def ajax_delete(): """ 用户删除 :return: """ ajax_success_msg = AJAX_SUCCESS_MSG.copy() ajax_failure_msg = AJAX_FAILURE_MSG.copy() # 检查删除权限 if not permission_user_section_del.can(): ext_msg = _('Permission Denied') ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg) return jsonify(ajax_failure_msg) # 检查请求方法 if not (request.method == 'GET' and request.is_xhr): ext_msg = _('Method Not Allowed') ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg) return jsonify(ajax_failure_msg) # 检查请求参数 user_id = request.args.get('user_id', 0, type=int) if not user_id: ext_msg = _('ID does not exist') ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg) return jsonify(ajax_failure_msg) user_info = get_user_row_by_id(user_id) # 检查资源是否存在 if not user_info: ext_msg = _('ID does not exist') ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg) return jsonify(ajax_failure_msg) # 检查资源是否删除 if user_info.status_delete == STATUS_DEL_OK: ext_msg = _('Already deleted') ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg) return jsonify(ajax_failure_msg) # 检查是否正在使用 # 报价、订单 if count_quotation(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') ajax_failure_msg['msg'] = _('Del Failure, %(ext_msg)s', ext_msg=ext_msg) return jsonify(ajax_failure_msg) current_time = datetime.utcnow() user_data = { 'status_delete': STATUS_DEL_OK, 'delete_time': current_time, 'update_time': current_time, } result = edit_user(user_id, user_data) if result: ajax_success_msg['msg'] = _('Del Success') return jsonify(ajax_success_msg) else: ajax_failure_msg['msg'] = _('Del Failure') return jsonify(ajax_failure_msg)
def ajax_unlock(): """ 锁定用户 :return: """ if request.method == 'GET' and request.is_xhr: user_id = request.args.get('user_id', 0, type=int) if not user_id: return json.dumps({'error': u'解锁失败'}) current_time = datetime.utcnow() user_data = { 'status_lock': STATUS_LOCK_NO, 'update_time': current_time } result = edit_user(user_id, user_data) if result == 1: return json.dumps({'success': u'解锁成功'}) if result == 0: return json.dumps({'error': u'解锁失败'}) abort(404)
def ajax_delete(): """ 删除用户 :return: """ if request.method == 'GET' and request.is_xhr: user_id = request.args.get('user_id', 0, type=int) if not user_id: return json.dumps({'error': u'删除失败'}) current_time = datetime.utcnow() user_data = { 'status_delete': STATUS_DEL_OK, 'delete_time': current_time, 'update_time': current_time } result = edit_user(user_id, user_data) if result == 1: return json.dumps({'success': u'删除成功'}) if result == 0: return json.dumps({'error': u'删除失败'}) abort(404)
def setting(): """ 设置 """ # return "Hello, World!\nSetting!" form = UserProfileForm(request.form) if request.method == 'GET': from app_backend.api.user import get_user_row_by_id user_info = get_user_row_by_id(current_user.id) if user_info: form.nickname.data = user_info.nickname form.avatar_url.data = user_info.avatar_url form.email.data = user_info.email form.phone.data = user_info.phone form.birthday.data = user_info.birthday form.create_time.data = user_info.create_time form.update_time.data = user_info.update_time if request.method == 'POST': if form.validate_on_submit(): # todo 判断邮箱是否重复 from app_backend.api.user import edit_user from datetime import datetime user_info = { 'nickname': form.nickname.data, 'avatar_url': form.avatar_url.data, 'email': form.email.data, 'phone': form.phone.data, 'birthday': form.birthday.data, 'update_time': datetime.utcnow(), 'last_ip': get_real_ip(), } result = edit_user(current_user.id, user_info) if result == 1: flash(u'修改成功', 'success') if result == 0: flash(u'修改失败', 'warning') flash(form.errors, 'warning') # 调试打开 flash(u'Hello, %s' % current_user.email, 'info') # 测试打开 return render_template('./setting.html', title='setting', form=form)
def lists(): """ 用户列表 :return: """ template_name = 'user/lists.html' # 文档信息 document_info = DOCUMENT_INFO.copy() document_info['TITLE'] = _('user lists') # 搜索条件 form = UserSearchForm(request.form) search_condition = [ User.status_delete == STATUS_DEL_NO, ] if request.method == 'POST': # 表单校验失败 if not form.validate_on_submit(): flash(_('Search Failure'), 'danger') # 单独处理csrf_token if hasattr(form, 'csrf_token') and getattr(form, 'csrf_token').errors: map(lambda x: flash(x, 'danger'), form.csrf_token.errors) else: if form.name.data: search_condition.append(User.name == form.name.data) if form.role_id.data != DEFAULT_SEARCH_CHOICES_INT_OPTION: search_condition.append(User.role_id == form.role_id.data) if form.start_create_time.data: search_condition.append(User.create_time >= form.start_create_time.data) if form.end_create_time.data: search_condition.append(User.create_time <= form.end_create_time.data) # 处理导出 if form.op.data == OPERATION_EXPORT: # 检查导出权限 if not permission_user_section_export.can(): abort(403) column_names = User.__table__.columns.keys() query_sets = get_user_rows(*search_condition) return excel.make_response_from_query_sets( query_sets=query_sets, column_names=column_names, file_type='csv', file_name='%s.csv' % _('user lists') ) # 批量删除 if form.op.data == OPERATION_DELETE: # 检查删除权限 if not permission_user_section_del.can(): abort(403) user_ids = request.form.getlist('user_id') # 检查删除权限 permitted = True for user_id in user_ids: # 检查是否正在使用 # 1、报价 if count_quotation(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger') permitted = False break # 2、销售订单 if count_sales_order(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger') permitted = False break # 3、销售出货 if count_delivery(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger') permitted = False break # 4、询价 if count_enquiry(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger') permitted = False break # 5、采购订单 if count_buyer_order(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger') permitted = False break # 6、采购进货 if count_purchase(**{'uid': user_id, 'status_delete': STATUS_DEL_NO}): ext_msg = _('Currently In Use') flash(_('Del Failure, %(ext_msg)s', ext_msg=ext_msg), 'danger') permitted = False break if permitted: result_total = True for user_id in user_ids: current_time = datetime.utcnow() user_data = { 'status_delete': STATUS_DEL_OK, 'delete_time': current_time, 'update_time': current_time, } result = edit_user(user_id, user_data) result_total = result_total and result if result_total: flash(_('Del Success'), 'success') else: flash(_('Del Failure'), 'danger') # 翻页数据 pagination = get_user_pagination(form.page.data, PER_PAGE_BACKEND, *search_condition) # 渲染模板 return render_template( template_name, form=form, pagination=pagination, **document_info )
def edit(user_id): """ 用户编辑 """ user_info = get_user_row_by_id(user_id) # 检查资源是否存在 if not user_info: abort(404) # 检查资源是否删除 if user_info.status_delete == STATUS_DEL_OK: abort(410) template_name = 'user/edit.html' # 加载编辑表单 form = UserEditForm(request.form) form.id.data = user_id # id 仅作为编辑重复校验 # 文档信息 document_info = DOCUMENT_INFO.copy() document_info['TITLE'] = _('user edit') # 进入编辑页面 if request.method == 'GET': # 表单赋值 form.id.data = user_info.id form.name.data = user_info.name form.salutation.data = user_info.salutation form.mobile.data = user_info.mobile form.tel.data = user_info.tel form.fax.data = user_info.fax form.email.data = user_info.email form.role_id.data = user_info.role_id form.create_time.data = user_info.create_time form.update_time.data = user_info.update_time # 渲染页面 return render_template( template_name, user_id=user_id, form=form, **document_info ) # 处理编辑请求 if request.method == 'POST': # 表单校验失败 if not form.validate_on_submit(): flash(_('Edit Failure'), 'danger') # flash(form.errors, 'danger') return render_template( template_name, user_id=user_id, form=form, **document_info ) # 非系统角色,仅能修改自己的信息 if not permission_role_administrator.can(): if getattr(current_user, 'id') != form.id.data: flash(_('Permission denied, only the user\'s own information can be modified'), 'danger') # flash(form.errors, 'danger') return render_template( template_name, user_id=user_id, form=form, **document_info ) # 表单校验成功 # 编辑用户基本信息 current_time = datetime.utcnow() user_data = { 'name': form.name.data, 'salutation': form.salutation.data, 'mobile': form.mobile.data, 'tel': form.tel.data, 'fax': form.fax.data, 'email': form.email.data, 'role_id': form.role_id.data, 'update_time': current_time, } result = edit_user(user_id, user_data) if not result: # 编辑操作失败 flash(_('Edit Failure'), 'danger') return render_template( template_name, user_id=user_id, form=form, **document_info ) user_auth_row = get_user_auth_row(user_id=user_id) if not user_auth_row: # 编辑操作失败 flash(_('Edit Failure'), 'danger') return render_template( template_name, user_id=user_id, form=form, **document_info ) # 编辑用户认证信息 user_auth_data = { 'user_id': user_id, 'type_auth': TYPE_AUTH_ACCOUNT, 'auth_key': form.name.data, 'update_time': current_time, } result = edit_user_auth(user_auth_row.id, user_auth_data) if not result: # 编辑操作失败 flash(_('Edit Failure'), 'danger') return render_template( template_name, user_id=user_id, form=form, **document_info ) # 编辑操作成功 flash(_('Edit Success'), 'success') return redirect(request.args.get('next') or url_for('user.lists'))