id) if user_info['channel_id'] or user_info['sales_depart_id']: raise Abort(u'已设置过渠道和区分信息(修改请联系管理人员)') # 检查渠道和区分对应关系 channels = usersvc.get_channels() _channel = [c for c in channels if c['channel_id'] == channel_id] if not _channel: raise Abort(u'设置的渠道不存在') _depart = [ d for d in _channel[0]['departs'] if d['sales_depart_id'] == sales_depart_id ] if not _depart: raise Abort(u'设置的渠道和区分错误') result = usersvc.set_user_sales_info(user.user_id, channel_id, sales_depart_id) if result: user.user_info = usersvc.get_user_local_info(user.user_id) user.save_to_session() except Abort, e: msg = e.msg
def _check(rows): user = request.environ['user'] charge_departs_info = user.user_info['charge_departs_info'] rm_depart = None for d in charge_departs_info: if d['parent_id'] == 0: rm_depart = d['sales_depart_id'] charge_departs = user.user_info['charge_departs'] if rm_depart: charge_departs.remove(rm_depart) mobiles = [] for row in rows: if type(row) != dict: raise Abort(u'请提供JSON格式数据.(type error) ') if row.get('status') != 1: continue data = row.get('data', []) if not type(data) == list or not data or not len(data) >= 3: row['status'] = 4 row['msg'] = u'数据不完整' continue if not data[0] or not data[1] or not data[2]: row['status'] = 4 row['msg'] = u'必填项' continue if data[0] not in charge_departs: row['status'] = 4 row['msg'] = u'区分ID不符合要求' continue if not str(data[1]).isdigit() or len(str(data[1])) != 11: row['status'] = 4 row['msg'] = u'手机号异常' continue if data[1] in mobiles: row['status'] = 4 row['msg'] = u'手机号重复(excel)' continue mobiles.append(data[0]) if not str(data[3]).isdigit() or len(str(data[3])) != 10: row['status'] = 4 saler = salersvc.get_saler_list(mobile=str(data[1])) if saler: row['status'] = 4 row['msg'] = u'手机号已存在' continue row['status'] = 3
def add_pos(): u''' 添加, todo: 负责人信息 ''' keys = ( 'pos_type', 'sales_id', 'pos_name', 'pos_address', 'pos_man', 'pos_man_mobile', #'channel_id', 'deleted', 'sales_depart_id', 'pos_unit', 'pos_code', 'geo_data', ) args = request.args if request.method == 'POST': args = request.form user = request.environ['user'] channel_id = user.user_info['channel_id'] charge_departs = user.user_info['charge_departs'] items = {'channel_id': channel_id, 'create_user_id': user.user_id} for k in keys: val = args.get(k, '') if not val: continue items[k] = val result, msg, pos_id = False, '', None try: if not items.get('pos_name'): raise Abort(u'促销点名称不能为空.') if not items.get('pos_man'): raise Abort(u'促销负责任不能为空.') mobile = items.get('pos_man_mobile') if not mobile or len(mobile) != 11 or not mobile.isdigit(): raise Abort(u'请提供正确的手机号.') name_check, _ = possvc.get_pos_list(pos_name=items.get('pos_name')) if name_check: raise Abort(u'促销点名称已存在.') items['sales_depart_id'] = _int(items.get('sales_depart_id', '')) if not items['sales_depart_id']: raise Abort(u'请指定正确的区分信息.') if items['sales_depart_id'] not in charge_departs: raise Abort(u'无权添加改区分的促销点信息.') pos_id = possvc.add_pos(items) result = True if pos_id else False except Abort, e: msg = e.msg
def audit(): args = request.args if request.method == 'POST': args = request.form plan_id = _int(args.get('plan_id', '')) status = _int(args.get('status', '')) result, msg = False, u'' user = request.environ['user'] try: if not plan_id or not status: raise Abort(u'') update_info = { 'plan_id': plan_id, 'status': status, 'audit_user_id': user.user_id } result = plansvc.update_plan(update_info) except Abort, e: msg = e.msg
def pos_import(): args = request.args if request.method == 'POST': args = request.form user = request.environ['user'] channel_id = user.user_info['channel_id'] charge_departs = user.user_info['charge_departs'] rows = args.get('rows', '') sales_depart_id = _int(args.get('sales_depart_id', '')) pos_type = args.get('pos_type', '') result, msg, cnt, result_sms_users = False, '', 0, 0 # 单元 促销点ID 代码点 门店名称 门店地址 负责人姓名 负责人电话 try: if not pos_type: raise Abort(u'请指定类型.') rows = json.loads(rows) _check(rows) rows = filter(lambda r: r.get('status') == 3, rows) datas = [r['data'][:9] for r in rows] keys = [ 'sales_depart_id', 'pos_unit', 'sales_id', 'pos_code', 'pos_name', 'pos_address', 'pos_man', 'pos_man_mobile', 'is_charge' ] datas = [dict(zip(keys, d)) for d in datas] update_sms_users = [] for d in datas: d['create_user_id'] = user.user_id d['channel_id'] = channel_id d['pos_type'] = pos_type match = False for u in update_sms_users: if u.has_key('pos_man_mobile' ) and u['pos_man_mobile'] == d['pos_man_mobile']: match = True break if not match: update_sms_users.append(d) result = possvc.pos_import(datas) result_sms_users = possvc.sms_user_import(update_sms_users) except ValueError, e: msg = u'请提供JSON格式数据.(loads error) '
def admin_get_privs(): args = request.args if request.method == 'POST': args = request.form AdminUser = request.environ['user'] user_id = args.get('user_id', '') SetUser = usersvc.get_user_local_info(user_id) if not SetUser['privs']: SetUser['privs'] = [] AdminPrivs = AdminUser.user_info['privs'] privsmanage = [False, False, False, False] for a in AdminPrivs: if a == 'PRIV_ADMIN_SUPER': privsmanage[0] = True if a == 'PRIV_ADMIN': privsmanage[1] = True SetPrivs = SetUser['privs'] for s in SetPrivs: if s == 'PRIV_ADMIN_SUPER': privsmanage[2] = True if s == 'PRIV_ADMIN': privsmanage[3] = True if SetPrivs is None: SetPrivs = [] result, msg = False, '' try: if SetUser is None: raise Abort(u'获取用户资料异常') resp = [] if privsmanage[2] or (privsmanage[3] and not privsmanage[0]): pass else: for a in AdminPrivs: if a == 'PRIV_ADMIN_SUPER' or (a == 'PRIV_ADMIN' and not privsmanage[0]): pass else: match = False for s in SetPrivs: if a == s: match = True break if match: for p in privs_all: if p['priv'] == a.encode(): resp.append({ 'priv': a.encode(), 'state': True, 'label': p['label'] }) else: for p in privs_all: if p['priv'] == a.encode(): resp.append({ 'priv': a.encode(), 'state': False, 'label': p['label'] }) result = True return {'user': SetUser, 'privs': resp, 'result': result, 'msg': msg} except Abort, e: msg = e.msg
raise Abort(u'认证失败(解析token错误)') token = content.get('access_token') if not token: raise Abort(u'认证失败(获取token失败)') params = dict(access_token=token, client_id=config.OAuth2['client_id']) resp = requests.post(config.OAuth2['info_uri'], data=params) content = {} if resp.status_code == 200 and resp.text: try: content = json.loads(resp.text) except ValueError, e: raise Abort(u'认证失败(解析token错误)') user_info = content.get('user_info') if not user_info: raise Abort(u'认证失败(获取用户数据出错)') ## 到此认证成功 set_result = usersvc.set_user_base_info({ 'user_id': user_info['uni_email'], 'user_name': user_info['full_name'], 'mobile': user_info['mobile'] }) if not set_result: raise Abort(u'设置用户信息失败.') user_local_info = usersvc.get_user_local_info(user_info['uni_email']) user = request.environ['user'] user.user_name = user_info['full_name'] user.user_id = user_info['uni_email']
def admin_alter_user(): args = request.args if request.method == 'POST': args = request.form result, msg = False, '' try: user_id = args.get('user_id', '') SetUser = usersvc.get_user_local_info(user_id) privs = copy.copy(SetUser['privs'] if SetUser['privs'] else []) AdminUser = request.environ['user'] if not user_id or not SetUser: raise Abort(u'设置的用户不存在') if 'PRIV_ADMIN_SUPER' in privs or \ ('PRIV_ADMIN_SUPER' not in AdminUser.user_info['privs'] and 'PRIV_ADMIN' in privs) : raise Abort(u'不能越级更改系统管理员的信息') channel_id = args.get('channel_id', '') channel_id = _int(channel_id) if channel_id else None channel_id = channel_id if channel_id != SetUser['channel_id'] else None sales_depart_id = args.get('sales_depart_id', None) sales_depart_id = _int(sales_depart_id) if sales_depart_id else None sales_depart_id = sales_depart_id if sales_depart_id != SetUser[ 'sales_depart_id'] else None user_name = args.get('user_name', None) user_name = user_name if user_name != SetUser['user_name'] else None if channel_id and 'PRIV_ADMIN_SUPER' not in AdminUser.user_info[ 'privs'] and channel_id != AdminUser.user_info['channel_id']: raise Abort(u'非超级管理员不能更改渠道') if sales_depart_id and 'PRIV_ADMIN_SUPER' not in AdminUser.user_info[ 'privs'] and sales_depart_id not in AdminUser.user_info[ 'charge_departs']: raise Abort(u'非超级管理员不能夸越渠道变更区分') if sales_depart_id and channel_id: depart_info = usersvc.get_depart_list( sales_depart_id=sales_depart_id) if depart_info[0]['channel_id'] != channel_id: raise Abort(u'设置的渠道与区分不符合') PRIV_ADMIN = args.get('PRIV_ADMIN', None) if PRIV_ADMIN: privs = privsUpdate(privs, 'PRIV_ADMIN', PRIV_ADMIN) PRIV_ADMIN_POS = args.get('PRIV_ADMIN_POS', None) if PRIV_ADMIN_POS: privs = privsUpdate(privs, 'PRIV_ADMIN_POS', PRIV_ADMIN_POS) PRIV_ADMIN_SALE = args.get('PRIV_ADMIN_SALE', None) if PRIV_ADMIN_SALE: privs = privsUpdate(privs, 'PRIV_ADMIN_SALE', PRIV_ADMIN_SALE) PRIV_PLAN = args.get('PRIV_PLAN', None) if PRIV_PLAN: privs = privsUpdate(privs, 'PRIV_PLAN', PRIV_PLAN) PRIV_ADMIN_DATA = args.get('PRIV_ADMIN_DATA', None) if PRIV_ADMIN_DATA: privs = privsUpdate(privs, 'PRIV_ADMIN_DATA', PRIV_ADMIN_DATA) PRIV_PLAN_AUDIT = args.get('PRIV_PLAN_AUDIT', None) if PRIV_PLAN_AUDIT: privs = privsUpdate(privs, 'PRIV_PLAN_AUDIT', PRIV_PLAN_AUDIT) privs = '{' + ','.join( privs) + '}' if privs != SetUser['privs'] else None tags = copy.copy(SetUser['tags'] if SetUser['tags'] else []) TAG_1 = args.get(u'1', None) if TAG_1 == 'true' and 1 not in tags: tags.append(1) elif TAG_1 == 'false' and 1 in tags: tags.remove(1) TAG_2 = args.get(u'2', None) if TAG_2 == 'true' and 2 not in tags: tags.append(2) elif TAG_2 == 'false' and 2 in tags: tags.remove(2) tags = '{' + ','.join(map( str, tags)) + '}' if tags != SetUser['tags'] else None if channel_id or sales_depart_id or user_name or privs or tags: usersvc.set_user_all( user_id=user_id, adminuser_id=AdminUser.user_info['user_id'], channel_id=channel_id, sales_depart_id=sales_depart_id, user_name=user_name, privs=privs, tags=tags, ) result = True else: raise Abort(u'没有更新的内容') except Abort, e: msg = e.msg