def assign_user(role_id): role = Role.query.filter_by(id=role_id).first() if role: if request.json.get("user_ids"): change_users = User.query.filter(User.id.in_(request.json.get("user_ids"))).all() assigned_users = set(role.user) if request.json.get("action") == "add": for change_user in change_users: assigned_users.add(change_user) elif request.json.get("action") == "remove": for change_user in change_users: if change_user in role.user: assigned_users.remove(change_user) role.user = list(assigned_users) available_users = User.query.all() if role.user: for user in role.user: if user in available_users: available_users.remove(user) try: db.session.add(role) db.session.commit() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.ROLE_ASSIGN_USER_FAILED) role.user = sorted(role.user, key=lambda x: x.id) setattr(role, "assigned_users", role.user) setattr(role, "available_users", available_users) return generate_response(data=role_with_user_schema.dump(role)) return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def disable_device(device_id): device = Device.query.filter_by(id=device_id).first() if device: claims = get_jwt_claims() user_id = claims['id'] result = redis_client.hget("user_{user_id}".format(user_id=user_id), "roles") if result: roles = json.loads(result.decode('utf-8')) if "admin" in roles or device.owner_id == user_id: if request.json.get("disable") == "true": details = "禁用设备。" device.status = 0 else: details = "启用设备。" device.status = 1 try: db.session.add(device) db.session.commit() device_log = DeviceLog(device_id=device.id, operator_id=user_id, details=details) db.session.add(device_log) db.session.commit() return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.DISABLE_DEVICE_FAILED)
def user_assign_role(user_id): user = User.query.filter(User.id == user_id).first() if user: if request.json.get("role_ids"): change_roles = Role.query.filter(Role.id.in_(request.json.get("role_ids"))).all() assigned_roles = set(user.roles) if request.json.get("action") == "add": for change_role in change_roles: assigned_roles.add(change_role) elif request.json.get("action") == "remove": for change_role in change_roles: if change_role in user.roles: assigned_roles.remove(change_role) user.roles = list(assigned_roles) available_roles = Role.query.all() if user.roles: for role in user.roles: if role in available_roles: available_roles.remove(role) try: db.session.add(user) db.session.commit() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.ROLE_USER_ASSIGN_ROLE_FAILED) user.roles = sorted(user.roles, key=lambda x: x.id) setattr(user, "assigned_roles", user.roles) setattr(user, "available_roles", available_roles) return generate_response(data=user_with_role_schema.dump(user)) return generate_response(Code.GET_USER_PROFILE_FAILED)
def add_device(): device = Device(type=request.json.get("type"), brand=request.json.get("brand"), model=request.json.get("model"), os=request.json.get("os"), os_version=request.json.get("os_version"), resolution=request.json.get("resolution"), asset_no=request.json.get("asset_no"), root=request.json.get("root"), location=request.json.get("location"), owner_id=request.json.get("owner").get("id") if request.json.get("owner") else None, current_user_id=request.json.get("current_user").get("id") if request.json.get( "current_user") else None, desc=request.json.get("desc")) if device.resolution: device.resolution = str(device.resolution).replace("*", "×") try: db.session.add(device) db.session.commit() device_dump = device_schema.dump(device) # 添加日志 claims = get_jwt_claims() details = "添加设备。状态:{status},".format(status=device_status[device.status]) if device.owner: details += "所属者:{owner},".format(owner=device.owner.username) if device.current_user: details += "当前使用者:{current_user}".format(current_user=device.current_user.realname) device_log = DeviceLog(device_id=device.id, operator_id=claims['id'], details=details) db.session.add(device_log) db.session.commit() return generate_response(data=device_dump) except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.ADD_DEVICE_FAILED)
def assign_permission(role_id): role = Role.query.filter_by(id=role_id).first() if role: if request.json.get("permission_ids"): change_permissions = Permission.query.filter(Permission.id.in_(request.json.get("permission_ids"))).all() assigned_permissions = set(role.permissions) if request.json.get("action") == "add": for change_permission in change_permissions: assigned_permissions.add(change_permission) elif request.json.get("action") == "remove": for change_permission in change_permissions: if change_permission in role.permissions: assigned_permissions.remove(change_permission) role.permissions = list(assigned_permissions) available_permissions = Permission.query.all() if role.permissions: for permission in role.permissions: if permission in available_permissions: available_permissions.remove(permission) try: db.session.add(role) db.session.commit() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.ROLE_ASSIGN_PERMISSION_FAILED) role.permissions = sorted(role.permissions, key=lambda x: x.id) setattr(role, "assigned_permissions", role.permissions) setattr(role, "available_permissions", available_permissions) return generate_response(data=role_schema.dump(role)) return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def wrapper(*args, **kwargs): if location in ["args", "json"]: validate_result = schema.validate( request.__getattr__(location)) if validate_result: return generate_response(data=validate_result, code_msg=Code.PARAMS_ERROR), 400 return func(*args, **kwargs) return generate_response(data="request非args、json来源", code_msg=Code.PARAMS_ERROR), 400
def delete_role(role_id): role = Role.query.filter_by(id=role_id).first() if role: try: db.session.delete(role) db.session.commit() return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def update_device(device_id): exist_device = Device.query.filter_by(id=device_id).first() if exist_device: # 若当前使用者有变更,需要取消原有用户对该设备的申请记录 if request.json.get("current_user") and request.json.get("current_user").get( "id") != exist_device.current_user_id: apply_records = DeviceApplyRecord.query.filter_by(applicant_id=request.json.get("current_user").get("id"), device_id=device_id).filter( DeviceApplyRecord.status.in_([2, 4, 6])).all() if apply_records: for record in apply_records: record.status = 0 db.session.add(record) db.session.commit() # 变更日志 details = "修改设备。" if request.json.get("owner") and request.json.get("owner").get("id") != exist_device.owner_id: details += "所属者:{owner} ==> {new_owner},".format(owner=exist_device.owner.username, new_owner=request.json.get("owner").get("realname")) if request.json.get("current_user") and request.json.get("current_user").get( "id") != exist_device.current_user_id: details += "当前使用者:{current_user} ==> {new_current_user}".format( current_user=exist_device.current_user.username, new_current_user=request.json.get("current_user").get("realname")) exist_device.type = request.json.get("type") exist_device.brand = request.json.get("brand") exist_device.model = request.json.get("model") exist_device.os = request.json.get("os") exist_device.os_version = request.json.get("os_version") exist_device.resolution = request.json.get("resolution") exist_device.asset_no = request.json.get("asset_no") exist_device.root = request.json.get("root") exist_device.location = request.json.get("location") exist_device.owner_id = request.json.get("owner").get("id") if request.json.get("owner") else None exist_device.current_user_id = request.json.get("current_user").get("id") if request.json.get( "current_user") else None exist_device.desc = request.json.get("desc") if exist_device.resolution: exist_device.resolution = str(exist_device.resolution).replace("*", "×") try: db.session.add(exist_device) db.session.commit() device_dump = device_schema.dump(exist_device) claims = get_jwt_claims() device_log = DeviceLog(device_id=exist_device.id, operator_id=claims['id'], details=details) db.session.add(device_log) db.session.commit() return generate_response(data=device_dump) except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.UPDATE_DEVICE_FAILED)
def get_role(role_id): role = Role.query.filter_by(id=role_id).first() if role: available_permissions = Permission.query.all() if role.permissions: for permission in role.permissions: if permission in available_permissions: available_permissions.remove(permission) setattr(role, "assigned_permissions", role.permissions) setattr(role, "available_permissions", available_permissions) return generate_response(data=role_schema.dump(role)) return generate_response(code_msg=Code.ROLE_NOT_EXIST)
def apply(device_id): claims = get_jwt_claims() applicant_id = claims['id'] device = Device.query.filter_by(id=device_id).filter( Device.status != 0).first() if device: # 有apply_id,则修改申请 if request.json.get("apply_id"): apply_record = DeviceApplyRecord.query.filter_by( id=request.json.get("apply_id"), device_id=device_id, applicant_id=applicant_id, status=3).first() if apply_record: apply_record.start_time = request.json.get("start_time") apply_record.end_time = request.json.get("end_time") apply_record.application_desc = request.json.get( "application_desc") apply_record.status = 1 details = "修改申请。" else: return generate_response(code_msg=Code.APPLY_FAILED) else: apply_records = DeviceApplyRecord.query.filter_by( device_id=device_id, applicant_id=applicant_id).filter( not_(DeviceApplyRecord.status.in_([0, 5]))).all() # 同一用户不允许多次申请同一设备 if apply_records: return generate_response(code_msg=Code.APPLY_DEVICE_DUPLICATE) else: apply_record = DeviceApplyRecord( device_id=device_id, applicant_id=applicant_id, start_time=request.json.get("start_time"), end_time=request.json.get("end_time"), application_desc=request.json.get("application_desc")) details = "申请设备。" try: db.session.add(apply_record) db.session.commit() device_log = DeviceLog(device_id=device.id, operator_id=applicant_id, details=details) db.session.add(device_log) db.session.commit() return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.APPLY_FAILED) else: return generate_response(code_msg=Code.APPLY_DEVICE_NOT_READY)
def add_role(): role = Role.query.filter_by(name=request.json.get("name")).first() if role: return generate_response(code_msg=Code.ROLE_EXIST) role = Role(name=request.json.get("name"), desc=request.json.get("desc")) try: db.session.add(role) db.session.commit() return generate_response(data=role_schema.dump(role)) except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.ROLE_ADD_FAILED)
def update_password(user_id): claims = get_jwt_claims() if user_id != claims['id']: return generate_response(code_msg=Code.PERMISSION_DENIED), 403 user = User.query.filter_by(id=user_id).first() if user and user.password == request.json.get("old_password"): user.password = request.json.get("new_password") try: db.session.add(user) db.session.commit() redis_client.set("user_token_expired_{id}".format(id=user_id), 'true', ex=current_app.config['JWT_ACCESS_TOKEN_EXPIRES']) return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.PASSWORD_NOT_CORRECT)
def cancel(apply_id): claims = get_jwt_claims() applicant_id = claims['id'] apply_record = DeviceApplyRecord.query.filter_by(id=apply_id).first() # 只能取消自己申请的 if apply_record and apply_record.applicant_id == applicant_id: apply_record.status = 0 try: db.session.add(apply_record) db.session.commit() device_log = DeviceLog(device_id=apply_record.device_id, operator_id=applicant_id, details="取消申请。") db.session.add(device_log) db.session.commit() return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.APPLY_DEVICE_CANCEL_FAILED)
def return_back(apply_id): claims = get_jwt_claims() applicant_id = claims['id'] apply_record = DeviceApplyRecord.query.filter_by(id=apply_id).first() # 只有申请通过、归还不通过状态才可以进行归还 if apply_record and apply_record.applicant_id == applicant_id and apply_record.status in [ 2, 6 ]: apply_record.status = 4 try: db.session.add(apply_record) db.session.commit() device_log = DeviceLog(device_id=apply_record.device_id, operator_id=applicant_id, details="归还设备。") db.session.add(device_log) db.session.commit() return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.APPLY_DEVICE_RETURN_FAILED)
def update_user(user_id): user = User.query.filter_by(id=user_id).first() if user: user.username = request.json.get("username", user.username) user.realname = request.json.get("realname", user.realname) user.email = request.json.get("email", user.email) user.status = request.json.get("status", user.status) try: db.session.add(user) db.session.commit() # 若禁用了,则不允许登录 if user.status == 0: redis_client.set( "user_token_expired_{id}".format(id=user_id), 'true', ex=current_app.config['JWT_ACCESS_TOKEN_EXPIRES']) redis_client.expire("user_{id}".format(id=user_id), 1) return generate_response(data=user_schema.dump(user)) except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.UPDATE_USER_PROFILE_FAILED)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() # admin角色可以访问所有 result = redis_client.hget( "user_{user_id}".format(user_id=claims['id']), "roles") if result: roles = json.loads(result.decode('utf-8')) if "admin" in roles: return func(*args, **kwargs) # 或者有操作权限 permissions = get_permissions_from_redis(claims['id']) if permission in permissions: return func(*args, **kwargs) return generate_response(code_msg=Code.PERMISSION_DENIED), 403
def get_device(device_id): device = Device.query.filter_by(id=device_id).first() if device: return generate_response(data=device_schema.dump(device)) return generate_response(code_msg=Code.GET_DEVICE_FAILED)
def audit(apply_id): claims = get_jwt_claims() auditor_id = claims['id'] apply_record = DeviceApplyRecord.query.filter_by(id=apply_id).first() device = Device.query.filter_by(id=apply_record.device_id).first() # 审批“申请中”、“归还中” if apply_record and apply_record.status in [1, 4] and device: auditor_is_admin = False audit_or_not = False result = redis_client.hget("user_{user_id}".format(user_id=auditor_id), "roles") if result: roles = json.loads(result.decode('utf-8')) if "admin" in roles: auditor_is_admin = True # admin角色可以审批所有申请、归还记录 if auditor_is_admin: audit_or_not = True else: # 非admin角色只能处理owner是自己的申请、归还记录。 if device.owner_id == auditor_id: audit_or_not = True if audit_or_not: # 审批申请 if apply_record.status == 1: apply_record.apply_audit_reason = request.json.get("reason") apply_record.apply_auditor_id = auditor_id if request.json.get("approval") == 1: apply_record.status = 2 device.current_user_id = apply_record.applicant_id # 若借用出去,且current_user!=owner,状态变成借用中。 if device.current_user_id != device.owner_id: device.status = 2 details = "通过{applicant}的申请".format( applicant=apply_record.applicant.realname) else: apply_record.status = 3 details = "拒绝{applicant}的申请".format( applicant=apply_record.applicant.realname) # 审批归还 else: apply_record.return_audit_reason = request.json.get("reason") apply_record.return_auditor_id = auditor_id if request.json.get("approval") == 1: apply_record.status = 5 device.current_user_id = None details = "通过{applicant}的归还".format( applicant=apply_record.applicant.realname) else: apply_record.status = 6 details = "拒绝{applicant}的归还".format( applicant=apply_record.applicant.realname) try: db.session.add(apply_record) db.session.add(device) db.session.commit() device_log = DeviceLog(device_id=device.id, operator_id=claims['id'], details=details) db.session.add(device_log) db.session.commit() return generate_response() except Exception as e: current_app.logger.error(str(e)) db.session.rollback() return generate_response(code_msg=Code.APPLY_DEVICE_AUDIT_FAILED)
def get_user(user_id): user = User.query.filter_by(id=user_id).first() if user: return generate_response(data=user_schema.dump(user)) return generate_response(code_msg=Code.GET_USER_PROFILE_FAILED)