def api_platform_staff_post_delete(): postid = request.values.get('postid') if not postid: return BadRequest(description='请求参数错误!') post = StaffPost(postid=postid) post.status = StaffPostStatus.deleted post.save() return redirect('/%s/platform/staff/post/query' % config.appname)
def api_platform_staff_role_delete(): roleid = request.values.get('roleid') if not roleid: return BadRequest(description='请求参数错误!') role = StaffRole(roleid=roleid) role.status = StaffRoleStatus.deleted role.save() return redirect('/%s/platform/staff/role/query' % config.appname)
def api_platform_user_setdelete(): user = UserRDS.query(uid=request.values.get('uid')) if len(user)<1: raise BadRequest(description='用户不存在!') deleted = request.values.get('deleted') user[0].is_deleted = deleted user[0].save() return apphelper.format_ok_response()
def api_platform_staff_create(): target_uid = request.values.get('target_uid') target_user = User(uid=target_uid) if not target_user.exists: raise BadRequest(description='用户不存在!') s = Staff(uid=target_uid) s.save() # qiyehao_message.send_text('【职工管理】\n\n职工,添加成功!\n\n姓名:%s' % (target_user.name or target_user.nickname)) return redirect('/%s/platform/staff/query' % (config.appname))
def before_app_request(): if request.endpoint and 'static' in request.endpoint: return if request.endpoint and request.endpoint.split('.')[-1] in ['favicon']: return # #############通用登录检查代码############## # 登录成功后,session中必有phone,单点登录成功用户的身份识别使用phone。 phone = session.get('phone', None) if not phone: # 没有登录或者session已经过期 # session['access_url'] = request.url # return redirect('%s://%s/bbsconsole/user/login' % (config.scheme, config.domain)) return # 找到登录的用户 ta = ThirdAccount(thirdtype=ThirdAccountType.phone, thirdid=phone) if not ta.exists: raise BadRequest(description='用户不存在!') # 如果不为职工,则不允许登录 staff = Staff(uid=ta.uid) if not staff.exists: raise BadRequest(description='您不在职工列表内!') g.user = User(uid=ta.uid) session['user'] = g.user.to_dict() session['power'] = [] urls = [] staff = Staff(uid=g.user.uid) if staff.exists: roleids = staff.roleids if roleids: roles = StaffRole.query(roleid=roleids) for r in roles: l = r.to_dict().get('permission_urls') if r.to_dict().get( 'permission_urls') else [] urls.extend(l) session['power'] = '|'.join(list(set(urls))) # 拒绝url直接访问 if str(request.path) in Blueprint.get_allmenu_urls() and str( request.path) not in list(set(urls)): raise BadRequest(description='无权限访问!')
def api_tools_audio_upload_ajax(): name = request.form.get('name') or '' tag = request.form.get('tag') or '' f = request.files.get('audio-file') if not f: raise BadRequest(description='请选择要上传的文件') f = FalyImageFile.upload(f, tag=tag, name=name or f.filename, filename=f.filename, rename=True) data = { 'url': f.url, 'file_url': f.url, 'file_path': f.url, } data.update(f.urls) return apphelper.format_ok_response(data=data)
def api_platform_staff_role_permissions_update(): roleid = request.values.get('roleid') role = StaffRole(roleid=roleid) if not role.exists: raise BadRequest(description='该角色不存在!') if request.method == 'GET': return render_template('platform/staff_role_permissions_update.html', role=role.to_dict(), all_menus=Blueprint.get_allmenus(), msg=request.values.get('msg') or '') else: form = { 'permission_urls': request.values.getlist('permission_urls') or [] } role.permission_urls = form.get('permission_urls') role.save() # # 如果更改默认权限,则更新 # 暂隐掉默认权限 # if roleid=='dab2edf080ca11e7bd34a0c589188e1d': # from flask import current_app # current_app.defaultpower = StaffRole.query(roleid=roleid)[0].to_dict().get('permission_urls') or [] # qiyehao_message.send_text('【职工管理】\n\n角色,权限修改成功!\n\n名称:%s\n编号:%s' % (role.name, role.roleno)) return redirect('/%s/platform/staff/role/permissions/update?roleid=%s&msg=%s' % (config.appname, role.roleid, '保存成功!'))
def api_tools_image_upload_ajax(): name = request.form.get('name') or '' tag = request.form.get('tag') or '' width = request.values.get('width') f = request.files.get('image-file') if not f: raise BadRequest(description='请选择要上传的文件') filename = f.filename if '.' in f.filename else name f = FalyImageFile.upload(f, tag=tag, name=name or f.filename, filename=filename, rename=True) data = { 'url': f.url, 'file_url': f.url, 'file_path': f.url, } data.update(f.urls) if width: data.update( {width: '%s?x-oss-process=image/resize,w_%s' % (f.url, width)}) return apphelper.format_ok_response(data=data)
def api_platform_user_update(): # 获取登录入口 entry = request.values.get('entry') uid = request.values.get('target_uid') target_user = User(uid=uid) if not target_user.exists: raise BadRequest(description='用户不存在!') if request.method == 'GET': return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form={}, user=target_user.to_dict(), third_accounts=target_user.third_accounts_detail, msg=request.values.get('msg') or '') else: form = { 'name': request.values.get('name'), 'phone': request.values.get('phone'), 'weixinid': request.values.get('weixinid'), 'inviteruid': request.values.get('inviter_uid'), 'levelid': request.values.get('levelid'), 'note': request.values.get('note'), 'birthday': request.values.get('birthday') } # 先处理子账户删除和绑定逻辑 for thirdtype in ThirdAccountType: thirdid = target_user.third_accounts.get(thirdtype) if thirdtype not in form or thirdid == form.get(thirdtype): # 没变 continue # 处理变了的逻辑 thirdid = form.get(thirdtype) if not thirdid and userconfig.signup_account_type == thirdtype: return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form=form, user=target_user.to_dict(), levels=levels, third_accounts=target_user.third_accounts_detail, msg='主账户不允许被删除!可以修改,不能删除!') if not thirdid: # 删除该子账户 target_user.unbind(thirdtype) # qiyehao_message.send_text('【用户管理】\n\n删除%s%s成功!\n\n手机:%s\n姓名:%s\n昵称:%s\n级别:%s\n用户ID:%s\n微信号:%s' % (ThirdAccountType.name(thirdtype), thirdid, target_user.phone, target_user.name, target_user.nickname, target_user.level.get('name') or '', target_user.uid, target_user.weixinid)) else: # 修改该子账户 # 检查手机号合法性 if thirdtype == ThirdAccountType.phone: try: int(thirdid) if len(thirdid) != 11 or int(thirdid[0]) != 1: raise RuntimeError('手机号不合法') except: return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form=form, user=target_user.to_dict(), levels=levels, third_accounts=target_user.third_accounts_detail, msg='手机号格式不正确,手机号格式需为11位数字!') # 检查是否存在 ta = ThirdAccount(thirdtype=thirdtype, thirdid=thirdid) if ta.exists: return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form=form, user=target_user.to_dict(), third_accounts=target_user.third_accounts_detail, msg='指定%s已经有用户在使用,请更换!' % ThirdAccountType.name(thirdtype)) target_user.unbind(thirdtype) target_user.bind(thirdtype, thirdid) # qiyehao_message.send_text('【用户管理】\n\n绑定%s%s成功!\n\n手机:%s\n姓名:%s\n昵称:%s\n级别:%s\n用户ID:%s\n微信号:%s' % (ThirdAccountType.name(thirdtype), thirdid, target_user.phone, target_user.name, target_user.nickname, target_user.level.get('name') or '', target_user.uid, target_user.weixinid)) # 基本信息修改 target_user.name = form.get('name') target_user.weixinid = form.get('weixinid') target_user.note = form.get('note') oldlevelid = target_user.levelid target_user.levelid = form.get('levelid') target_user.birthday = form.get('birthday') target_user.save() # qiyehao_message.send_text('【用户管理】\n\n修改成功!\n\n手机:%s\n姓名:%s\n昵称:%s\n级别:%s\n用户ID:%s\n微信号:%s\n邀请人:%s' % (target_user.phone, target_user.name, target_user.nickname, target_user.level.get('name') or '', target_user.uid, target_user.weixinid, (inviter.name or inviter.nickname))) if oldlevelid != form.get('levelid'): __usersignal__.send(__usersignal__.levelupdate, target_user) return redirect('/%s/platform/user/update?entry=%s&target_uid=%s&msg=%s' % (config.appname, entry or '', target_user.uid, u'保存成功!'))