def api_platform_staff_post_delete():
postid = request.values.get('postid')
if not postid:
return BadRequest(description='请求参数错误!')
post = StaffPost(postid=postid)
post.status = StaffPostStatus.deleted
post.save()
return redirect('/%s/platform/staff/post/query' % config.appname)
def api_platform_staff_role_delete():
roleid = request.values.get('roleid')
if not roleid:
return BadRequest(description='请求参数错误!')
role = StaffRole(roleid=roleid)
role.status = StaffRoleStatus.deleted
role.save()
return redirect('/%s/platform/staff/role/query' % config.appname)
def api_platform_user_setdelete():
user = UserRDS.query(uid=request.values.get('uid'))
if len(user)<1:
raise BadRequest(description='用户不存在!')
deleted = request.values.get('deleted')
user[0].is_deleted = deleted
user[0].save()
return apphelper.format_ok_response()
def api_platform_staff_create():
target_uid = request.values.get('target_uid')
target_user = User(uid=target_uid)
if not target_user.exists:
raise BadRequest(description='用户不存在!')
s = Staff(uid=target_uid)
s.save()
# qiyehao_message.send_text('【职工管理】\n\n职工,添加成功!\n\n姓名:%s' % (target_user.name or target_user.nickname))
return redirect('/%s/platform/staff/query' % (config.appname))
def before_app_request():
if request.endpoint and 'static' in request.endpoint:
return
if request.endpoint and request.endpoint.split('.')[-1] in ['favicon']:
return
# #############通用登录检查代码##############
# 登录成功后,session中必有phone,单点登录成功用户的身份识别使用phone。
phone = session.get('phone', None)
if not phone:
# 没有登录或者session已经过期
# session['access_url'] = request.url
# return redirect('%s://%s/bbsconsole/user/login' % (config.scheme, config.domain))
return
# 找到登录的用户
ta = ThirdAccount(thirdtype=ThirdAccountType.phone, thirdid=phone)
if not ta.exists:
raise BadRequest(description='用户不存在!')
# 如果不为职工,则不允许登录
staff = Staff(uid=ta.uid)
if not staff.exists:
raise BadRequest(description='您不在职工列表内!')
g.user = User(uid=ta.uid)
session['user'] = g.user.to_dict()
session['power'] = []
urls = []
staff = Staff(uid=g.user.uid)
if staff.exists:
roleids = staff.roleids
if roleids:
roles = StaffRole.query(roleid=roleids)
for r in roles:
l = r.to_dict().get('permission_urls') if r.to_dict().get(
'permission_urls') else []
urls.extend(l)
session['power'] = '|'.join(list(set(urls)))
# 拒绝url直接访问
if str(request.path) in Blueprint.get_allmenu_urls() and str(
request.path) not in list(set(urls)):
raise BadRequest(description='无权限访问!')
def api_tools_audio_upload_ajax():
name = request.form.get('name') or ''
tag = request.form.get('tag') or ''
f = request.files.get('audio-file')
if not f:
raise BadRequest(description='请选择要上传的文件')
f = FalyImageFile.upload(f,
tag=tag,
name=name or f.filename,
filename=f.filename,
rename=True)
data = {
'url': f.url,
'file_url': f.url,
'file_path': f.url,
}
data.update(f.urls)
return apphelper.format_ok_response(data=data)
def api_platform_staff_role_permissions_update():
roleid = request.values.get('roleid')
role = StaffRole(roleid=roleid)
if not role.exists:
raise BadRequest(description='该角色不存在!')
if request.method == 'GET':
return render_template('platform/staff_role_permissions_update.html', role=role.to_dict(), all_menus=Blueprint.get_allmenus(), msg=request.values.get('msg') or '')
else:
form = {
'permission_urls': request.values.getlist('permission_urls') or []
}
role.permission_urls = form.get('permission_urls')
role.save()
# # 如果更改默认权限,则更新
# 暂隐掉默认权限
# if roleid=='dab2edf080ca11e7bd34a0c589188e1d':
# from flask import current_app
# current_app.defaultpower = StaffRole.query(roleid=roleid)[0].to_dict().get('permission_urls') or []
# qiyehao_message.send_text('【职工管理】\n\n角色,权限修改成功!\n\n名称:%s\n编号:%s' % (role.name, role.roleno))
return redirect('/%s/platform/staff/role/permissions/update?roleid=%s&msg=%s' % (config.appname, role.roleid, '保存成功!'))
def api_tools_image_upload_ajax():
name = request.form.get('name') or ''
tag = request.form.get('tag') or ''
width = request.values.get('width')
f = request.files.get('image-file')
if not f:
raise BadRequest(description='请选择要上传的文件')
filename = f.filename if '.' in f.filename else name
f = FalyImageFile.upload(f,
tag=tag,
name=name or f.filename,
filename=filename,
rename=True)
data = {
'url': f.url,
'file_url': f.url,
'file_path': f.url,
}
data.update(f.urls)
if width:
data.update(
{width: '%s?x-oss-process=image/resize,w_%s' % (f.url, width)})
return apphelper.format_ok_response(data=data)
def api_platform_user_update():
# 获取登录入口
entry = request.values.get('entry')
uid = request.values.get('target_uid')
target_user = User(uid=uid)
if not target_user.exists:
raise BadRequest(description='用户不存在!')
if request.method == 'GET':
return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form={}, user=target_user.to_dict(), third_accounts=target_user.third_accounts_detail, msg=request.values.get('msg') or '')
else:
form = {
'name': request.values.get('name'),
'phone': request.values.get('phone'),
'weixinid': request.values.get('weixinid'),
'inviteruid': request.values.get('inviter_uid'),
'levelid': request.values.get('levelid'),
'note': request.values.get('note'),
'birthday': request.values.get('birthday')
}
# 先处理子账户删除和绑定逻辑
for thirdtype in ThirdAccountType:
thirdid = target_user.third_accounts.get(thirdtype)
if thirdtype not in form or thirdid == form.get(thirdtype):
# 没变
continue
# 处理变了的逻辑
thirdid = form.get(thirdtype)
if not thirdid and userconfig.signup_account_type == thirdtype:
return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form=form, user=target_user.to_dict(), levels=levels, third_accounts=target_user.third_accounts_detail, msg='主账户不允许被删除!可以修改,不能删除!')
if not thirdid:
# 删除该子账户
target_user.unbind(thirdtype)
# qiyehao_message.send_text('【用户管理】\n\n删除%s%s成功!\n\n手机:%s\n姓名:%s\n昵称:%s\n级别:%s\n用户ID:%s\n微信号:%s' % (ThirdAccountType.name(thirdtype), thirdid, target_user.phone, target_user.name, target_user.nickname, target_user.level.get('name') or '', target_user.uid, target_user.weixinid))
else:
# 修改该子账户
# 检查手机号合法性
if thirdtype == ThirdAccountType.phone:
try:
int(thirdid)
if len(thirdid) != 11 or int(thirdid[0]) != 1:
raise RuntimeError('手机号不合法')
except:
return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form=form, user=target_user.to_dict(), levels=levels, third_accounts=target_user.third_accounts_detail, msg='手机号格式不正确,手机号格式需为11位数字!')
# 检查是否存在
ta = ThirdAccount(thirdtype=thirdtype, thirdid=thirdid)
if ta.exists:
return render_template('%s/user_update.html' % ('user' if entry=='mine' else 'platform'), form=form, user=target_user.to_dict(), third_accounts=target_user.third_accounts_detail, msg='指定%s已经有用户在使用,请更换!' % ThirdAccountType.name(thirdtype))
target_user.unbind(thirdtype)
target_user.bind(thirdtype, thirdid)
# qiyehao_message.send_text('【用户管理】\n\n绑定%s%s成功!\n\n手机:%s\n姓名:%s\n昵称:%s\n级别:%s\n用户ID:%s\n微信号:%s' % (ThirdAccountType.name(thirdtype), thirdid, target_user.phone, target_user.name, target_user.nickname, target_user.level.get('name') or '', target_user.uid, target_user.weixinid))
# 基本信息修改
target_user.name = form.get('name')
target_user.weixinid = form.get('weixinid')
target_user.note = form.get('note')
oldlevelid = target_user.levelid
target_user.levelid = form.get('levelid')
target_user.birthday = form.get('birthday')
target_user.save()
# qiyehao_message.send_text('【用户管理】\n\n修改成功!\n\n手机:%s\n姓名:%s\n昵称:%s\n级别:%s\n用户ID:%s\n微信号:%s\n邀请人:%s' % (target_user.phone, target_user.name, target_user.nickname, target_user.level.get('name') or '', target_user.uid, target_user.weixinid, (inviter.name or inviter.nickname)))
if oldlevelid != form.get('levelid'):
__usersignal__.send(__usersignal__.levelupdate, target_user)
return redirect('/%s/platform/user/update?entry=%s&target_uid=%s&msg=%s' % (config.appname, entry or '', target_user.uid, u'保存成功!'))