user.py 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322
  1. # coding:utf-8
  2. from ..base import base
  3. from ..models import User, Organization, Role, OnLine
  4. from flask import render_template, request
  5. from flask import g, jsonify
  6. import hashlib
  7. from flask_login import login_user, logout_user, login_required, \
  8. current_user
  9. from datetime import datetime
  10. from .. import db
  11. import uuid
  12. from sqlalchemy import asc, true
  13. from sqlalchemy import desc
  14. from sqlalchemy import text
  15. import flask_excel as excel
  16. from .. import permission
  17. @base.route('/system/user/authRole', methods=['PUT'])
  18. @login_required
  19. @permission('system:role:edit')
  20. def grant_user_role():
  21. id = request.args['userId']
  22. ids = request.args['roleIds']
  23. user = User.query.get(id)
  24. if not ids:
  25. user.roles = []
  26. else:
  27. idList = ids.split(',')
  28. user.roles = [Role.query.get(rid) for rid in idList]
  29. db.session.add(user)
  30. return jsonify({'code': 200, 'msg': '操作成功'})
  31. @login_required
  32. def record_login_history(type):
  33. online = OnLine()
  34. online.ID = str(uuid.uuid4())
  35. online.LOGINNAME = current_user.LOGINNAME
  36. online.IP = request.remote_addr
  37. online.TYPE = type
  38. db.session.add(online)
  39. @base.route('/logout', methods=['POST'])
  40. @login_required
  41. def do_logout():
  42. record_login_history(0)
  43. logout_user()
  44. return jsonify({'success': True})
  45. @base.route('/login', methods=['POST'])
  46. def do_login():
  47. #检查用户名是否存在
  48. user = User.query.filter_by(LOGINNAME=request.json['username']).first()
  49. if user is not None:
  50. md = hashlib.md5()
  51. #提交的密码MD5加密
  52. md.update(request.json['password'].encode('utf-8'))
  53. #MD5加密后的内容同数据库密码比较
  54. if md.hexdigest() == user.PWD:
  55. login_user(user)
  56. record_login_history(1)
  57. return jsonify({'msg': '登录成功~', 'code': 200, 'url': '/', 'token': str(uuid.uuid4())})
  58. return jsonify({'msg': '登录失败,账号密码错误~', 'code': 500})
  59. @base.route('/system/user/list', methods=['GET'])
  60. @login_required
  61. @permission('system:user:list')
  62. def user_grid():
  63. filters = []
  64. if 'userName' in request.args:
  65. filters.append(User.LOGINNAME.like('%' + request.args['userName'] + '%'))
  66. if 'phonenumber' in request.args:
  67. filters.append(User.PHONENUMBER.like('%' + request.args['phonenumber'] + '%'))
  68. if 'params[beginTime]' in request.args and 'params[endTime]' in request.args:
  69. filters.append(User.CREATEDATETIME > request.args['params[beginTime]'])
  70. filters.append(User.CREATEDATETIME < request.args['params[endTime]'])
  71. order_by = []
  72. if request.form.get('sort'):
  73. if request.form.get('order') == 'asc':
  74. order_by.append(asc(getattr(User,request.form.get('sort').upper())))
  75. elif request.form.get('order') == 'desc':
  76. order_by.append(desc(getattr(User,request.form.get('sort').upper())))
  77. else:
  78. order_by.append(getattr(User,request.form.get('sort').upper()))
  79. page = request.args.get('pageNum', 1, type=int)
  80. rows = request.args.get('pageSize', 10, type=int)
  81. if 'deptId' in request.args:
  82. # Define a recursive CTE
  83. dept_cte = (
  84. db.session.query(Organization.ID)
  85. .filter(Organization.ID == request.args['deptId'])
  86. .cte('dept_tree', recursive=True)
  87. )
  88. # Recursive part of the CTE
  89. dept_cte = dept_cte.union_all(
  90. db.session.query(Organization.ID)
  91. .join(dept_cte, Organization.SYORGANIZATION_ID == dept_cte.c.ID)
  92. )
  93. pagination = User.query.join(Organization, User.organizations).join(
  94. dept_cte, Organization.ID == dept_cte.c.ID).filter(*filters).params(
  95. dept_id=request.args['deptId']).order_by(*order_by).paginate(
  96. page=page, per_page=rows, error_out=False)
  97. else:
  98. pagination = User.query.filter(*filters).order_by(*order_by).paginate(
  99. page=page, per_page=rows, error_out=False)
  100. users = pagination.items
  101. return jsonify({'rows': [user.to_json() for user in users], 'total': pagination.total, 'code': 200, 'msg': '查询成功'})
  102. @base.route('/system/user/', methods=['GET'])
  103. @login_required
  104. def syuser_get():
  105. json = {'code': 200, 'msg': ''}
  106. json['roles'] = [role.to_json() for role in Role.query.all()]
  107. json['posts'] = []
  108. return jsonify(json)
  109. @base.route('/system/user/<id>', methods=['GET'])
  110. @login_required
  111. @permission('system:user:query')
  112. def syuser_getById(id):
  113. user = User.query.get(id)
  114. if user:
  115. json = {'code': 200, 'msg': '', 'data': user.to_json()}
  116. if len(user.roles.all()) > 0:
  117. json['roles'] = [role.to_json() for role in user.roles]
  118. json['roleIds'] = [role.ID for role in user.roles]
  119. return jsonify(json)
  120. else:
  121. return jsonify({'success': False, 'msg': 'error'})
  122. @base.route('/system/user', methods=['PUT'])
  123. @login_required
  124. @permission('system:user:edit')
  125. def syuser_update():
  126. id = request.json['userId']
  127. userName = request.json['userName']
  128. # if User.query.filter(User.LOGINNAME == loginname).filter(User.ID != id).first():
  129. # return jsonify({'code': 201, 'msg': '更新用户失败,用户名已存在!'})
  130. user = User.query.get(id)
  131. user.UPDATEDATETIME = datetime.now()
  132. if 'nickName' in request.json: user.NAME = request.json['nickName']
  133. if 'sex' in request.json: user.SEX = request.json['sex']
  134. if 'email' in request.json: user.EMAIL = request.json['email']
  135. if 'phonenumber' in request.json: user.PHONENUMBER = request.json['phonenumber']
  136. if 'deptId' in request.json: user.organizations = Organization.query.filter(Organization.ID == request.json['deptId']).all()
  137. if 'roleIds' in request.json:
  138. user.roles = [Role.query.get(roleId) for roleId in request.json['roleIds']]
  139. db.session.add(user)
  140. return jsonify({'code': 200, 'msg': '更新成功!'})
  141. @base.route('/system/user', methods=['POST'])
  142. @login_required
  143. @permission('system:user:add')
  144. def syuser_save():
  145. if User.query.filter_by(LOGINNAME = request.json['userName']).first():
  146. return jsonify({'success': False, 'msg': '新建用户失败,用户名已存在!'})
  147. user = User()
  148. user.ID = str(uuid.uuid4())
  149. md = hashlib.md5()
  150. md.update(request.json['password'].encode('utf-8'))
  151. user.PWD = md.hexdigest()
  152. with db.session.no_autoflush:
  153. if 'nickName' in request.json: user.NAME = request.json['nickName']
  154. if 'sex' in request.json: user.SEX = request.json['sex']
  155. if 'email' in request.json: user.EMAIL = request.json['email']
  156. if 'phonenumber' in request.json: user.PHONENUMBER = request.json['phonenumber']
  157. if 'deptId' in request.json: user.organizations = Organization.query.filter(Organization.ID == request.json['deptId']).all()
  158. if 'roleIds' in request.json:
  159. user.roles = [Role.query.get(roleId) for roleId in request.json['roleIds']]
  160. user.LOGINNAME = request.json['userName']
  161. # add current use to new user
  162. #current_user.roles.append(user)
  163. db.session.add(user)
  164. return jsonify({'code': 200, 'msg': '新建用户成功!'})
  165. @base.route('/system/user/<id>', methods=['DELETE'])
  166. @login_required
  167. @permission('system:user:remove')
  168. def syuser_delete(id):
  169. user = User.query.get(id)
  170. if user:
  171. db.session.delete(user)
  172. return jsonify({'code': 200, 'msg': '删除成功'})
  173. @base.route('/system/user/profile/updatePwd', methods=['PUT'])
  174. @login_required
  175. def syuser_update_pwd():
  176. user = User.query.get(current_user.ID)
  177. if user:
  178. md = hashlib.md5()
  179. #提交的密码MD5加密
  180. md.update(request.args.get('oldPassword').encode('utf-8'))
  181. #MD5加密后的内容同数据库密码比较
  182. if md.hexdigest() != user.PWD:
  183. return jsonify({'code': 400, 'msg': '旧密码错误'})
  184. md = hashlib.md5()
  185. md.update(request.args.get('newPassword').encode('utf-8'))
  186. user.PWD = md.hexdigest()
  187. db.session.add(user)
  188. return jsonify({'code': 200, 'msg': '修改成功'})
  189. @base.route('/getInfo', methods=['GET'])
  190. @login_required
  191. def syuser_info():
  192. resources = []
  193. resourceTree = []
  194. resources += [res for org in current_user.organizations for res in org.resources if org.resources]
  195. resources += [res for role in current_user.roles for res in role.resources if role.resources]
  196. # remove repeat
  197. new_dict = dict()
  198. for obj in resources:
  199. if obj.ID not in new_dict:
  200. new_dict[obj.ID] = obj
  201. for resource in new_dict.values():
  202. resourceTree.append(resource.PERMS)
  203. return jsonify({'msg': '登录成功~', 'code': 200, \
  204. 'user': {'userName': current_user.LOGINNAME, 'avatar': '', 'nickName': current_user.NAME, 'userId': current_user.ID}, \
  205. 'roles': [role.NAME for role in current_user.roles], 'permissions': resourceTree})
  206. @base.route('/system/user/profile', methods=['GET'])
  207. @login_required
  208. def syuser_profile():
  209. return jsonify({'msg': '操作成功', 'code': 200, \
  210. 'data': current_user.to_json(), \
  211. 'postGroup': current_user.organizations[0].NAME if len(current_user.organizations) > 0 else '', \
  212. 'roleGroup': [role.NAME for role in current_user.roles]})
  213. @base.route('/system/user/profile', methods=['PUT'])
  214. @login_required
  215. def syuser_update_profile():
  216. id = request.json['userId']
  217. userName = request.json['userName']
  218. user = User.query.get(id)
  219. user.UPDATEDATETIME = datetime.now()
  220. if 'nickName' in request.json: user.NAME = request.json['nickName']
  221. if 'sex' in request.json: user.SEX = request.json['sex']
  222. if 'email' in request.json: user.EMAIL = request.json['email']
  223. if 'phonenumber' in request.json: user.PHONENUMBER = request.json['phonenumber']
  224. db.session.add(user)
  225. return jsonify({'code': 200, 'msg': '更新成功!'})
  226. @base.route('/system/user/authRole/<id>', methods=['GET'])
  227. @login_required
  228. def syuser_auth_role(id):
  229. user = User.query.get(id)
  230. userRoles = [role for role in user.roles]
  231. allRoles = Role.query.all()
  232. for allRole in allRoles:
  233. for userRole in userRoles:
  234. if userRole.ID == allRole.ID:
  235. allRole.flag = True
  236. return jsonify({'code': 200, 'msg': '操作成功', 'roles': [role.to_json() for role in allRoles], 'user': user.to_json()})
  237. @base.route('/base/syuser/export', methods=['POST'])
  238. @login_required
  239. def user_export():
  240. rows = []
  241. rows.append(['登录名', '姓名', '创建时间', '修改时间', '性别'])
  242. users = User.query.all()
  243. for user in users:
  244. row = []
  245. row.append(user.LOGINNAME)
  246. row.append(user.NAME)
  247. row.append(user.CREATEDATETIME)
  248. row.append(user.UPDATEDATETIME)
  249. if user.SEX == '0':
  250. row.append('女')
  251. elif user.SEX == '1':
  252. row.append('男')
  253. rows.append(row)
  254. return excel.make_response_from_array(rows, "csv",
  255. file_name="user")
  256. @base.route('/system/user/changeStatus', methods=['PUT'])
  257. @login_required
  258. @permission('system:user:edit')
  259. def syuser_status_update():
  260. user = User.query.get(request.json['userId'])
  261. if 'status' in request.json: user.STATUS = request.json['status']
  262. db.session.add(user)
  263. return jsonify({'code': 200, 'msg': '操作成功'})