def agency_financial_detail():
form = QueryAgencyFinancialForm()
# wtforms_components.read_only(form.submit2) #TODO, 暂时禁用, 待实现db中的指出查询后去掉这一行
if not current_user.is_staff():
form.agencyid.data = current_user.agencyid
wtforms_components.read_only(form.agencyid)
if form.validate_on_submit():
agencyid = form.agencyid.data if current_user.is_staff(
) else current_user.agencyid #反外挂
if form.submit1.data is True:
info = u"购钻明细, 代理ID: {}".format(agencyid)
dbRetIsOk, rowData, totalMoney = Mysqlhandler.me(
).queryAgencyIncomeDetail(agencyid)
cols = [u"交易流水号", u"钻石数量", u"上级代理ID", u"时间"]
else:
info = u"支钻明细, 代理ID: {}".format(agencyid)
dbRetIsOk, rowData, totalMoney = Mysqlhandler.me(
).queryAgencyOutcomeDetail(agencyid)
cols = [u"交易流水号", u"钻石数量", u"下级代理ID", u"玩家ID", u"时间"]
if dbRetIsOk == True:
ext_info = u"总额:{}".format(totalMoney)
return render_template(
'query_ret.html',
info=info,
ext_info=ext_info,
cols=cols,
records=rowData,
next_url=url_for('main.agency_financial_detail'))
flash(u"查询失败{}".format(dbRetData))
return render_template('form.html', form=form, tittle=u"钻石明细查询")
def admin_login():
if request.method == 'POST':
form = LoginForm(request.form)
validate_csrf(form.csrf_token)
account = Account.query.filter_by(username=form.username.data, password=generate_hash_pass(form.username.data, form.password.data)).first()
if account:
login_user(account)
account.set_status(online=True).save()
return redirect(url_for('admin.index'), code=302)
else:
return json.dumps(
{
'success': False
}
), 401, {'ContentType':'application/json'}
else:
if current_user.is_authenticated and current_user.is_staff():
redirect(url_for('admin.index'))
return json.dumps(
{
'success': False
}
), 302, {'ContentType':'application/json'}
print('Rendering page')
return render_template('admin/pages/login.html', form=LoginForm())
def decoreted_view(*args, **kwargs):
if not current_user.is_authenticated:
return lm.unauthorized()
if (not current_user.is_admin()) and (not current_user.is_staff()):
flash('職員の権限が必要です。職員ユーザでログインしてください', 'danger')
return lm.unauthorized()
return func(*args, **kwargs)
def material_application_new():
if not current_user.is_staff():
flash('只有员工帐号才能使用此功能', 'danger')
return redirect(url_for('content.material_application_index'))
if request.method == 'POST':
app_contents = []
app_infos = {
'customer': request.form.get('customer'),
'project_name': request.form.get('project_name'),
'purpose': request.form.get('purpose'),
'delivery_method': request.form.get('delivery_method'),
'receive_address': request.form.get('receive_address'),
'receiver': request.form.get('receiver'),
'receiver_tel': request.form.get('receiver_tel')
}
if request.form:
for param in request.form:
if 'material' in param and request.form.get(param):
if int(request.form.get(param)) > 0:
app_contents.append(
[param.split('_', 1)[1],
request.form.get(param)])
if app_contents or request.form.get('app_memo'):
application = MaterialApplication(
app_no='MA' + datetime.datetime.now().strftime('%y%m%d%H%M%S'),
user=current_user,
status='新申请',
app_memo=request.form.get('app_memo'),
app_type=3,
sales_area=request.form.get('sales_area'),
app_infos=app_infos)
db.session.add(application)
for app_content in app_contents:
material = Material.query.get_or_404(app_content[0])
ma_content = MaterialApplicationContent(
material_id=material.id,
material_name=material.name,
number=app_content[1],
application=application)
db.session.add(ma_content)
db.session.commit()
flash('物料申请提交成功', 'success')
else:
flash('物料申请内容不能为空', 'danger')
return redirect(url_for('content.material_application_index'))
else:
materials = Material.query.order_by(Material.name.desc())
form = MaterialApplicationForm2()
today = datetime.datetime.now().strftime('%F')
departments = ', '.join(
[department.name for department in current_user.departments])
return render_template('content/material_application/new.html',
form=form,
materials=materials,
today=today,
departments=departments)
def decoreted_view(*args, **kwargs):
if not current_user.is_authenticated:
return lm.unauthorized()
if current_user.is_admin():
return func(*args, **kwargs)
if current_user.is_staff():
return func(*args, **kwargs)
if current_user.person_id == request.view_args.get('id'):
return func(*args, **kwargs)
flash('指定された利用者しか参照できません。該当利用者でログインしてください', 'danger')
return lm.unauthorized()
def accounts():
if not current_user.is_staff() or not current_user.is_authenticated:
return redirect(url_for('index.index'))
page = request.args.get('page', 1, type=int)
accounts = paginate(Account.query, page=page, per_page=25)
return render_template('admin/pages/accounts/accounts.html',
accounts=accounts,
find=find_account,
amount=amount,
ranks=ranks,
form=AccountForm())
def index():
today = date.today()
yesterday1 = today - relativedelta(days=1)
yesterday2 = today - relativedelta(days=2)
yesterday3 = today - relativedelta(days=3)
prev = today - relativedelta(months=1)
Item = namedtuple(
'Item',
('name', 'idm', 'staff', 'caption', 'url', 'caption1', 'url1',
'caption2', 'url2', 'caption3', 'url3', 'url_performlogs',
'utl_performlogs_report', 'url_performlogs_report1', 'url_worklogs',
'url_worklogs_report', 'url_worklogs_report1'))
if current_user.is_staff():
persons = Person.query.filter(Person.enabled == True).order_by(
Person.staff, Person.name).all()
else:
persons = (Person.get_or_404(current_user.person_id), )
items = []
for person in persons:
item = Item(
person.display_or_name,
check_idm(person),
person.staff,
_get_caption(person, today),
_get_url(person, today),
_get_caption(person, yesterday1),
_get_url(person, yesterday1),
_get_caption(person, yesterday2),
_get_url(person, yesterday2),
_get_caption(person, yesterday3),
_get_url(person, yesterday3),
url_for('performlogs.index',
id=person.id,
yymm=today.strftime('%Y%m')),
url_for('performlogs.report',
id=person.id,
yymm=today.strftime('%Y%m')),
url_for('performlogs.report',
id=person.id,
yymm=prev.strftime('%Y%m')),
url_for('worklogs.index',
id=person.id,
yymm=today.strftime('%Y%m')),
url_for('worklogs.report',
id=person.id,
yymm=today.strftime('%Y%m')),
url_for('worklogs.report',
id=person.id,
yymm=prev.strftime('%Y%m')),
)
items.append(item)
return render_template('index.pug', items=items)
def authorize(*args, **kwargs):
# Only CSRF protect this route.
csrf_check()
if request.method == 'GET':
client_id = kwargs.get('client_id')
client = Client.query.filter_by(client_id=client_id).first()
kwargs['client'] = client
kwargs['is_staff'] = current_user.is_staff()
return render_template('auth/oauthorize.html', **kwargs)
confirm = request.form.get('confirm', 'no')
return confirm == 'yes'
def authorize(*args, **kwargs):
# Only CSRF protect this route.
#csrf_check()
if request.method == 'GET':
client_id = kwargs.get('client_id')
client = Client.query.filter_by(client_id=client_id).first()
kwargs['client'] = client
kwargs['is_staff'] = current_user.is_staff()
return render_template('auth/oauthorize.html', **kwargs)
confirm = request.form.get('confirm', 'no')
return confirm == 'yes'
def add_player():
form = AddPlayerForm()
if not current_user.is_staff():
form.superviorid.data = current_user.agencyid
wtforms_components.read_only(form.superviorid)
if form.validate_on_submit():
playerid = form.playerid.data
superviorid = form.superviorid.data if current_user.is_staff(
) else current_user.agencyid #反外挂
dbRetIsOk, dbRetData = Mysqlhandler.me().addPlayer(
superviorid, playerid, current_user.is_staff())
if dbRetIsOk == True:
form.playerid.data = ""
form.superviorid.data = ""
msg = u'玩家代理关系设置成功, 玩家ID:{}, 代理ID:{}'.format(playerid, superviorid)
#return render_template('form_ret.html', msg = msg, next_url = url_for('main.add_player'))
return redirect(
url_for('main.rander_form_ret', msg=msg, op='main.add_player'))
else:
flash(u"绑定失败, {}".format(dbRetData))
return render_template('form.html', form=form, tittle=u"设置玩家的代理")
def agency_modify_password():
superviorid = None if current_user.is_staff() else current_user.agencyid
form = ModifyPasswordForm()
if form.validate_on_submit():
agencyid = current_user.agencyid
password = form.password.data
newpassword = form.newpassword.data
dbRetIsOk, dbRetData = Mysqlhandler.me().agencyModifyPassword(
agencyid, password, newpassword)
if dbRetIsOk == True:
msg = "修改密码成功"
return redirect(
url_for('main.rander_form_ret', msg=msg, op='main.index'))
flash(u"修改密码失败, {}".format(dbRetData))
return render_template('form.html', form=form, tittle=u"修改密码")
def student(survey_id):
# neccessary instance for survey creation
s = Survey()
res = Respond()
error = None
if current_user.is_admin() or current_user.is_staff():
# the Admin and staff can preview the survey
pass
elif res.is_submitted(survey_id, current_user.get_id()) or \
not (current_user.is_student() or current_user.is_guest()):
return redirect(url_for("permission_deny"))
# get the basic information for this survey_id
this_survey = s.id_filter(survey_id).one()
qids = s.get_qids(survey_id)
if request.method == "POST":
answerlist = []
for qid in qids:
try:
# get all the answer form student
# because the questoin_id in survey is start form 1
# so add 1 in i and find the answer
this_q = request.form[str(qid)]
if not this_q:
error = "You must finish all the questions."
answerlist.append(this_q)
except:
error = "You must finish all the questions."
if not error:
# push the recorded answers to database
res.new_res(survey_id, current_user.get_id(), answerlist)
return render_template("finish_survey.html")
# get the question information form here
q = Question()
# all the question is here
q_list = q.find_q(qids)
return render_template("student.html", \
course_name = this_survey[1]+" "+this_survey[2],\
msg_err = error,\
quest_list = q_list)
def post_survey(survey_id):
if current_user.is_student():
return redirect(url_for("permission_deny"))
s = Survey()
if current_user.is_admin():
# admin want to post the survey to staff
s.post(survey_id)
elif current_user.is_staff():
# staff try to post this survey to student
if s.is_premitted(survey_id, current_user.get_id()):
# the staff is in that course
s.review(survey_id)
else:
# the staff have no right to change the code
return redirect(url_for("permission_deny"))
# give a pront to show the successful message
return render_template("msg.html",title= "Successfully Post a Survey",\
msg_suc_l=["Successful Post a Survey",\
"You were successfully posted survey "+str(survey_id)+".",\
url_for("dashboard"),"Review More"])
def agency_financial_info():
superviorid = None if current_user.is_staff() else current_user.agencyid
form = QueryAgencyFinancialInfoForm()
if form.validate_on_submit():
if form.submit1.data is True:
info = u"下属累计购买钻石数量"
dbRetIsOk, dbRetData = Mysqlhandler.me().queryAgencyIncomeInfo(
superviorid)
else:
info = u"下属累计支出钻石总量"
dbRetIsOk, dbRetData = Mysqlhandler.me().queryAgencyOutcomeInfo(
superviorid)
if dbRetIsOk == True:
cols = [u"下级代理ID", u"钻石数量"]
return render_template(
'query_ret.html',
info=info,
cols=cols,
records=dbRetData,
next_url=url_for('main.agency_financial_info'))
flash(u"查询失败, {}".format(dbRetData))
return render_template('form.html', form=form, tittle=u"下属钻石情况查询")
def dashboard():
# route by the current user type
c = Course()
# get the survey instance
s = Survey()
# muti type of user respond
if current_user.is_student():
return render_template('dash/student.html',\
survey_l = s.get_survey_by_user(current_user.uid))
if current_user.is_staff():
return render_template('dash/staff.html',\
survey_l = s.get_survey_by_user(current_user.uid))
if current_user.is_admin():
# get all the ongoning survey and all the courses
return render_template('dash/admin.html',survey_l = s.get_survey(),\
course_l= c.get_course(),guest_l = UserData().show_unguest(),\
enrol_l = EnrolRequest().get_requests())
if current_user.is_guest():
return render_template('dash/guest.html',\
survey_l = s.get_survey_by_user(current_user.uid),\
course_l= c.get_course())
def account():
_type = request.args.get('type')
id = request.args.get('id')
print(_type, id)
if _type == 'edit':
if request.method == 'GET':
if id == 0:
return redirect(url_for('account.accounts'))
account = find_account(id)
if account:
if current_user.rank().level < 2 and current_user.rank(
).level <= account.rank().level:
if current_user.is_staff():
return redirect(url_for('account.accounts'))
else:
return redirect(url_for('index.index'))
form = AccountForm()
form.rank.process_data(account.rank().level)
return render_template('admin/pages/accounts/account.html',
account=account,
form=form,
render_type='edit',
redirect=redirect)
else:
return render_template('admin/pages/404.html',
reason='Account',
content='Not found')
else:
form = AccountForm(request.form)
account = find_account(form.id.data)
if account:
if current_user.rank().level < 2 and current_user.rank(
).level <= account.rank().level:
abort(400)
form = AccountForm(request.form)
if form.password.data is None or not form.password.data:
form.password.data = account.password
if form.password.data != account.password:
form.password.data = generate_hash_pass(
account.username, form.password.data)
account.__init__(**form.data)
account.save()
account.rank().level = int(form.rank.data)
account.rank().save()
return json.dumps({'success': True}), 200, {
'ContentType': 'application/json'
}
else:
abort(400)
return redirect(url_for('account.accounts'))
elif _type == 'add':
form = AccountForm(request.form)
if not form.username.data or form.username.data is None or len(
form.username.data) < 3:
return json.dumps({
'success': False,
'message': 'Invalid username value'
}), 400, {
'ContentType': 'application/json'
}
if not form.password.data or form.password.data is None or len(
form.password.data) < 6:
return json.dumps({
'success': False,
'message': 'Invalid password value'
}), 400, {
'ContentType': 'application/json'
}
if not form.email.data or form.email.data is None or len(
form.email.data) < 6:
return json.dumps({
'success': False,
'message': 'Invalid email value'
}), 400, {
'ContentType': 'application/json'
}
account = find_account_by_username(
form.username.data) or find_account_by_email(form.email.data)
if account:
return json.dumps({
'success': False,
'message': 'Account already exists.'
}), 400, {
'ContentType': 'application/json'
}
form.password.data = generate_hash_pass(username=form.username.data,
password=form.password.data)
account = Account(**form.data)
account.change_rank(level=int(form.rank.data))
account.save()
return json.dumps({'success': True}), 200, {
'ContentType': 'application/json'
}
elif _type == 'new':
return render_template('admin/pages/accounts/account.html',
form=AccountForm(),
ranks=ranks,
render_type='new')
elif _type == 'delete':
account = find_account(id)
if account:
print('Username: %s' % account.username)
account.delete()
return redirect(url_for('account.accounts'))
else:
return json.dumps({
'success': False,
'message': 'Account not found.'
}), 400, {
'ContentType': 'application/json'
}
else:
return redirect(url_for('account.accounts'))
def decorated_admin(*args, **kwargs):
if current_user.is_staff():
return func(*args, **kwargs)
else:
flash(u'权限不足')
return redirect(request.args.get('next') or url_for('main.index'))
def view_survey(survey_id=None):
if current_user.is_student():
return redirect(url_for("permission_deny"))
q = Question()
s = Survey()
error = None
if request.method == "POST":
# request for changing
selected_Qid = s.get_qids(survey_id)
# record the mandertory question
q_force = []
if selected_Qid and current_user.is_staff():
# in the staff, they only can choose not mendatory_q
# filter out all the mandertory question
q_force = q.find_q(q_id=selected_Qid, pool_id="0")
# change the q_force to normal type(ids) == str
q_force = [str(this_q[0]) for this_q in q_force]
# get all the selected question
q_id = request.form.getlist("qid")
# save the changes, by reconstruct the question list
# merge two ids into one array
q_id += q_force
s.update_survey(survey_id, q_id)
if not q_id:
error = ["Survey Create Error: Not Sufficient Question",\
"Please select at least one question.",\
url_for("view_survey",survey_id= survey_id),\
"Continue Review This Survey"]
if not error and request.form["submit_type"] == "save":
# show the saved survey
pass
elif not error and request.form["submit_type"] == "post":
# post to next stage
return redirect(url_for("post_survey", survey_id=survey_id))
# find the specify survey by id
this_survey = s.find("survey.id", survey_id).one()
# find the selected question
# change the type to match the filter
selected_Qid = s.get_qids(survey_id)
# get the survey status by indent
survey_status = int(this_survey[6])
if selected_Qid:
# filter the selected question
q_force = q.find_q(q_id=selected_Qid, pool_id="0")
q_opt = q.find_q(q_id=selected_Qid, pool_id="1")
else:
# overwrite the qfind muti reaction
q_force = []
q_opt = []
if current_user.is_admin():
# have the right to edit all the added question
return render_template("final_survey.html", course_name=this_survey[1],\
course_year = this_survey[2],\
mendatory_q = q.find_q(pool_id = "0"),list_type = ["check","check"],\
optional_q = q.find_q(pool_id = "1"),select_q = selected_Qid,\
survey_id = survey_id,msg_err_l = error,survey_status= survey_status)
elif current_user.is_staff():
# only have the right to review the question
# find the course that has recorded in the survey
return render_template("final_survey.html", course_name=this_survey[1],\
course_year = this_survey[2],\
mendatory_q = q_force,list_type = ["num","check"],\
optional_q = q.find_q(pool_id= "1"),select_q = selected_Qid,\
survey_id = survey_id,msg_err_l = error,survey_status= survey_status)
def is_accessible(self):
return current_user.is_authenticated and \
(current_user.is_staff() or current_user.is_admin())
def is_accessible(self):
return current_user.is_authenticated and current_user.is_staff()