def getModelData(self, modelname, id, _param): """ 获取模型数据,仅一个 @param modelname: @param id: @param _param: @return: """ model = self.getModel(modelname) if not self.check_permission(modelname, 'is_view'): raise ex(u'用户权限不足') query = model.objects.filter() if self.check_permission(modelname, 'is_self'): if self.get_me().isteacher: query = self.verify_user(query, config.model_self_teacher.get(modelname), _param) if self.get_me().isstudent: query = self.verify_user(query, config.model_self_student.get(modelname), _param) query = query.filter(id=id) if query is not None: if hasattr(model, 'get_json'): return gen_query_json(query, param=_param) else: raise ex('%s没有get_json()方法' % modelname) else: raise ex(u'无法查询到数据')
def saveUser(self, _param): """ 保存用户信息 @param _param: @return: """ flag_add = True user = User.objects.filter( pk=_param['id']).first() if _param.get('id', None) else None if user: flag_add = False if user and User.objects.exclude(pk=_param['id']).filter( username=_param['username']).count(): raise ex(u'该用户名已经存在!') if not user: if _param.get('username', None) and User.objects.filter( username=_param['username']): raise ex(u'该用户名已经存在!') user = User() dic2obj(user, [ 'username', 'truename', 'name', 'email', 'phone', 'department_id', 'role_id' ], _param) if _param.get('password', ''): user.password = _param['password'] user.save() self.logAtion(ActionLog.ACTION_MODIFY, User, user.id)
def changeUser(self, userid): ''' 切换用户,开发阶段使用 @param userid: @return: ''' if self.site.setting.get('sys_debug'): user = User.objects.filter(pk=userid).first() if not user: raise ex(u'没有该角色用户') self.logout() self.session_set('me', user.get_json()) else: raise ex(u'该功能已经禁用')
def changeUserByRole(self, roleid): ''' 根据角色切换用户,开发阶段使用 @param roleid: @return: ''' if self.site.setting.get('sys_debug'): user = User.objects.filter(role_id=roleid, status=User.STATUS_NORMAL).first() if not user: raise ex(u'没有该角色用户') self.logout() self.session_set('me', user.get_json()) else: raise ex(u'该功能已经禁用')
def changePassword(self, password, newpassword): ''' 修改用户密码 @param password: @param newpassword: @return: ''' if not newpassword: raise ex(u'新密码不能为空') user = self.get_me() if user and user.password == User.pwdhash(password, user.salt): user.password = User.pwdhash(newpassword, user.salt) user.save() else: raise ex(u'原密码不正确!')
def get_model_editfiled(self, modelname, _param): """ 获取模型选择字段 @param modelname: @return: """ model = self.getModel(modelname) if not self.check_permission(modelname, 'is_edit'): raise ex(u'用户权限不足') if self.check_permission(modelname, 'is_self'): self.verify_user(None, None, _param, is_edit=True) if hasattr(model, 'edititem'): return {'edititem': self.gen_edit_item(model, _param)} else: raise ex('%s没有设置edititem属性' % modelname)
def saveSetting(self, _param): ''' 保存设置 @param _param: @return: ''' if not self.check_permission('KeyValue', 'is_edit'): raise ex(u'用户权限不足') ks = [k for k in _param if not k.startswith('_')] resks = [] if ks: from base.models import KeyValue for kv in KeyValue.objects.filter(key__in=ks): k = kv.key kv.value = _param[k] try: kv.pyvalue kv.save() resks.append(k) except: print 'saveSetting of key %s' % kv.key pass from siteinfo import Site Site.reset() return resks
def upload_files(self): """ 多文件上传 @type:post @param files:文件,格式为:form.append(files[i].name, files[i]); @return: 返回为文件列表,信息与单个文件的一样 """ import time, os, datetime import utils file_url_list = [] if self.request.method == "POST": upload_root = 'media/upload' now = datetime.datetime.now() uplaod_path = os.path.join(upload_root, str(now.year) + str(now.month)) if not os.path.exists(uplaod_path): os.mkdir(uplaod_path) for filename in self.request.FILES: file = self.request.FILES.get(filename, None) filename_h = str(int(round(time.time() * 1000))) + '.' + file.name.split('.')[-1] filepath = os.path.join(uplaod_path, filename_h) filetype = file.name.split('.')[-1] f = open(filepath, 'wb') for chunk in file.chunks(): f.write(chunk) f.close() item = {'url': '/' + filepath, 'filename': file.name, 'size': os.path.getsize(filepath)} if filetype == 'png' or filetype == 'jpg' or filetype == 'gif': item['img_info'] = utils.get_full_compress_img_info(filepath) file_url_list.append(item) return file_url_list else: raise ex('请使用post方法上传')
def upload_file(self): """ 上传文件 @type:post @param file:文件,格式为:js:form.append('file', file); @return: 文件上传后返回:{'url':文件的相对路径, 'filename': 文件名,'size':文件大小,'img_info':图片信息(如果是图片,支持jpg,png,gif)} @return: img_info:{'normal_info': 原始图片信息, 'small_info': 小图信息,'middle_info': 中图信息)} @return: normal_info:{'url': 图片相对路径链接, 'size': 文件大小, 'width': 图片宽, 'height': 图片高} """ import time, os, datetime import utils if self.request.method == "POST": file = self.request.FILES.get("file", None) filename = str(int(round(time.time() * 1000))) + '.' + file.name.split('.')[-1] filetype = file.name.split('.')[-1] upload_root = 'media/upload' now = datetime.datetime.now() uplaod_path = upload_root + '/' + str(now.year) + str(now.month) if not os.path.exists(uplaod_path): os.mkdir(uplaod_path) filepath = os.path.join(uplaod_path, filename) f = open(filepath, 'wb') for chunk in file.chunks(): f.write(chunk) f.close() res = {'url': '/' + filepath, 'filename': file.name, 'size': os.path.getsize(filepath)} if filetype == 'png' or filetype == 'jpg' or filetype == 'gif': res['img_info'] = utils.get_full_compress_img_info(filepath) return res else: raise ex('请使用post方法上传')
def verify_user(self, query, queryfield, _param, is_edit=False): user_id = _param.get('s_user_id') or _param.get('user_id') if not user_id or self.get_me().id != int(user_id): raise ex('访问受限') if is_edit: return True querydic = {queryfield: user_id} query = query.filter(**querydic) return query
def login(self, username, password): """ 用户登录 @param username: @param password: @return: """ user = User.objects.filter(username=username).first() if user and user.password == User.pwdhash(password, user.salt): if user.status == User.STATUS_CANCELED: raise ex(u'该用户已被锁定无法登陆') self.session_set('me', user.get_json()) self.logAtion(ActionLog.ACTION_LOGIN) logingoto = self.session_get_once('logingoto') return obj2dic(user, ['id', 'username', 'token'], {'goto': logingoto or '/xadmin/'}) else: raise ex(u'用户名或密码错误')
def getModelList(self, modelname, _param): ''' 获取模型对于的数据列表 @param modelname: @param _param: @return: ''' model = self.getModel(modelname) if not self.check_permission(modelname, 'is_view'): raise ex(u'用户权限不足') query = model.objects.filter() if self.check_permission(modelname, 'is_self'): if self.get_me().isteacher: query = self.verify_user( query, config.model_self_teacher.get(modelname), _param) if self.get_me().isstudent: query = self.verify_user( query, config.model_self_student.get(modelname), _param) if self.get_me().is_teacher_assistant: query = self.verify_user( query, config.model_self_teacher_assistant.get(modelname), _param) if hasattr(model, 'get_list_json'): if hasattr(model, 'showitem'): shwoitem = model.showitem if not hasattr( model.showitem, '__call__') else model.showitem() return gen_query_json_list_array(query, param=_param, showitem=shwoitem, funcstr='get_list_json', funcdic={}) if hasattr(model, 'get_json'): if hasattr(model, 'showitem'): shwoitem = model.showitem if not hasattr( model.showitem, '__call__') else model.showitem() return gen_query_json_list_array(query, param=_param, showitem=shwoitem) return gen_query_json_list_array(query, param=_param) else: raise ex('%s没有get_json()方法' % modelname)
def export_to_excel(self, modelname, _param): model = self.getModel(modelname) if not self.check_permission(modelname, 'is_export'): raise ex(u'用户权限不足') _param['size'] = -1 _param['page'] = 1 data = self.getModelList(modelname, _param) workbook = xlwt.Workbook(encoding='utf-8') worksheet = workbook.add_sheet('sheet1') datalist = data.items if hasattr(model, 'exportlist'): exportlist = model.exportlist for index, el in enumerate(exportlist): worksheet.write(0, index, el['showname']) for index, dl in enumerate(datalist): for index_j, el in enumerate(exportlist): worksheet.write(index + 1, index_j, dl[el['fieldname']]) timestrap = str(int(time.time())) path = settings.BASE_DIR + '/media/temp/' + 'export_' + timestrap + '.xls' workbook.save(path) return '/media/temp/' + 'export_' + timestrap + '.xls' else: raise ex('导出条目没有配置')
def cancel_top(self, modelname, ids): """ 取消置顶 :param modelname: :param ids: :return: """ if not self.check_permission(modelname, 'is_top'): raise ex(u'用户权限不足') ids = ids.split(',') model = self.getModel(modelname) if ids: for o in model.objects.filter(pk__in=ids): o.ordering = 0 o.save() return len(ids)
def delModels(self, modelname, ids): ''' 删除模型数据 @param modelname: @param ids: @return: ''' # if not self.check_opration(modelname): # raise ex(u'用户权限不足') # if self.get_me().isreception: # raise ex(u'用户权限不足,请联系管理员进行操作') # if (self.get_me().isstudent or self.get_me().isteacher) and (modelname=='Exam'): # raise ex(u'用户权限不足') if not self.check_permission(modelname, 'is_delete'): raise ex(u'用户权限不足') ids = ids.split(',') model = self.getModel(modelname) return self.delModelsByIds(model, ids)
def topModels(self, modelname, ids): ''' 置顶模型 @param modelname: @param ids: @return: ''' if not self.check_permission(modelname, 'is_top'): raise ex(u'用户权限不足') ids = ids.split(',') model = self.getModel(modelname) if ids: from utils import orderinggen ordering = orderinggen() ix = 0 for o in model.objects.filter(pk__in=ids): o.ordering = ordering - ix o.save() ix += 1 return len(ids)
def saveModel(self, modelname, _param): ''' 保存模型数据 @param modelname: @param _param: @return: ''' is_add = False if not self.check_permission(modelname, 'is_edit'): raise ex(u'用户权限不足') model = self.getModel(modelname) # if hasattr(model, 'role_write') and not self.get_me().checkrole(model.role_write): # raise ex(u'用户权限不足:%s' % model.role_write) objid = _param.get('id') o = model.objects.filter(pk=objid).first() if o: if modelname == 'User' and _param.get('password', None) == '': _param.pop('password') else: is_add = True if modelname == 'User': print _param.get('username', None) u = User.objects.filter(username=_param.get('username', None)) if u: raise ex('该用户已经存在') o = model() emptyfields = [] fields = model.get_editfields() for f in model.get_fields(): if f.name in fields and (not f.blank and not f.null) and not _param.get( f.name, None): if hasattr(f, 'rel') and hasattr(f.rel, 'to'): fn = f.name + "_id" if not f.name.endswith( '_id') else f.name if not _param.get(fn, None): emptyfields.append(f.verbose_name) else: emptyfields.append(f.verbose_name) if modelname == 'User' and f.name == 'password' and not is_add: emptyfields.pop() if (f.__class__.__name__ == 'ForeignKey' or f.__class__.__name__ == 'OneToOneField' ) and not f.name.endswith('_id') and hasattr( f, 'rel') and f.editable and not f.primary_key and hasattr( f.rel, 'to'): fields.remove(f.name) fields.append(f.name + "_id") if _param.get(f.name + '_id') == '': _param[f.name + '_id'] = None if f.__class__.__name__ == 'ChildrenModelField' and f.name in fields: fields.remove(f.name) if (f.__class__.__name__ == 'DateField' or f.__class__.__name__ == 'IntegerField' or f.__class__.__name__ == 'FloatField') and _param.get( f.name) == '': _param[f.name] = None if emptyfields: efs = ','.join(emptyfields).decode('utf-8') raise ex(u"'%s'不能为空" % (efs)) if hasattr(o, 'modify'): o.modify(self.get_me(), fields, _param) else: dic2obj(o, fields, _param) if self.check_permission(modelname, 'is_self'): self.verify_user(None, None, _param, is_edit=True) o.save() if is_add: self.logAtion( ActionLog.ACTION_ADD, model=model, content=o.__unicode__() if hasattr(o, '__unicode__') else None, objsid=o.id, model_cn=o._meta.verbose_name) print o._meta.verbose_name else: self.logAtion( ActionLog.ACTION_EDIT, model=model, content=o.__unicode__() if hasattr(o, '__unicode__') else None, objsid=o.id, model_cn=o._meta.verbose_name) return o.get_json()
def getModel(self, modelname): model = ApiView.getModel(self, modelname) if not model: raise ex(u'不存在模型:%s' % modelname) return model