def account_lists():
if not g.user.can_visit('system'):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
company = g.user.company
if request.method == 'GET':
users = User.query.filter_by(company_id=company.id,
role_id=UserRole.ROLE_NORMAL).all()
data = [{
'id': user.id,
'account': user.username,
'permission': json.loads(user.permission),
'remark': user.remark
} for user in users]
return success_result(data)
elif request.method == 'POST':
params = request.get_json() or request.form
if params.get('account') is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=params.get('account')).first()
if user:
return error_result(ErrorCode.ERROR_USERNAME_EXISTED)
try:
user = User(company_id=company.id,
role_id=UserRole.ROLE_NORMAL,
permission=json.dumps(params['permission']),
remark=params['remark'],
password_reseted=False,
username=params['account'],
password='******')
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
db.session.add(user)
db.session.commit()
return success_result({})
def screen_detail(sid):
company = g.user.company
screen = Screen.query.filter(Screen.company_id == company.id,
Screen.id == sid).first()
if screen is None:
return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST)
if request.method == 'GET':
return success_result(screen.get_json())
elif request.method == 'PUT':
params = request.get_json()
fields = ('box_id', 'name', 'camera_name', 'camera_address',
'camera_position', 'network_switcher',
'network_switcher_token'
'description', 'allow_all_subjects', 'allow_visitor',
'allowed_subject_ids')
screen.update(fields, params)
screen.display_devices.update({'reload_timestamp': g.TIMESTAMP})
db.session.add(screen)
update_company_data_version(company)
return success_result(screen.get_json())
elif request.method == 'DELETE':
content = generate_delete_screen_task_content(company.id, sid)
task = Task()
task.name = u'删除相机'
task.content = content
db.session.add(task)
db.session.commit()
delete_screen.delay(task.id, company.id, sid)
return success_result()
def company(company_id):
if request.method == 'GET':
company = Company.query.get(company_id)
data = {
"company": company.get_json(),
"users": [user.get_json() for user in company.users],
"boxes": [box.get_json() for box in company.boxes]
}
return success_result(data)
elif request.method == 'DELETE':
return success_result({})
def theme_setting(device_id):
company = g.user.company
device = DisplayDevice.query.filter_by(id=device_id).first()
if not device:
return error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST)
if request.method == 'GET':
return success_result(device.get_json(with_logo=True))
elif request.method == 'PUT':
card_theme = request.form.get('card_theme')
card_theme_vip = request.form.get('card_theme_vip')
photo = request.files.get('photo')
logo = request.files.get('logo')
theme = request.form.get('theme') # current
duration = request.form.get('duration') # stay
reset_background = request.form.get('reset_background',
'false') # stay
if logo is not None:
company.logo = storage.save_image(logo.stream, 'logo')
if photo is not None:
device.background = save_screen_background(photo)
if card_theme is not None:
device.card_theme = card_theme
if card_theme_vip is not None:
device.card_theme_vip = card_theme_vip
if theme is not None:
device.theme = theme
if duration is not None:
device.card_duration = int(duration)
if reset_background == 'true':
device.background = '/static/screen/images/background_blue.png'
device.reload_timestamp = g.TIMESTAMP
db.session.commit()
clear_display_config_cache(device.token)
return success_result(device.get_json())
elif request.method == 'DELETE':
db.session.delete(device)
db.session.commit()
return success_result({})
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
def box_versoin_detail(version_id):
if request.method == 'GET':
version = BoxVersion.query.get(version_id)
return success_result(version.get_json())
elif request.method == 'PUT':
version = BoxVersion.query.get(version_id)
version.config = request.form['config']
try:
json.loads(version.config)
except:
return error_result(error=ErrorCode.ERROR_JSON_INVALID)
db.session.add(version)
db.session.commit()
return success_result({})
def user_info(subject_id):
if subject_id is None:
subject = g.subject
else:
subject = g.subject.visitors.filter_by(id=subject_id).first()
if subject is None:
return abort(404)
if request.method == 'GET':
attendance = subject.attendances.filter_by(date=date.today()).first()
ret = subject.get_json(with_photos=True)
ret['holiday'] = is_holiday(g.subject.company_id, date.today())
ret['today'] = time.time()
ret['clock_in'] = u'无'
ret['clock_out'] = u'无'
if attendance and attendance.earliest_record:
ret['clock_in'] = timestamp_to_timestring(
attendance.earliest_event.timestamp)
if attendance and attendance.latest_record:
ret['clock_out'] = timestamp_to_timestring(
attendance.latest_event.timestamp)
ret['boxes'] = [box.get_json() for box in subject.company.boxes]
return success_result(ret)
elif request.method == 'PUT':
params = request.form or request.get_json()
fields = ('description', 'avatar', 'start_time', 'end_time', 'title',
'gender', 'department', 'name', 'email', 'phone', 'purpose',
'interviewee', 'come_from', 'job_number', 'remark',
'visit_notify', 'subject_type')
subject.update(fields, params)
if params.get('birthday'):
subject.birthday = date.fromtimestamp(int(params['birthday']))
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
return success_result(subject.get_json())
elif request.method == 'DELETE':
subject = Subject.query.get(subject_id)
if subject is None:
return abort(404)
if g.subject.visitors.filter_by(id=subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
for photo in subject.photos:
storage.remove(photo.url)
company = subject.company
db.session.delete(subject)
db.session.commit()
update_company_data_version(company, subject.id)
return success_result()
def company_info(cid):
if cid not in g.user.organization.company_ids:
return error_result(ErrorCode.ERROR_COMPANY_NOT_IN_ORGANIZATION)
user = User.query.filter_by(company_id=cid,
role_id=UserRole.ROLE_ADMIN).first()
params = request.form or request.get_json() or request.args
username = params.get('username')
password = params.get('password')
name = params.get('name')
remark = params.get('remark')
if username or password:
if username:
user.username = username
if password:
user.password = password
db.session.add(user)
if name or remark:
company = Company.query.get(cid)
if name:
company.name = name
if remark:
company.remark = remark
db.session.add(company)
db.session.commit()
return success_result({})
def get_display_device_info():
params = request.args or request.get_json() or request.form
token = params.get('device_token')
if not token:
resp = error_result(ErrorCode.ERROR_INVALID_PARAM)
else:
device = DisplayDevice.query.filter_by(token=token).first()
if not device:
resp = error_result(ErrorCode.ERROR_DISPLAY_DEVICE_NOT_EXIST)
else:
# prevent db from being updated too frequently
if g.TIMESTAMP > device.heartbeat + 60:
device.heartbeat = g.TIMESTAMP
db.session.commit()
screens = []
for screen in device.screens:
screens.append(screen.get_json())
result = {
'screens': screens,
'device': device.get_json()
}
resp = success_result(result)
resp.headers['Access-Control-Expose-Headers'] = 'Etag'
if device:
resp.headers['ETag'] = 'W/%s' % (device.reload_timestamp + device.display_info_timestamp + device.user_info_timestamp)
else:
resp.headers['ETag'] = 'W/0'
return resp
def get_all_themes():
params = request.args or request.get_json() or request.form
device, err = get_device_from_params(params)
theme_configs = get_ordered_theme_list(THEME_DIR, device)
return success_result({
"theme_config": theme_configs
})
def screen_create():
company = g.user.company
params = request.get_json() or request.form
screen = Screen(company_id=company.id,
theme='center',
type=ScreenType.CAMERA)
fields = (
'name',
'camera_name',
'camera_address',
'camera_position',
'network_switcher',
'network_switcher_token'
'description',
# 'screen_id'
)
screen.update(fields, params)
try:
screen.box_id = int(params.get('box_id'))
except:
pass
screen.token = Screen.create_unique_token()
db.session.add(screen)
update_company_data_version(company)
return success_result(screen.get_json())
def box_facemin_change(box_id):
facemin = request.form['facemin']
box = Box.query.get(box_id)
box.facemin = facemin
db.session.commit()
clear_updater_cache(box.box_token)
return success_result()
def box_bind(company_id):
box_token = request.form.get('box_token')
if box_token is None:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
box = Box.query.filter_by(box_token=box_token).first()
if box is None:
return error_result(ErrorCode.ERROR_BOX_NOT_EXIST)
box.company_id = company_id
for screen in box.screens:
db.session.delete(screen)
try:
db.session.commit()
except IntegrityError:
return error_result(ErrorCode.ERROR_COMPANY_NOT_EXIST)
#主机的模型用company的模型版本
company = Company.query.get(company_id)
box.model = company.feature_version
db.session.commit()
clear_updater_cache(box.box_token)
set_box_bind_cache(box_token)
return success_result(
box.get_json(with_box_version=True,
with_company=True,
with_all_screens=True))
def statistics_event():
position = request.args.get('position')
page = int(request.args.get('page', 1))
size = int(request.args.get('size', 20))
unique = int(request.args.get('unique', 0))
start_time, end_time = _parse_start_end_time()
query = Event.query.filter(Event.company_id == g.user.company_id,
Event.timestamp > start_time,
Event.timestamp <= end_time)
if position:
screen = Screen.query.filter_by(camera_position=position).first()
if screen is None:
return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST)
query = query.filter(Event.screen_id == screen.id)
events = query.order_by(Event.timestamp.desc()).all()
result = [
event.get_json()
for event in _filter_events(events, unique=bool(unique))
]
page_info = page_format(Pagination(None, page, size, len(result), None))
result = result[(page - 1) * size:page * size]
return success_result(result, page_info)
def add_organization():
params = request.form or request.get_json() or request.args
name = params.get('name')
remark = params.get('remark')
username = params.get('username')
password = params.get('password')
if not name or not username or not password:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if Organization.query.filter_by(name=name).first() is not None:
return error_result(ErrorCode.ERROR_ORGANIZATION_ALREADY_EXIST)
if User.query.filter_by(username=username).first() is not None:
return error_result(ErrorCode.ERROR_USERNAME_EXISTED)
org = Organization(name=name, remark=remark, create_time=g.TIMESTAMP)
db.session.add(org)
db.session.commit()
user = User(organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION,
username=username,
password=password,
password_reseted=True)
db.session.add(user)
db.session.commit()
ret = org.get_json()
ret['username'] = username
return success_result(ret)
def get_organization_list():
params = request.form or request.get_json() or request.args
page, size = get_pagination(params)
search = params.get('search')
query = Organization.query
if search:
users = User.query.filter(User.username.contains(search)).all()
ids = [user.organization_id for user in users]
query = query.filter(
or_(Organization.name.contains(search), Organization.id.in_(ids)))
pagination = query.paginate(page, size)
orgs = []
for org in pagination.items:
data = org.get_json()
data['company_count'] = org.companies.count()
user = User.query.filter_by(
organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION).first()
if user:
data['username'] = user.username
orgs.append(data)
return success_result(orgs, page_format(pagination))
def box_unbind(company_id, box_id):
box = Box.query.filter_by(id=box_id, company_id=company_id).first()
box.company_id = None
box.screens.delete()
db.session.commit()
clear_sync_local_cache(box.box_token)
return success_result({})
def subject_photo_create():
try:
payload = request.files['photo']
subject_id = int(request.form['subject_id'])
old_photo_id = int(request.form.get('old_photo_id', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not payload:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if g.subject.visitors.filter_by(id=subject_id).first() is None:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
photo, error = create_user_photo(payload, g.subject.company_id)
if error:
return error
photo.subject_id = subject_id
db.session.add(photo)
db.session.commit()
#delete old photo
if old_photo_id:
old_photo = Photo.query.get(old_photo_id)
if old_photo.subject.inviter_id != g.subject.id:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
storage.remove(old_photo.url)
db.session.delete(old_photo)
db.session.query(PhotoAlternative).filter(PhotoAlternative.subject_id == old_photo.subject_id). \
filter(PhotoAlternative.url == old_photo.url).delete()
db.session.commit()
if subject_id:
update_company_data_version(g.subject.company, subject_id)
return success_result(photo.get_json())
def visitors():
ret = []
visitors = g.subject.visitors.options(db.eagerload_all(
Subject.photos)).all()
for visitor in visitors:
ret.append(visitor.get_json(with_photos=True))
return success_result(ret)
def get_attendance_list():
params = request.args or request.get_json() or {}
try:
start = int(params.get('start'))
end = int(params.get('end'))
status = int(params.get('status', -1))
start_date = date.fromtimestamp(start)
end_date = date.fromtimestamp(end)
status = int(status) if status != '' else status
except:
end_date = datetime.now().date()
start_date = end_date - timedelta(10)
status = -1
subject = g.subject
query = Attendance.query.filter(Attendance.subject_id == subject.id,
Attendance.date >= start_date,
Attendance.date <= end_date)
if status != -1:
query = build_status_query(query, status)
attendances = query.order_by(desc(Attendance.date)).all()
records = [
attendance.get_json(with_holiday=True) for attendance in attendances
]
result = {
'records': records,
}
return success_result(result)
def get_attendance_count():
params = request.get_json() or request.form or request.args
query = db.session.query(Attendance.date, Attendance.clock_in, Attendance.clock_out, func.count(Attendance.id))
query = _build_query(params, query).group_by(Attendance.date, Attendance.clock_in, Attendance.clock_out)
query_result = query.all()
result = list()
stats = None
last_date = None
# 添加尾标记
query_result.append([0, 0, 0, 0])
for count in query_result:
print count
if not count[0] == last_date:
if stats is not None:
doc = stats.to_dict()
doc.update({
'date': int(time.mktime(last_date.timetuple())),
'weekday': weekdays[last_date.weekday()],
})
result.append(doc)
stats = AttendanceStats()
last_date = count[0]
stats.add_attendance(count[1], count[2], count[3])
return success_result(result)
def box_model_change(box_id):
model = request.form['model']
box = Box.query.get(box_id)
box.model = model
db.session.commit()
clear_updater_cache(box.box_token)
return success_result()
def subject_invite_page():
subject_id = request.args.get('subject_id')
token = request.args.get('token')
if not subject_id or not token:
return "非法请求"
try:
subject_id = int(subject_id)
except:
return "非法请求"
subject = Subject.query.filter(Subject.id == subject_id, Subject.subject_type != SubjectType.TYPE_EMPLOYEE).first()
if not subject:
return "链接已失效"
if g.TIMESTAMP > subject.end_time or subject.job_number != token:
return "链接已失效"
if request.method == 'GET':
return render_template('page/subject/invite.html', subject=subject.get_json(with_photos=True), error='')
elif request.method == 'POST':
payload = request.files['photo']
photo, err = create_user_photo(payload, subject.company_id)
if err:
return err
db.session.add(photo)
db.session.commit()
_update_photos(subject, [photo.id])
update_company_data_version(subject.company, subject.id)
return success_result(photo.get_json())
def subject_new():
params = request.form or request.get_json()
try:
company_id = g.user.company_id
subject_type = int(params['subject_type'])
visitor_type = SubjectType.TYPE_VISITOR if params.get('visitor_type') is None else int(params['visitor_type'])
name = params.get('name', '')
email = params.get('email', '')
phone = params.get('phone', '')
gender = int(params.get('gender', Gender.MALE))
avatar = params.get('avatar', '')
department = params.get('department', '')
title = params.get('title', '')
description = params.get('description', '')
start_time = int(params['start_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0
end_time = int(params['end_time']) if subject_type != SubjectType.TYPE_EMPLOYEE else 0
photo_ids = params['photo_ids'] if 'photo_ids' in params else []
purpose = int(params.get('purpose', VisitorPurpose.OTHER))
interviewee = params.get('interviewee', '')
come_from = params.get('come_from', '')
job_number = params.get('job_number', '')
remark = params.get('remark', '')
birthday = int(params.get('birthday', 0))
entry_date = int(params.get('entry_date', 0))
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if ((subject_type == SubjectType.TYPE_VISITOR and not g.user.has_permission(AccountPermission.ADD_VISITOR)) or
(subject_type == SubjectType.TYPE_EMPLOYEE and not g.user.has_permission(AccountPermission.ADD_EMPLOYEE))):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
# VIP type
if subject_type == SubjectType.TYPE_VISITOR:
subject_type = visitor_type
if email and Subject.query.filter_by(email=email).first():
return error_result(ErrorCode.ERROR_EMAIL_EXISTED)
subject = Subject(company_id=company_id, subject_type=subject_type, name=name, email=email, department=department,
gender=gender, avatar=avatar, title=title, description=description, start_time=start_time,
end_time=end_time, password='******', purpose=purpose, interviewee=interviewee, phone=phone,
come_from=come_from, job_number=job_number, remark=remark, create_time=g.TIMESTAMP)
if birthday:
subject.birthday = datetime.date.fromtimestamp(birthday)
if entry_date:
subject.entry_date = datetime.date.fromtimestamp(entry_date)
if subject.avatar:
avatar = storage.save_image_base64(subject.avatar, 'avatar', sync=True)
if avatar:
subject.avatar = avatar
DisplayDevice.query.filter_by(company_id=company_id).update({'user_info_timestamp': g.TIMESTAMP})
try:
db.session.add(subject)
db.session.commit()
update_company_data_version(subject.company, subject.id)
_update_photos(subject, photo_ids)
return success_result(subject.get_json(with_photos=True))
except:
db.session.rollback()
return error_result(ErrorCode.ERROR_UNKNOWN)
def subject_import_visitor():
try:
file_ = request.files['file']
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not g.user.has_permission(AccountPermission.ADD_VISITOR):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
workbook = xlrd.open_workbook(file_contents=file_.read())
sheet = workbook.sheet_by_index(0)
success = 0
state_mapping = VisitorPurpose.state_mapping_reverse
for i in xrange(1, sheet.nrows):
try:
row = sheet.row(i)
name = row[0].value
db.session.add(
Subject(name=name, purpose=state_mapping[row[1].value], come_from=row[2].value, phone=row[3].value,
interviewee=row[4].value, remark=row[5].value,
subject_type=SubjectType.TYPE_VISITOR, company_id=g.user.company_id))
db.session.commit()
success += 1
except:
import traceback;
print traceback.format_exc()
pass
return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': []})
def subject_list():
company = g.user.company
params = request.args
ret = get_subject_list(company, params)
if ret[0] is None:
return error_result(ret[1])
return success_result(ret[0], ret[1])
def subject_import():
try:
file_ = request.files['file']
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
if not g.user.has_permission(AccountPermission.ADD_EMPLOYEE):
return error_result(ErrorCode.ERROR_PERMISSION_DENIED)
workbook = xlrd.open_workbook(file_contents=file_.read())
sheet = workbook.sheet_by_index(0)
success = 0
failed = []
for i in xrange(1, sheet.nrows):
try:
row = sheet.row(i)
name = row[0].value
email = row[5].value
if email and Subject.query.filter_by(email=email).first():
failed.append(dict(name=name, email=email))
continue
if not name.strip():
continue
db.session.add(Subject(name=name, job_number=row[1].value, department=row[2].value, password='******',
title=row[3].value, phone=row[4].value, email=email, description=row[6].value,
remark=row[7].value,
subject_type=SubjectType.TYPE_EMPLOYEE, company_id=g.user.company_id))
db.session.commit()
success += 1
except:
import traceback;
print traceback.format_exc()
return success_result({'success': success, 'total': sheet.nrows - 1, 'failed': failed})
def set_info():
params = request.form or request.get_json()
box_token = params.get('box_token')
pad_id = params.get('pad_id')
position = params.get('position')
screen = Screen.query.filter_by(company_id=g.user.company_id,
token=pad_id).first()
if not screen:
return error_result(ErrorCode.ERROR_SCREEN_NOT_EXIST)
if box_token:
box = Box.query.filter_by(box_token=box_token).first()
if not box:
return error_result(ErrorCode.ERROR_BOX_NOT_EXIST)
screen.box_id = box.id
if position:
screen.camera_position = position
fields = ('network_switcher', 'network_switcher_token')
screen.update(fields, params)
db.session.commit()
if params.get('network_switcher') or params.get('network_switcher_token'):
update_company_data_version(g.user.company)
return success_result({})
def organization_info(oid):
org = Organization.query.get(oid)
if org is None:
return error_result(ErrorCode.ERROR_ORGANIZATION_NOT_EXIST)
if request.method == 'GET':
user = User.query.filter_by(
organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION).first()
data = org.get_json()
if user:
data['username'] = user.username
return success_result(data)
elif request.method == 'PUT':
params = request.form or request.get_json() or request.args
username = params.get('username')
password = params.get('password')
name = params.get('name')
remark = params.get('remark')
if username is not None or password is not None:
user = User.query.filter_by(
organization_id=org.id,
role_id=UserRole.ROLE_ORGANIZATION).first()
if user.username != username and User.query.filter_by(
username=username).first() is not None:
return error_result(ErrorCode.ERROR_USERNAME_EXISTED)
if username:
user.username = username
if password:
user.password = password
db.session.add(user)
if name:
org.name = name
if remark:
org.remark = remark
db.session.add(org)
db.session.commit()
return success_result({})
elif request.method == 'DELETE':
db.session.delete(org)
db.session.commit()
return success_result({})
def login():
params = request.form or request.get_json()
try:
username = params['username']
password = params['password']
pad_id = params['pad_id']
device_type = int(params['device_type'])
if device_type not in [ScreenType.DOOR_PAD, ScreenType.FRONT_PAD]:
raise Exception()
except:
return error_result(ErrorCode.ERROR_INVALID_PARAM)
user = User.query.filter_by(username=username).first()
if user:
if user.check_password(password):
if not user.password_reseted:
return error_result(ErrorCode.ERROR_PASSWORD_NEED_CHANGE)
login_user(user)
ret = user.get_json()
if pad_id == 'importer':
return success_result(ret)
screen = Screen.query.filter_by(company_id=user.company_id,
token=pad_id).first()
if screen is None:
screen = Screen(
company_id=user.company_id,
token=pad_id,
name='pad',
theme='center',
type=device_type,
camera_position=ScreenType.get_desc(device_type))
db.session.add(screen)
db.session.commit()
update_company_data_version(user.company)
ret['position'] = screen.camera_position
ret['screen_token'] = screen.token
ret['boxes'] = [box.get_json() for box in user.company.boxes]
ret['company'] = user.company.get_json()
return success_result(ret)
else:
return error_result(ErrorCode.ERROR_PASSWORD_ERROR)
else:
return error_result(ErrorCode.ERROR_USER_NOT_EXIST)
def user_delete(company_id, user_id):
company = Company.query.get(company_id)
user = User.query.get(user_id)
if user.role_id == UserRole.ROLE_ROOT:
return error_result(ErrorCode.ERROR_NOT_ALLOWED)
company.users.filter_by(id=user_id).delete()
db.session.commit()
return success_result({})
