def search_is_system(request, is_system): token = request.META.get("HTTP_TOKEN") print(token) print(type(token)) if not token or token == 'null': # 没有传token, 返回系统的 return Regular.objects.filter(is_system=1), True if is_system is None: # 没有传参 # 判断token的是否为超级管理员 check_token = pd_super_adm_token(request) if check_token: return check_token, False return Regular.objects.all(), True is_system = int(is_system) if is_system == 1: return Regular.objects.filter(is_system=1), True elif is_system == 0: # 浏览自己添加的信息 # 判断token的可用性 check_token = pd_token(request) if check_token: return check_token, False # 返回该用户的所有非系统regular return Regular.objects.filter(user_id=request.user, is_system=0), True elif is_system == 2: # 判断token的可用性 check_token = pd_token(request) if check_token: return check_token, False # 返回该用户的所有系统以及个人非系统的regular return Regular.objects.filter( Q(user_id=request.user, is_system=0) | Q(is_system=1)), True return response_success_200(message="参数错误"), False
def update_password_by_phone(self, request): check_token = pd_token(request) if check_token: return check_token phone_number = request.data.get("phone_number") password = request.data.get("password") # 检测密码的长度 check = pd_password(password) if check: return response_success_200(code=STATUS_400_BAD_REQUEST, message=check) # 检测手机号是否被注册 if not User.objects.filter(phone_number=phone_number): return response_success_200(code=STATUS_NOT_FOUND_ERROR, message=f"该手机号({phone_number})未被注册!!") # 检测验证码是否正确 if not judge_code(phone_number, request.data.get('code')): message = "验证码不正确" return response_success_200(code=STATUS_CODE_ERROR, message=message) # 获得用户信息 instance = self.queryset.get(phone_number=phone_number) # 如果查询出来的信息和token中的信息不一样,则返回权限不够 if request.user != instance.pk: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message=f"没有权限修改({phone_number})") # 设置密码 instance.password = my_encode(password) # 保存 instance.save() serializer = self.get_serializer(instance) return response_success_200(message="成功!!!!")
def partial_update(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token resp = super().partial_update(request, *args, **kwargs) return response_success_200(data=resp.data)
def search_clazz(self, request, *args, **kwargs): # teacher_pk = Class.objects.get(pk=request.GET.get('clazz')).headmaster.pk # if request.user is not teacher_pk: # print(request.user) # print(teacher_pk) # return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY, message="这不是您所带班级") # # 班级 # clazz = request.GET.get("clazz") # work = Work.objects.filter(clazz=clazz) check_token = pd_token(request) if check_token: return check_token if request.auth not in [3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够,该token不是辅导员") try: clazz = Class.objects.get(headmaster=request.user) except Class.DoesNotExist: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够,该token不是辅导员!") work = Work.objects.filter(clazz=clazz) print(work) page = self.paginate_queryset(work) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) return self.get_paginated_response(serializer.data)
def destroy(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if request.auth >= 0: return response_success_200(message="没有权限") super().destroy(request, *args, **kwargs) return response_success_200(message="删除成功!!")
def create(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if lookup_token(request) is not 1: return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY, message="不是学生提交什么作业?") print(request.data) resp = super().create(request) return response_success_200(data=resp.data)
def examine_update(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if lookup_token(request) not in [0, 3]: return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY, message="权限不够") print(request.data) resp = super().partial_update(request, *args, **kwargs) return response_success_200(data=resp.data)
def partial_update(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if request.auth not in [-1, -2, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有权限") resp = super().partial_update(request, *args, **kwargs) return response_success_200(data=resp.data)
def destroy(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if lookup_token(request) not in [-2, -1, 0, 3]: return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY, message="权限不够") instance = self.get_object() self.perform_destroy(instance) return Response(status=status.HTTP_204_NO_CONTENT)
def retrieve_by_token(self, request): check_token = pd_token(request) if check_token: return check_token if request.auth != 1: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够,该token不是学生") instance = self.queryset.get(user_id=request.user) serializer = self.get_serializer(instance) return response_success_200(data=serializer.data)
def destroy(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if request.auth >= 0: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有权限") # return super().destroy(request, *args, **kwargs) super().destroy(request, *args, **kwargs) return response_success_200(message="删除成功!!")
def check_pk_and_permission(request, pk): if pk: if not Regular.objects.filter(pk=pk): return response_success_200(code=STATUS_404_NOT_FOUND, message="id未找到") check_token = pd_token(request) if check_token: return check_token if request.auth >= 0: # 普通用户 if not Regular.objects.filter(user_id=request.user, id=pk): return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有访问权限!!!!!!!!!!!!!!!!!!!!!")
def search(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token # 查询user_id title = request.GET.get("title") regular_category = search_title(title) page = self.paginate_queryset(regular_category) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) return self.get_paginated_response(serializer.data)
def retrieve_by_token(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token # 根据用户id查询用户详情 instance = self.queryset.get(user_id=request.user) if not instance: return response_error_400(message="获得用户信息失败") user_details = self.get_serializer(instance).data print(user_details) return response_success_200(data=user_details)
def create(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token # 用户打卡,该用户是否添加了这个打卡项,或者是否为该班级的打卡项, check = check_insert_info(request) if check: return check # 判断打卡的时间段 resp = super().create(request) return response_success_200(data=resp.data)
def destroy(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token role = request.auth if role not in [-2, -1, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有权限") # 先删除用户 check_del = del_user_and_user_details(1, kwargs.get("pk")) if check_del: return check_del # 删除学生 # super().destroy(request, *args, **kwargs) return response_success_200(message="成功")
def destroy(self, request, *args, **kwargs): # 需要修改的检测 pk = kwargs['pk'] check_token = pd_token(request) if check_token: return check_token # 检查权限 check = check_authority(self, request, pk) if check: return check # 删除 super().destroy(request, *args, **kwargs) return response_success_200(message="成功")
def create(self, request, *args, **kwargs): # 先检测用户输入的时间的规范性 check_time = check_insert_time(request) if check_time: return check_time check_token = pd_token(request) if check_token: return check_token resp = super().create(request) # 保存用户的id regular = RegularAddRecord.objects.get(id=resp.data['id']) regular.user_id = request.user regular.save() return response_success_200(data=resp.data, message="添加成功")
def destroy_all2(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token role = request.auth if role not in [-2, -1, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有权限") # print(request.data) list = request.data.get("id_list") print(list) # # 先删除用户 for i in list: check_del = del_user_and_user_details(1, int(i)) if check_del: return check_del return response_success_200(message="成功")
def create(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if lookup_token(request) not in [0, 3]: return response_error_400(status=STATUS_TOKEN_NO_AUTHORITY, message="权限不够") # print(request.data) resp = super().create(request) clazz = resp.data['clazz'] # print(clazz) students = Student.objects.filter(clazz=clazz) # print(students) for i in students: UserNoticeSend.send_notice(i.user, 0, resp.data['id']) return response_success_200(data=resp.data)
def Phone_update(self, request, *args, **kwargs): phone_number = request.data.get("phone_number") print(phone_number) # 判断token check_token = pd_token(request) if check_token: return check_token # 获得pk pk = request.user print(pk) # 查看id是否存在 if not User.objects.filter(pk=pk): return response_success_200(code=STATUS_NOT_FOUND_ERROR, message="id未找到") User.objects.filter(pk=pk).update(phone_number=phone_number) return response_success_200(message="修改成功!")
def search(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token # 名字 class_name = request.GET.get("class_name") clazz = search_name(class_name) # 学校 school_id = request.GET.get("school_id") clazz = search_school(school_id, clazz) page = self.paginate_queryset(clazz) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) return self.get_paginated_response(serializer.data)
def clazz_search(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if request.auth not in [-1, -2, 0, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="没有权限") # 班级 clazz_id = request.GET.get("clazz_id") student = Student.objects.filter(clazz=clazz_id) page = self.paginate_queryset(student) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) return self.get_paginated_response(serializer.data)
def search_teacher(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token if request.auth not in [0, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够,该token不是老师") # 老师 teacher = Teacher.objects.get(user=request.user).id work = Work.objects.filter(teacher=teacher) print(work) page = self.paginate_queryset(work) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) return self.get_paginated_response(serializer.data)
def search(self, request, *args, **kwargs): check_token = pd_token(request) if check_token: return check_token # 查询user_id user_id = request.GET.get("user") regular_add_record, pd = search_user(request, user_id) if not pd: # 有错误信息 return regular_add_record # 查询regular_id regular_id = request.GET.get("regular") regular_add_record = search_regular(regular_id, regular_add_record) page = self.paginate_queryset(regular_add_record) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) return self.get_paginated_response(serializer.data)
def select_student_timetable_by_token(self, request): # 判断token check_token = pd_token(request) if check_token: return check_token if request.auth != 1: return response_success_200(code=STATUS_PARAMETER_ERROR, message="需要传入学生token") try: clazz = Student.objects.get(user_id=request.user).clazz if not clazz: return response_success_200(code=STATUS_PARAMETER_ERROR, message="请先加入班级") return select_class(self, clazz.id) except Student.DoesNotExist: return response_success_200(code=STATUS_PARAMETER_ERROR, message="未找到该学生")
def add_parent(self, request): check_token = pd_token(request) if check_token: return check_token if request.auth != 1: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够") student_id = Student.objects.get(user_id=request.user).id parent_id = request.data.get('parent_id') if not Parent.objects.filter(id=parent_id).exists(): return response_success_200(code=STATUS_404_NOT_FOUND, message="未找到该信息") print(student_id) print(parent_id) self.queryset.get(pk=student_id).parent.add(parent_id) return response_success_200(message="成功")
def search_clazz_teacher(self, request): check_token = pd_token(request) if check_token: return check_token if request.auth not in [0, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够") print(request.user) techer_id = Teacher.objects.get(user_id=request.user).id print(techer_id) clazz = Class.objects.filter(teachers=techer_id) print(clazz) page = self.paginate_queryset(clazz) serializer = self.serializer_class( page, many=True, context=self.get_serializer_context()) print(serializer.data) return self.get_paginated_response(serializer.data)
def partial_update(self, request, *args, **kwargs): # 需要修改的检测 pk = kwargs['pk'] check_token = pd_token(request) if check_token: return check_token # 检查权限 check = check_authority(self, request, pk) if check: return check # 判断时间 check_time = check_update_time(request, pk) if check_time: return check_time resp = super().partial_update(request, *args, **kwargs) return response_success_200(data=resp.data)
def batch_add_parent(self, request): check_token = pd_token(request) if check_token: return check_token if request.auth not in [-2, -1, 3]: return response_success_200(code=STATUS_TOKEN_NO_AUTHORITY, message="权限不够") file = request.FILES.get("file") check_file = batch_add_parent_test(file) if check_file: return check_file excel_data = pd.read_excel(file, header=0, dtype='str') for dt in excel_data.iterrows(): # print(dt) a = dt[1]['学生学号'] b = dt[1]['家长ID'] Student.objects.get(id=a).parent.add(b) return response_success_200(message="成功")