def list(self, request, *args, **kwargs):
if request.user and request.user.is_staff:
return super(FourSerializerViewSet, self).list(request, *args, **kwargs)
elif request.user and request.user.employee and request.user.employee.position:
positions = get_readable(request.user.employee.position)
serializer = self.list_serializer(positions, many=True)
return Response(serializer.data)
raise PermissionDenied()
def list(self, request):
if request.user and request.user.is_staff:
queryset = Position.objects.all()
elif request.user and request.user.employee and request.user.employee.position:
queryset = get_readable(request.user.employee.position)
else:
raise PermissionDenied()
serializer = serializers.PositionRecordFieldListandDetailSerializer(queryset, many=True)
return Response(serializer.data)
def list(self, request, *args, **kwargs):
if request.user and request.user.is_staff:
return super(FourSerializerViewSet, self).list(request, *args, **kwargs)
elif request.user and request.user.employee and request.user.employee.position:
departments = set()
for position in get_readable(request.user.employee.position):
if position.department: departments.add(position.department)
serializer = self.list_serializer(departments, many=True)
return Response(serializer.data)
raise PermissionDenied()
def retrieve(self, request, pk=None):
position = get_object_or_404(Position.objects.all(), pk=pk)
if request.user and request.user.is_staff:
pass
elif request.user and request.user.employee and request.user.employee.position:
if position not in get_readable(request.user.employee.position):
raise PermissionDenied()
else:
raise PermissionDenied()
serializer = serializers.PositionRecordFieldListandDetailSerializer(position)
return Response(serializer.data)
def list(self, request, *args, **kwargs):
if request.user and request.user.is_staff:
return super(FourSerializerViewSet, self).list(request, *args, **kwargs)
elif request.user and request.user.employee and request.user.employee.position:
record_fields = set()
for position in get_readable(request.user.employee.position):
for record_field in position.record_fields.all():
record_fields.add(record_field)
for record_field in request.user.employee.position.record_fields.all():
record_fields.add(record_field)
serializer = self.list_serializer(record_fields, many=True)
return Response(serializer.data)
raise PermissionDenied()
def retrieve(self, request, *args, **kwargs):
if request.user and request.user.is_staff:
return super(FourSerializerViewSet, self).retrieve(request, *args, **kwargs)
elif request.user and request.user.employee and request.user.employee.position:
department = get_object_or_404(Department.objects.all(), pk=kwargs.get('pk', None))
positions = set()
for position in get_readable(request.user.employee.position):
if position.department and position.department.id == department.id:
positions.add(position.id)
if positions:
serializer = self.detail_serializer(department, context={'positions': positions})
return Response(serializer.data)
raise PermissionDenied()
def list(self, request, *args, **kwargs):
date = self.request.query_params.get('date', None)
records = Record.objects.all()
if date:
records = records.filter(date = date)
if request.user and request.user.is_staff:
pass
elif request.user and request.user.employee and request.user.employee.position:
tmp_records = set()
readable = get_readable(request.user.employee.position)
for record in records:
if record.employee.position in readable:
tmp_records.add(record)
records = tmp_records
serializer = self.list_serializer(records, many=True)
return Response(serializer.data)
def retrieve(self, request, *args, **kwargs):
if request.user and request.user.is_staff:
return super(FourSerializerViewSet, self).retrieve(request, *args, **kwargs)
elif request.user and request.user.employee and request.user.employee.position:
employee = get_object_or_404(Employee.objects.all(), pk=kwargs.get('pk', None))
if not request.user.employee.id == employee.id:
have_access = False
for position in get_readable(request.user.employee.position):
if employee in position.employees.all():
have_access = True
continue
if not have_access:
raise PermissionDenied()
serializer = self.detail_serializer(employee, context={"request": request})
return Response(serializer.data)
raise PermissionDenied()
def update(self, request, *args, **kwargs):
if request.user and request.user.is_staff:
return super(FourSerializerViewSet, self).update(request, *args, **kwargs)
elif request.user and request.user.employee and request.user.employee.position:
changable = get_changable(request.user.employee.position)
readable = get_readable(request.user.employee.position)
position = get_object_or_404(Position.objects.all(), pk=kwargs.get('pk', None))
# check permissions can be obtained
if request.data and request.data['permissions']:
permissions = Permission.objects.all()
for permissionId in request.data['permissions']:
permission = get_object_or_404(permissions, pk=permissionId)
if permission in position.permissions.all():
continue
if permission.permission == Permission.PERMISSION_VIEW and permission.position in readable:
continue
if permission.permission == Permission.PERMISSION_CHANGE and permission.position in changable:
continue
raise PermissionDenied()
# check position can be changed
if position in changable:
return super(FourSerializerViewSet, self).update(request, *args, **kwargs)
raise PermissionDenied()
def post(self, request, format=None):
start_date = request.data.get('start_date', None)
end_date = request.data.get('end_date', None)
employee_name = request.data.get('employee_name', None)
employee_phone = request.data.get('employee_phone', None)
position_name = request.data.get('position_name', None)
department_name = request.data.get('department_name', None)
# Validate date
if start_date is None or end_date is None:
raise CustomBadRequest("Must specify start_date and end_date")
try:
start_date = datetime.strptime(start_date, '%Y-%m-%d').date()
end_date = datetime.strptime(end_date, '%Y-%m-%d').date()
except ValueError as e:
raise CustomBadRequest(str(e))
if start_date > end_date: raise DateRangeException()
if request.user and request.user.is_staff:
readable_ids = None
elif request.user and request.user.employee and request.user.employee.position:
readable_ids = set()
for readable in get_readable(request.user.employee.position):
readable_ids.append(readable.id)
else:
raise PermissionDenied()
with connection.cursor() as cursor:
cursor.execute('''
SELECT CONCAT(authUser.last_name, authUser.first_name) AS employee, employee.phone,
pos.name AS position, record.date, depart.name AS department,
record.value, record.comment, fie.name, fie.unit, fie.order
FROM imbition_employee employee
LEFT JOIN imbition_position pos
ON pos.id = employee.position_id
LEFT JOIN imbition_department depart
ON depart.id = pos.department_id
LEFT JOIN auth_user authUser
ON authUser.id = employee.user_id
LEFT JOIN imbition_record record
ON employee.id = record.employee_id
LEFT JOIN imbition_recordfield fie
ON fie.id = record.field_id
WHERE (record.date BETWEEN '{start_date}' AND '{end_date}' OR record.date IS NULL)
{employee_name_query}
{employee_phone_query}
{employee_pos_query}
{employee_depart_query}
{readable_query}
ORDER BY fie.order
'''.format(
start_date = start_date,
end_date = end_date,
employee_name_query = "" if not employee_name else "AND CONCAT(authUser.last_name, authUser.first_name) = '{name}'".format(name=employee_name),
employee_phone_query = "" if not employee_phone else "AND employee.phone = '{phone}'".format(phone=employee_phone),
employee_pos_query = "" if not position_name else "AND pos.name = '{name}'".format(name=position_name),
employee_depart_query = "" if not department_name else "AND depart.name = '{name}'".format(name=department_name),
readable_query = "" if not readable_ids else "AND pos.id IN ({ids})".format(ids = ','.join(readable_ids)),
))
rows = cursor.fetchall()
columns = [column[0] for column in cursor.description]
data = dict()
order = ['姓名', '手机', '日期', '部门', '岗位']
fields = set()
for row in rows:
row_dict = dict(zip(columns, row))
key = str(row_dict['phone']) + str(row_dict['date'])
if key not in data:
data[key] = dict(
姓名=row_dict['employee'],
手机=row_dict['phone'],
日期=row_dict['date'],
部门=row_dict['department'],
岗位=row_dict['position'],
)
if row_dict['name']:
value_name = row_dict['name'] + ((' (' + row_dict['unit'] + ')') if row_dict['unit'] else '')
comment_name = row_dict['name'] + ' 备注'
data[key][value_name] = row_dict['value']
data[key][comment_name] = row_dict['comment']
if value_name not in order: order.append(value_name)
if comment_name not in order: order.append(comment_name)
return Response(dict(
data=sorted(data.values(), key=lambda k: k['日期'] if k['日期'] is not None else date.min),
order=order,
))