def __check_auth_user():
userid = session['userid']
data = request.get_json() or {}
userids = data.get('userids') or []
usernames = []
if not userids:
userid_get = data.get('userid')
if userid_get:
userids = [userid_get]
if not userids:
usernames = data.get('usernames') or []
if not usernames:
return True
user_info = User.get_by_id(userid, ['user_info']).get('user_info')
role = user_info.get('role') or 1
if role == 101:
return True
if userids:
for userid_get in userids:
user_info_get = User.get_by_id(userid_get,
['user_info']).get('user_info')
if not __inner_check_auth_user(user_info, role, user_info_get):
return False
else:
for username in usernames:
user_info_get = User.get({
'user_info.username': username
}, ['user_info']).get('user_info')
if not __inner_check_auth_user(user_info, role, user_info_get):
return False
return True
def set_auth_qu_use(userids, qu_ids, is_add):
userids = list(map(lambda x: ObjectId(x), userids))
qu_ids = list(map(lambda x: ObjectId(x), qu_ids))
if is_add:
for userid in userids:
for qu_id in qu_ids:
has_qu = __get_qu(userid, qu_id) is not None
if not has_qu:
User.update_by_id_add(userid, {
'qus': {
'qu_id': ObjectId(qu_id),
'info': {
'auth': 1
}
}
})
else:
User.update({'_id': {
'$in': userids
}}, {'$pull': {
'qus': {
'qu_id': {
'$in': qu_ids
}
}
}})
return True
def set_org(org_id, org):
del org['_id']
old_org = Organization.get_by_id(org_id)
if old_org.get('org_name') != org.get('org_name'):
User.update({'user_info.org': old_org.get('org_name')},
{'$set': {
'user_info.org': org.get('org_name')
}})
return Organization.update_by_id(org_id, org)
def set_sub_orgs(userids, org, sub_org):
for userid in userids:
if org:
User.update_by_id_set(userid, {
'user_info.org': org,
'user_info.sub_org': sub_org
})
else:
User.update_by_id_set(userid, {'user_info.sub_org': sub_org})
return True
def __get_qu_ids(userid):
if __is_admin(userid):
qu_ids = Questionnair.get_iter({}, ['_id'])
return list[qu_ids]
qu_ids = User.get_by_id(userid, ['qus.qu_id']).get('qus') or []
qu_ids = list(map(lambda x: x['qu_id'], qu_ids))
return qu_ids
def post(self): # 测试通过
"""对应 /api/users -post
:param req: 添加的用户数据
:return: 添加后的用户数据包括id
"""
req = request.json
user_result = add_user(
User(generate_uuid(), req.get('username'), req.get('name'),
req.get('password'),
req.get('email'), req.get('day_of_birth'), req.get('gender'),
req.get('academy'), req.get('major'), req.get('bio'),
req.get('phone'), req.get('year_of_enrollment')))
user_dto = UsersDto(user_id=user_result.user_id,
username=user_result.username,
name=user_result.name,
email=user_result.email,
day_of_birth=user_result.day_of_birth,
gender=user_result.gender,
academy=user_result.academy,
major=user_result.major,
bio=user_result.bio,
phone=user_result.phone,
year_of_enrollment=user_result.year_of_enrollment,
club_ids=[],
request_ids=[])
res = user_dto
# res = flask.make_response(res)
# res.headers['Access-Control-Allow-Origin'] = "*"
# res.headers['Access-Control-Allow-Headers'] = "content-type, x-auth-token"
# res.headers['Access-Control-Allow-Methods'] = "GET, PUT, POST, DELETE, OPTIONS, HEAD"
return obj2json(res)
def add_user(user_id, user_info_set, password):
user_info = User.get_by_id(user_id, ['user_info']).get('user_info') or {}
user_info_set['role'] = 1
user_info_set['org'] = user_info.get('org')
user_info_set['sub_org'] = user_info.get('sub_org')
add(user_info_set, password)
return True
def put(self, user_id): # 测试通过
"""
对应 /api/users/:user_id -put
:param user_id: 将要被更新的用户id
:return: 更新对应user_id的用户数据
"""
req = request.json
user_result = update_user(user_id, User(
user_id,
req.get('username'),
req.get('name'),
req.get('password'),
req.get('email'),
req.get('day_of_birth'),
req.get('gender'),
req.get('academy'),
req.get('major'),
req.get('bio'),
req.get('phone'),
req.get('year_of_enrollment')
))
if user_result is not None:
user_dto = add_clubids_and_requestids_to_dto(user_result)
res = user_dto
else:
res = {'message': 'It\'s not exist that user you want update.'}
return obj2json(res)
def __get_auth_users(userid):
user_info = User.get_by_id(userid, ['user_info']).get('user_info')
role = user_info.get('role') or 1
if role == 101:
userids = User.get_iter({}, None)
elif role == 100:
userids = User.get_iter({'user_info.role': {'$lte': role}}, None)
elif role >= 4:
org = user_info.get('org')
if not org:
userids = []
else:
userids = User.get_iter(
{
'user_info.role': {
'$lte': role
},
'user_info.org': user_info.get('org')
}, None)
elif role >= 2:
org = user_info.get('org')
sub_org = user_info.get('sub_org')
if not org or not sub_org:
userids = []
else:
userids = User.get_iter(
{
'user_info.role': {
'$lte': role
},
'user_info.org':
org,
'$or': [{
'user_info.sub_org': {
'$in': sub_org
}
}, {
'user_info.sub_org': []
}]
}, None)
else:
userids = []
arr = []
for e in userids:
arr.append(e.get('_id'))
userids = arr
return userids
def upload(qu_id, usernames, qu_datas):
for username, qu_data in zip(usernames, qu_datas):
userid_set = User.get({'user_info.username': username}, ['_id'])
if not userid_set:
continue
userid_set = str(userid_set.get('_id'))
set_qu_data(userid_set, qu_id, qu_data)
return True
def __is_admin(userid):
user_info = User.get_by_id(userid).get('user_info')
if not user_info:
return False
role = user_info.get('role')
if not role:
return False
return role >= 100
def my_login():
request_data_dict = eval(str(request.data, encoding="utf8").replace('\n', '').replace('\t', ''))
username = request_data_dict['username']
data = user_dao.if_username_exist(username)
# 用户名不存在
if len(data) == 0:
return make_response('用户名不存在!', 400)
# 验证密码
if not request_data_dict['password'] == user_dao.get_password_by_username(username)[0][0]:
return make_response('密码错误!', 400)
user = User()
token = str(user.jwt_encoding(), encoding="utf8")
token_json = {'token': token}
return jsonify(token_json)
def __get_qu(userid, qu_id):
res = User.get(
{
"_id": ObjectId(userid),
"qus": {
'$elemMatch': {
"qu_id": ObjectId(qu_id)
}
}
}, ['qus'])
return res
def set_user_qu_info(userid, qu_id, info):
has_qu = __get_qu(userid, qu_id) is not None
if not has_qu:
return User.update_by_id_add(
userid, {'qus': {
'qu_id': ObjectId(qu_id),
'info': info
}})
else:
return User.update_one(
{
"_id": ObjectId(userid),
"qus": {
'$elemMatch': {
"qu_id": ObjectId(qu_id)
}
}
}, {'$set': {
'qus.$.info': info
}})
def get_users_sel(userid, data_filter=None, data_sel=None):
if data_filter is None:
data_filter = {}
userids = __get_auth_users(userid)
data_filter['_id'] = {'$in': userids}
res = User.get_user_iter(data_filter, data_sel)
users = []
for e in res:
e['_id'] = str(e['_id'])
users.append(e)
return users
def __check_auth_org():
userid = session['userid']
user_info = User.get_by_id(userid, ['user_info']).get('user_info')
role = user_info.get('role') or 1
if role >= 100:
return True
data = request.get_json() or {}
org_name = Organization.get_by_id(data.get('org_id'),
['org_name']).get('org_name')
if 4 <= role < 100:
return org_name == user_info.get('org')
return False
def set_qu_data(userid, qu_id, qu_data):
has_qu = __get_qu(userid, qu_id) is not None
if not has_qu:
User.update_by_id_add(
userid, {'qus': {
'qu_id': ObjectId(qu_id),
'info': {
'auth': 1
}
}})
qu_report = Report.generate_report(qu_id, qu_data)
return User.update_one(
{
"_id": ObjectId(userid),
"qus": {
'$elemMatch': {
"qu_id": ObjectId(qu_id)
}
}
}, {'$set': {
'qus.$.qu_data': qu_data,
'qus.$.qu_report': qu_report
}})
def get_ogs(userid):
user_info = User.get_by_id(userid).get('user_info') or {}
role = user_info.get('role') or 1
if role >= 100:
res = Organization.get_iter()
res = list(res)
for e in res:
e['_id'] = str(e['_id'])
return res
else:
res = Organization.get_by_name(user_info.get('org'))
if not res:
return []
res['_id'] = str(res['_id'])
return [res]
def __check_auth_role():
userid = session['userid']
data = request.get_json() or {}
user_infos = data.get('user_infos') or []
if not user_infos:
user_info_set = data.get('user_info')
if not user_info_set:
return True
else:
user_infos = [user_info_set]
user_info = User.get_by_id(userid, ['user_info']).get('user_info')
role = user_info.get('role') or 1
for e in user_infos:
role_set = e.get('role') or 1
if role < role_set:
return False
return True
def get_qu_data(userid, qu_id):
res = User.get(
{
"_id": ObjectId(userid),
"qus": {
'$elemMatch': {
"qu_id": ObjectId(qu_id)
}
}
}, {
'_id': 0,
'qus.$.qu_data': 1
})
if not res:
return None
res = res.get('qus')
if res:
res = res[0].get('qu_data')
return res
def get_qu(userid, qu_id):
res = User.get(
{
"_id": ObjectId(userid),
"qus": {
'$elemMatch': {
"qu_id": ObjectId(qu_id)
}
}
}, {
'_id': 0,
'qus.$': 1
})
if not res:
return None
res = res.get('qus')
if res:
res = res[0]
res['qu_id'] = str(res['qu_id'])
return res
def __check_auth_qu():
userid = session['userid']
data = request.get_json() or {}
qu_id_get = data.get('qu_id')
qu_ids_get = data.get('qu_ids') or []
if not qu_ids_get:
if not qu_id_get:
return True
else:
qu_ids_get = [qu_id_get]
user = User.get_by_id(userid, ['user_info', 'qus.qu_id'])
role = user.get('user_info').get('role') or 1
if role >= 100:
return True
else:
qu_ids = list(map(lambda x: str(x['qu_id']), user.get('qus') or []))
for qu_id in qu_ids_get:
if qu_id not in qu_ids:
return False
return True
def get_sub_orgs(userid, data_filter):
user_info = User.get_by_id(userid, ['user_info']).get('user_info')
role = user_info.get('role') or 1
if role >= 100:
org = data_filter.get('user_info').get('org')
if org:
res = Organization.get_by_name(org).get('sub_orgs') or []
return res
list = []
res = Organization.get_iter()
for e in res:
cur_list = e.get('sub_orgs') or []
list.extend(cur_list)
return list
elif 4 <= role < 100:
res = Organization.get_by_name(
user_info.get('org')).get('sub_orgs') or []
return res
else:
return []
def post(self): # 测试通过
'''对应 /api/users -post
:param req: 添加的用户数据
:return: 添加后的用户数据包括id
'''
req = request.json
user_result = add_user(User(
generate_uuid(),
req.get('username'),
req.get('name'),
req.get('password'),
req.get('email'),
req.get('day_of_birth'),
req.get('gender'),
req.get('academy'),
req.get('major'),
req.get('bio'),
req.get('phone'),
req.get('year_of_enrollment')
))
user_dto = UsersDto(
user_id=user_result.user_id,
username=user_result.username,
name=user_result.name,
email=user_result.email,
day_of_birth=user_result.day_of_birth,
gender=user_result.gender,
academy=user_result.academy,
major=user_result.major,
bio=user_result.bio,
phone=user_result.phone,
year_of_enrollment=user_result.year_of_enrollment,
club_ids=[],
request_ids=[]
)
res = user_dto
return obj2json(res)
def get_users(userid, data_filter=None):
if data_filter is None:
data_filter = {}
userids = __get_auth_users(userid)
data_filter['_id'] = {'$in': userids}
res = User.get_user_iter(data_filter, ['user_info', 'qus'])
user_infos = []
for e in res:
e['_id'] = str(e['_id'])
if e.get('qus'):
user_qu_map = {}
for qu in e['qus']:
# if not qu.get('qu_report'):
# qu['qu_report'] = {}
user_qu_map[str(qu['qu_id'])] = {
'qu_report': qu.get('qu_report'),
'info': qu.get('info')
}
e['qus'] = user_qu_map
else:
e['qus'] = {}
user_infos.append(e)
return user_infos
def get_user_by_userid(userid, dic_r=None):
return User.get({'_id': ObjectId(userid)}, dic_r)
class UsersApi(Resource):
def post(self): # 测试通过
'''对应 /api/users -post
:param req: 添加的用户数据
:return: 添加后的用户数据包括id
'''
req = request.json
user_result = add_user(User(
generate_uuid(),
req.get('username'),
req.get('name'),
req.get('password'),
req.get('email'),
req.get('day_of_birth'),
req.get('gender'),
req.get('academy'),
req.get('major'),
req.get('bio'),
req.get('phone'),
req.get('year_of_enrollment')
))
user_dto = UsersDto(
user_id=user_result.user_id,
username=user_result.username,
name=user_result.name,
email=user_result.email,
day_of_birth=user_result.day_of_birth,
gender=user_result.gender,
academy=user_result.academy,
major=user_result.major,
bio=user_result.bio,
phone=user_result.phone,
year_of_enrollment=user_result.year_of_enrollment,
club_ids=[],
request_ids=[]
)
res = user_dto
return obj2json(res)
def get(self): # 测试通过
'''
根据是否有包含username的query_string判断返回一个用户or所有用户
:return: 一个username相关用户or所有用户
'''
if request.query_string:
query_str = str(request.query_string, encoding='utf-8')
query_key_value = query_str.split('&')
query_dict = {}
for key_value in query_key_value:
key, value = key_value.split('=')
query_dict[key] = value
if 'username' in query_dict.keys():
user_result = get_user_by_username(query_dict['username'])
if user_result is not None:
user_dto = add_clubids_and_requestids_to_dto(user_result)
res = user_dto
else:
res = {'message': 'user ' + query_dict['username'] + ' don\'t exist.'}
"""
@admin_required
@login_required
def get(self, rate):
return {'hello': rate}
def put(self, rate):
return {'put': 'successful'}
def post(self, rate):
return {'post': 'successful'}
def delete(self, rate):
return {'delete': 'successful'}
else:
res = {
'message': 'query_string don\'t have the "username" property.'
}
else:
users_result = get_users()
res = []
for user_result in users_result:
user_dto = add_clubids_and_requestids_to_dto(user_result)
res.append(user_dto)
return obj2json(res)
class UsersApiById(Resource):
def put(self, user_id): # 测试通过
"""
对应 /api/users/:user_id -put
:param user_id: 将要被更新的用户id
:return: 更新对应user_id的用户数据
"""
req = request.json
user_result = update_user(user_id, User(
user_id,
req.get('username'),
req.get('name'),
req.get('password'),
req.get('email'),
req.get('day_of_birth'),
req.get('gender'),
req.get('academy'),
req.get('major'),
req.get('bio'),
req.get('phone'),
req.get('year_of_enrollment')
))
if user_result is not None:
user_dto = add_clubids_and_requestids_to_dto(user_result)
res = user_dto
else:
res = {'message': 'It\'s not exist that user you want update.'}
return obj2json(res)
def get_user_by_username(username):
return User.get({'user_info.username': username})
def __check_auth_admin():
userid = session['userid']
user_info = User.get_by_id(userid, ['user_info']).get('user_info')
role = user_info.get('role') or 1
return role >= 100
def add(user_info, password):
userid = User.add({'user_info': user_info, 'password': password})
return userid