async def put(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode("utf8"))
reqList = {m: [str(n)] for m, n in reqData.items()}
valiDict = UserForm(reqList)
if valiDict.validate():
valiData = valiDict.data
try:
oneUser = await self.application.objects.get(Users,
id=reqData['id'])
except Users.DoesNotExist as e:
return self.finish(rf().set(404, "失败用户不存在"))
pwd_bcrpt = pd().hashed(valiData['password'])
# oneUser.password = hashlib.sha256(valiData['password'].encode('utf8')).hexdigest()
async with self.application.objects.atomic():
params = {
"username": valiData['username'],
"password": pwd_bcrpt,
}
await self.application.objects.execute(
Users.update(**params).where(Users.id == oneUser.id))
#删除对应角色
await self.application.objects.execute(
userRole.delete().where(userRole.users_id == oneUser.id))
#过滤出权限id列表
if not len(reqData["checkedData"]) == 0:
for c in reqData["checkedData"]:
# 给角色添加权限
await self.application.objects.create(
userRole, users_id=oneUser.id, roles_id=c)
return self.finish(rf().code(202))
else:
resData = rf().code(404)
resData['msg'] = valiDict.errors
return self.finish(resData)
async def post(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode("utf8"))
# 生成wtform-tornado验证格式
reqDict = {m: [str(n)] for m, n in reqData.items()}
valiDict = UserForm(reqDict)
if valiDict.validate():
newData = valiDict.data
try:
await self.application.objects.get(
Users, username=reqData['username'])
resData = rf().set(404, "失败用户已存在")
return self.finish(resData)
except Users.DoesNotExist as e:
async with self.application.objects.atomic():
newData["password"] = pd().hashed(newData['password'])
oneUser = await self.application.objects.create(
Users, **newData)
for n in reqData['checkedData']:
await self.application.objects.create(
userRole, users_id=oneUser.id, roles_id=n)
return self.finish(rf().code(201))
else:
resData = rf().code(404)
resData['msg'] = valiDict.errors
return self.finish(resData)
async def put(self, *args, **kwargs):
resData = {}
temp = json.loads(self.request.body.decode("utf8"))
reqInfo = {m: [n] for m, n in temp.items()}
reqvali = MenusForm(reqInfo)
if reqvali.validate():
try:
oneEdit = await self.application.objects.get(Menus,
id=reqInfo['id'])
except Exception as e:
self.finish(rf().set(404, "失败提交信息有误"))
else:
obj = reqvali.data
oneEdit.title = obj['title']
oneEdit.icon = obj['icon']
oneEdit.path = obj['path']
oneEdit.code = obj['code']
oneEdit.ord = obj['ord']
# 父菜单的值没有验证,直接从请求中获取并判断
oneEdit.sub_id = None if str(
reqInfo['parent'][0]).strip() == "" else int(
str(reqInfo['parent'][0]).strip())
await self.application.objects.update(oneEdit)
resData = rf().code(202)
else:
resData = rf().code(404)
resData['msg'] = reqvali.errors
return self.finish(resData)
async def post(self, *args, **kwargs):
resData = {}
reqData = json.loads(self.request.body.decode("utf8"))
# 生成wtform-tornado验证格式
reqDict = {m: [str(n)] for m, n in reqData.items()}
valiDict = PermissionsForm(reqDict)
if valiDict.validate():
data = valiDict.data
try:
await self.application.objects.get(Permissions,
title=data['title'])
return self.finish(rf().set(404, "失败用户已存在"))
except Exception as f:
async with self.application.objects.atomic():
await self.application.objects.create(
Permissions,
title=data['title'],
url=data['url'],
method=data['method'],
menu_id=data['menu'])
resData = rf().code(201)
return self.finish(resData)
else:
resData = rf().code(404)
resData['msg'] = valiDict.errors
return self.finish(resData)
async def post(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode('utf8'))
# 获取redis验证信息
rds = RedisGroup(self)
rdsInfo = await rds.get(reqData)
if rdsInfo:
return self.finish(rdsInfo)
# 先判断请求用户数据是否存在
try:
oneRecord = await self.application.objects.get(
Records, id=reqData["id"], onlyid=reqData["onlyid"])
validata = oneRecord.uuidnum
except Exception as e:
return self.finish(rf().code(404))
# 判断初始状态是否为冻结,如果不是,取消操作
if not oneRecord.is_lock:
return self.finish(rf().code(404))
async with self.application.objects.atomic():
result = await self.application.objects.execute(
Records.update(uuidnum=uuid.uuid1(),
lock_user=None,
is_confirm=True,
operator=self.current_user).where(
(Records.id == reqData["id"])
& (Records.uuidnum == validata)))
if result == 0:
return self.finish(rf().code(404))
rds.delete()
return self.finish(rf().set(202, "操作成功"))
async def get(self, req):
# print(self.obj)
# print(self.obj.application)
# 判断redis是否有记录
self.only_id = req["onlyid"]
# 实例化redis
try:
self.rds = self.obj.application.rds(1)
except Exception as ff:
return rf().set(500, "内部服务错误")
# 判断标记是否存在
if not self.rds.get("onlyid-mark"):
self.rds.flushdb()
self.rds.set("onlyid-mark", "1", ex=3600)
allLockFreeze = await self.obj.application.objects.execute(Records.select().where(
((Records.is_freeze == True) | (Records.is_lock == True)) & (Records.is_confirm == False)))
for oneLockFreeze in allLockFreeze:
self.rds.set(oneLockFreeze.onlyid, oneLockFreeze.lock_user, ex=4800)
# 判断是否存在redis里
if not self.rds.get(self.only_id):
return rf().code(401)
else:
getRdsVal = self.rds.get(self.only_id).decode('utf8')
# 判断是否是相同用户操作
if not getRdsVal == self.obj.current_user:
return rf().set(404, "其它用户已锁定")
return None
async def post(self, *args, **kwargs):
resData = {}
reqData = json.loads(self.request.body.decode("utf8"))
reqList = {m: [str(n)] for m, n in reqData.items()}
result = RoleForm(reqList)
if result.validate():
try:
await self.application.objects.get(Roles,
title=reqData['title'])
return self.finish(rf().set(404, "失败用户已存在"))
except Roles.DoesNotExist as e:
# 过滤出权限id列表
perList = [
int(str(i).split('permission-')[1])
for i in reqData["permission"]
if str(i).startswith("permission-")
]
async with self.application.objects.atomic():
roleOne = await self.application.objects.create(
Roles, title=reqData['title'])
if not len(perList) == 0:
for c in perList:
# 给角色添加权限
await self.application.objects.create(
rolePermission,
roles_id=roleOne.id,
permissions_id=c)
return self.finish(rf().code(201))
else:
resData = rf().code(404)
resData['msg'] = result.errors
return self.finish(resData)
async def post(self, *args, **kwargs):
resData = {}
reqInfo = json.loads(self.request.body.decode("utf8"))
# 转换格式为wtform-tornado支持
reqInfo = {m: [n] for m, n in reqInfo.items()}
valiForm = MenusForm(reqInfo)
# 验证前端传值是否正确
if valiForm.validate():
obj = valiForm.data
try:
await self.application.objects.get(Menus, title=obj['title'])
resData = rf().set(404, "失败菜单名已存在")
return self.finish(resData)
except Exception as f:
dict1 = {
"title": obj['title'],
"icon": obj['icon'],
"path": obj['path'],
"code": obj['code'],
"ord": int(obj['ord']),
}
# 判断前端是否传父菜单id
if reqInfo['parent'][0]:
dict1["sub_id"] = reqInfo['parent'][0]
await self.application.objects.create(Menus, **dict1)
resData = rf().code(201)
self.finish(resData)
else:
resData = rf().code(404)
resData['msg'] = valiForm.errors
self.finish(resData)
async def post(self):
reqData = json.loads(self.request.body.decode("utf8"))
# 生成wtform-tornado验证格式
btncontrol = False if reqData["btncontrol"] == "2" else True
res = await self.application.objects.execute(
WhiteList.update(is_global=btncontrol))
if not res:
resData = rf().set(404, "IP限制开启失败")
return self.finish(resData)
return self.finish(rf().code(202))
async def post(self):
rds = self.application.rds(2)
userSha256 = hashlib.sha256(
self.current_user.encode('utf8')).hexdigest()
rds.delete(userSha256)
rds.delete(self.current_user)
return self.finish(rf().code(200))
async def post(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode('utf8'))
getUser = await self.application.objects.get(
Users, username=self.current_user)
uuidList = str(uuid.uuid1()).split("-")
# 生成订单号
onlyId = "".join(
str(datetime.datetime.now().timestamp()).split(".") + uuidList)
dict1 = {
"onlyid":
onlyId,
"name":
reqData["name"],
"cardclass":
reqData["cardclass"],
"cardnum":
reqData["cardnum"],
"amount":
int(reqData["amount"]),
"account":
reqData["account"],
"remark":
reqData["remark"],
"user_group":
getUser.username,
"date_group":
datetime.datetime.strptime(reqData["timeinfo"], "%Y-%m-%d"),
}
await self.application.objects.create(Records, **dict1)
return self.finish(rf().code(201))
async def delete(self, *args, **kwargs):
reqInfo = json.loads(self.request.body.decode("utf8"))
for one in reqInfo['id']:
one = int(one)
await self.application.objects.execute(
WhiteList.delete().where(WhiteList.id == one))
self.finish(rf().code(204))
async def delete(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode("utf8"))
for one in reqData['data']:
await self.application.objects.execute(
Records.delete().where((Records.id == one["id"])
& (Records.onlyid == one["onlyid"])))
self.finish(rf().set(204, "删除成功"))
async def post(self):
resData = {}
reqData = json.loads(self.request.body.decode('utf8'))
try:
getOnlyid = await self.application.objects.get(
Records, onlyid=reqData["onlyid"])
except Exception as e:
return self.finish(rf().set(404, "信息有误"))
if getOnlyid.is_fail:
return self.finish(rf().set(404, "该信息已提交过"))
getOnlyid.is_fail = True
getOnlyid.spare1 = self.current_user
res = await self.application.objects.update(getOnlyid)
if res == 0:
return self.finish(rf().set(404, "操作失败"))
return self.finish(rf().code(202))
async def get(self, *args, **kwargs):
roleList = await self.application.objects.execute(Roles.select())
resList = []
for role in roleList:
dict1 = {
"id": role.id,
"title": role.title,
}
resList.append(dict1)
resData = rf().code(200)
resData['data'] = resList
return self.finish(resData)
async def put(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode('utf8'))
# 获取redis验证信息
rds = RedisGroup(self)
rdsInfo = await rds.get(reqData)
if rdsInfo:
return self.finish(rdsInfo)
# 修改记录
recordData = {
m: [n] if isinstance(n, str) else [str(n)]
for m, n in reqData.items()
}
valiData = RecordsForm(recordData)
if valiData.validate():
getRecord = await self.application.objects.get(
Records, id=reqData["id"], onlyid=reqData["onlyid"])
valiUuid = getRecord.uuidnum
val = valiData.data
_dict1 = {
"cardclass": val["cardclass"],
"name": val["name"],
"account": val["account"],
"amount": int(val["amount"]),
"cardnum": val["cardnum"],
"remark": reqData["remark"],
"last_time": datetime.datetime.now()
}
resSql = await self.application.objects.execute(
Records.update(**_dict1, uuidnum=uuid.uuid1()).where(
(Records.id == reqData["id"])
& (Records.onlyid == reqData["onlyid"])
& (Records.uuidnum == valiUuid)))
if resSql == 0:
return self.finish(rf().code(404))
return self.finish(rf().code(202))
else:
resData = rf().set(404, "更新失败")
resData["msg"] = valiData.errors
async def post(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode('utf8'))
# 获取redis验证信息
rds = RedisGroup(self)
rdsInfo = await rds.set(reqData)
if rdsInfo:
return self.finish(rdsInfo)
try:
oneRecord = await self.application.objects.get(
Records, id=reqData["id"], onlyid=reqData["onlyid"])
validata = oneRecord.uuidnum
except Exception as e:
rds.delete()
return self.finish(rf().code(404))
# 判断初始状态是否为确定
if oneRecord.is_confirm:
rds.delete()
return self.finish(rf().set(404, "失败记录已确定"))
# 判断初始状态是否为确定
if oneRecord.is_freeze:
return self.finish(rf().set(404, "其它用户已锁定"))
# 更改锁定状态
if reqData["is_lock"]:
async with self.application.objects.atomic():
result = await self.application.objects.execute(
Records.update(is_lock=reqData["is_lock"],
uuidnum=uuid.uuid1(),
lock_user=self.current_user).where(
(Records.id == reqData["id"])
& (Records.uuidnum == validata)
& (Records.is_confirm == False)))
if result == 0:
rds.delete()
return self.finish(rf().code(404))
return self.finish(rf().set(202, "操作成功"))
else:
async with self.application.objects.atomic():
result = await self.application.objects.execute(
Records.update(is_lock=reqData["is_lock"],
uuidnum=uuid.uuid1(),
lock_user=self.current_user).where(
(Records.id == reqData["id"])
& (Records.uuidnum == validata)
& (Records.is_confirm == False)))
if result == 0:
return self.finish(rf().code(404))
rds.delete()
return self.finish(rf().set(202, "操作成功"))
async def wrapper(self,*args, **kwargs):
# ip限制
ip = self.request.remote_ip
globalRes = await self.application.objects.execute(WhiteList.select().where(WhiteList.is_global==True))
if len(globalRes)>=1:
try:
ipRes = await self.application.objects.get(WhiteList, ip=ip)
except WhiteList.DoesNotExist as e:
return self.finish(rf().code(401))
if not ipRes.is_through:
return self.finish(rf().code(401))
#判断是否带token返回
try:
reqAuth = self.request.headers['Authorization']
except KeyError as e:
return self.finish(rf().code(401))
# return HTTPError(401)
if reqAuth == "undefined" or (not reqAuth):
return self.finish(rf().code(401))
# 判断是否过期及token中是否有用户信息
reqUser = jt().decode(reqAuth)
if not reqUser:
return self.finish(rf().code(401))
#实例化redis获取用户信息
rds = self.application.rds(2)
userinfo = rds.get(reqUser['data'])
if not userinfo:
return self.finish(rf().code(401))
self._current_user = userinfo.decode("utf8")
#权限
reqPath = self.request.uri.split("?")[0]
whitePath = ["/index/"]
if reqPath not in whitePath:
is_per_through = 0
perGet = rds.get(userinfo.decode("utf8")).decode("utf8")
perList = eval(perGet)
for p in perList:
pl = p.split(":")
reg = re.compile(eval(repr('^'+pl[0]+'$')))
regR = reg.match(reqPath)
methodR = self.request.method.lower()
if regR and (methodR==pl[1]):
is_per_through = 1
if is_per_through == 0:
return self.finish(rf().set(403,"无权限访问"))
return await method(self, *args, **kwargs)
async def post(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode("utf8"))
# 生成wtform-tornado验证格式
reqDict = {m: [str(n)] for m, n in reqData.items()}
valiDict = WhiteForm(reqDict)
if valiDict.validate():
newData = valiDict.data
through = False if reqData["is_through"] == "2" else True
try:
await self.application.objects.get(WhiteList, ip=newData['ip'])
resData = rf().set(404, "失败IP已存在")
return self.finish(resData)
except WhiteList.DoesNotExist as e:
async with self.application.objects.atomic():
await self.application.objects.create(WhiteList,
ip=newData['ip'],
is_through=through)
return self.finish(rf().code(201))
else:
resData = rf().code(404)
resData['msg'] = valiDict.errors
return self.finish(resData)
async def put(self, *args, **kwargs):
resData = {}
temp = json.loads(self.request.body.decode("utf8"))
reqInfo = {m: [str(n)] for m, n in temp.items()}
reqvali = PermissionsForm(reqInfo)
if reqvali.validate():
try:
oneEdit = await self.application.objects.get(Permissions,
id=reqInfo['id'])
except Exception as e:
self.finish(rf().set(404, "失败提交信息有误"))
else:
obj = reqvali.data
oneEdit.title = obj['title']
oneEdit.url = obj['url']
oneEdit.method = obj['method']
oneEdit.menu_id = obj['menu']
await self.application.objects.update(oneEdit)
resData = rf().code(202)
else:
resData = rf().code(404)
resData['msg'] = reqvali.errors
return self.finish(resData)
async def put(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode("utf8"))
reqList = {m: [str(n)] for m, n in reqData.items()}
result = RoleForm(reqList)
if result.validate():
valiData = result.data
try:
oneRole = await self.application.objects.get(Roles,
id=reqData['id'])
except Roles.DoesNotExist as e:
return self.finish(rf().set(404, "失败用户不存在"))
async with self.application.objects.atomic():
oneRole.title = valiData['title']
await self.application.objects.update(oneRole)
#删除原来角色对应权限
await self.application.objects.execute(
rolePermission.delete().where(
rolePermission.roles_id == oneRole.id))
# 过滤出权限id列表
perList = [
int(str(i).split('permission-')[1])
for i in reqData["permission"]
if str(i).startswith("permission-")
]
if not len(perList) == 0:
for c in perList:
# 给角色添加权限
await self.application.objects.create(
rolePermission,
roles_id=oneRole.id,
permissions_id=c)
return self.finish(rf().code(202))
else:
resData = rf().code(404)
resData['msg'] = result.errors
return self.finish(resData)
async def get(self, *args, **kwargs):
resData = {}
menuList = await self.application.objects.execute(Menus.select())
resList = []
for menu in menuList:
# 判断是否有子菜单,并获取没有子菜单的菜单
res = await self.application.objects.execute(menu.children)
if len(res) == 0:
temp = {
"menuid": menu.id,
"menutitle": menu.title,
}
resList.append(temp)
resData = rf().code(200)
resData['data'] = resList
return self.finish(resData)
async def get(self, *args, **kwargs):
resData = {}
await self.application.objects.execute(Menus.select().for_update())
menusObj = await self.application.objects.execute(Menus.select())
# 返回所有菜单信息
list1 = []
for menu in menusObj:
dict1 = {
"id": menu.id,
"title": menu.title,
"code": menu.code,
}
list1.append(dict1)
resData = rf().code(200)
resData["data"] = list1
return self.finish(resData)
async def delete(self, *args, **kwargs):
reqData = json.loads(self.request.body.decode("utf8"))
# 实例化redis
rds = RedisGroup(self)
for one in reqData['data']:
# 获取redis验证信息
rdsInfo = await rds.get(one)
if rdsInfo:
return self.finish(rdsInfo)
await self.application.objects.execute(
Records.delete().where((Records.id == one["id"])
& (Records.onlyid == one["onlyid"])))
rds.delete()
self.finish(rf().set(204, "删除成功"))
async def get(self, page, size, *args, **kwargs):
# 所有过滤或查询的列表集合
allDataQuery = []
page = int(page)
size = int(size)
# 判断search是否有值,有值返回搜索的值
try:
search = self.request.arguments['search'][0].decode("utf8")
except Exception as f:
search = None
if search:
allDataQuery.append((Users.username == search))
userAllObj = await self.application.objects.execute(
Users.newData(allDataQuery).paginate(
page, paginate_by=size).order_by(Users.id.desc()))
total = await self.application.objects.execute(
Users.newData(allDataQuery))
list1 = []
for one in userAllObj:
roleList = []
#获取跟用户关联的角色
roleObj = await self.application.objects.execute(one.role)
for t in roleObj:
temp = {
"id": t.id,
"title": t.title,
}
roleList.append(temp)
dict1 = {
"id": one.id,
"username": one.username,
"is_superuser": one.is_superuser,
"role": roleList,
}
list1.append(dict1)
resData = rf().code(200)
resData["data"] = list1
resData["total"] = len(total)
return self.finish(resData)
async def post(self, *args, **kwargs):
req = json.loads(self.request.body.decode("utf8"))
try:
oneUser = await self.application.objects.get(
Users, username=req['username'])
except Exception as e:
raise HTTPError(401)
#验证用户密码
passwd = pd().checkpw(req['password'], oneUser.password)
if passwd:
userSha256 = hashlib.sha256(
req['username'].encode('utf8')).hexdigest()
#redis保存用户信息
rds = self.application.rds(2)
rds.set(userSha256, req['username'], ex=7200)
resData = rf().code(200)
resData['authorization'] = jt().encode(userSha256)
return self.finish(resData)
else:
raise HTTPError(401)
async def get(self, *args, **kwargs):
permissionList = await self.application.objects.execute(
Permissions.select())
dataList = []
dataSet = set()
#获取底层菜单的权限
for per in permissionList:
if per.menu.title in dataSet:
for m in dataList:
if m['title'] == per.menu.title:
subDict = {
'id': "permission" + "-" + str(per.id),
'title': per.title,
}
m['children'].append(subDict)
else:
dataSet.add(per.menu.title)
dataDict = {
'id': per.menu.id,
'title': per.menu.title,
'children': []
}
subDict = {
'id': "permission" + "-" + str(per.id),
'title': per.title,
}
dataDict['children'].append(subDict)
dataList.append(dataDict)
#获取菜单的层级列表
menusList = await self.application.objects.execute(Menus.select())
menuResList = []
for menu in menusList:
if not menu.sub_id:
menuResList.append(menu)
#根据底层菜单拼接权限
dataJoin = await utils.deepRes(self, menuResList, 0, dataList)
resData1 = rf().code(200)
resData1["data"] = dataJoin
return self.finish(resData1)
async def get(self, page, size, *args, **kwargs):
# 所有过滤或查询的列表集合
allDataQuery = []
page = int(page)
size = int(size)
# 判断search是否有值,有值返回搜索的值
try:
search = self.request.arguments['search'][0].decode("utf8")
except Exception as f:
search = None
if search:
allDataQuery.append((Roles.title == search))
roleObj = await self.application.objects.execute(
Roles.newData(allDataQuery).paginate(
page, paginate_by=size).order_by(Roles.id.desc()))
total = await self.application.objects.execute(
Roles.newData(allDataQuery))
list1 = []
for one in roleObj:
perList = []
perObj = await self.application.objects.execute(one.permission)
for t in perObj:
temp = {
"id": "permission-" + str(t.id),
"title": t.title,
}
perList.append(temp)
dict1 = {
"id": one.id,
"title": one.title,
"permission": perList,
}
list1.append(dict1)
resData = rf().code(200)
resData["data"] = list1
resData["total"] = len(total)
return self.finish(resData)
async def get(self, page, size, *args, **kwargs):
# 所有过滤或查询的列表集合
allDataQuery = []
page = int(page)
size = int(size)
# 判断search是否有值,有值返回搜索的值
try:
search = self.request.arguments['search'][0].decode("utf8")
except Exception as f:
search = None
if search:
allDataQuery.append((Permissions.title == search))
permissionObj = await self.application.objects.execute(
Permissions.newData(allDataQuery).paginate(
page, paginate_by=size).order_by(Permissions.id.desc()))
total = await self.application.objects.execute(
Permissions.newData(allDataQuery))
list1 = []
for per in permissionObj:
menuTitle = await self.application.objects.get(Menus,
id=per.menu_id)
dict1 = {
"id": per.id,
"title": per.title,
"url": per.url,
"method": eval(per.method),
"menuid": menuTitle.id,
"menu": menuTitle.title,
}
list1.append(dict1)
resData = rf().code(200)
resData["data"] = list1
resData["total"] = len(total)
return self.finish(resData)
async def get(self, page, size, *args, **kwargs):
# 所有过滤或查询的列表集合
allDataQuery = []
page = int(page)
size = int(size)
# 判断search是否有值,有值返回搜索的值
try:
search = self.request.arguments['search'][0].decode("utf8")
except Exception as f:
search = None
if search:
allDataQuery.append((WhiteList.ip == search))
ipAllObj = await self.application.objects.execute(
WhiteList.newData(allDataQuery).paginate(
page, paginate_by=size).order_by(WhiteList.id.desc()))
total = await self.application.objects.execute(
WhiteList.newData(allDataQuery))
list1 = []
is_global = []
for one in ipAllObj:
dict1 = {
"id": one.id,
"ip": one.ip,
"is_through": "1" if one.is_through else "2",
}
if one.is_global:
is_global.append(one)
list1.append(dict1)
resData = rf().code(200)
resData["data"] = list1
resData["total"] = len(total)
resData["is_global"] = True if len(is_global) >= 1 else False
return self.finish(resData)
