| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422 |
- from rest_framework import viewsets
- from .models import ListModel, TypeListModel
- from . import serializers
- from utils.page import MyPageNumberPagination
- from rest_framework.filters import OrderingFilter
- from django_filters.rest_framework import DjangoFilterBackend
- from rest_framework.response import Response
- from .filter import Filter, TypeFilter
- from rest_framework.exceptions import APIException
- from .serializers import FileRenderSerializer
- from django.http import StreamingHttpResponse
- from .files import FileRenderCN, FileRenderEN
- from rest_framework.settings import api_settings
- from rest_framework import permissions
- from staff.models import ListModel as staff
- from utils.md5 import Md5
- import random
- from django.contrib.auth.models import User
- from .models import Role, Permission # 新增角色和权限模型导入
- class APIViewSet(viewsets.ModelViewSet):
- """
- retrieve:
- Response a data list(get)
- list:
- Response a data list(all)
- create:
- Create a data line(post)
- delete:
- Delete a data line(delete)
- partial_update:
- Partial_update a data(patch:partial_update)
- update:
- Update a data(put:update)
- """
- pagination_class = MyPageNumberPagination
- filter_backends = [DjangoFilterBackend, OrderingFilter, ]
- ordering_fields = ['id', "create_time", "update_time", ]
- filter_class = Filter
- def list(self, request, *args, **kwargs):
- # staff_name = str(request.GET.get('staff_name'))
- # check_code = request.GET.get('check_code')
- # if staff_name == None and check_code == None:
- # return super().list(request, *args, **kwargs)
- # elif staff_name != None and check_code == None:
- # return super().list(request, *args, **kwargs)
- # else:
- # staff_name_obj = ListModel.objects.filter(openid=self.request.auth.openid, staff_name=staff_name,
- # is_delete=False).first()
- # if staff_name_obj is None:
- # raise APIException({"detail": "用户名不存在"})
- # elif staff_name_obj.is_lock is True:
- # raise APIException({"detail": "用户已被锁定,请联系管理员"})
- # elif staff_name_obj.error_check_code_counter == 3:
- # staff_name_obj.is_lock = True
- # staff_name_obj.error_check_code_counter = 0
- # staff_name_obj.save()
- # raise APIException({"detail": "用户已被锁定,请联系管理员"})
- # if type(check_code) == str:
- # check_code = int(check_code)
- # if check_code != None:
- # if staff_name_obj.check_code != check_code:
- # staff_name_obj.error_check_code_counter = int(staff_name_obj.error_check_code_counter) + 1
- # staff_name_obj.save()
- # raise APIException({"detail": "验证码错误"})
- # else:
- # staff_name_obj.error_check_code_counter = 0
- # staff_name_obj.save()
- # return super().list(request, *args, **kwargs)
- # else:
- return super().list(request, *args, **kwargs)
- def get_project(self):
- try:
- id = self.kwargs.get('pk')
- return id
- except:
- return None
- def get_queryset(self):
- id = self.get_project()
- if self.request.user:
- if id is None:
- return ListModel.objects.filter(is_delete=False)
- else:
- return ListModel.objects.filter(id=id, is_delete=False)
- else:
- return ListModel.objects.none()
- def get_serializer_class(self):
- staff_type = ListModel.objects.filter(openid=self.request.auth.openid, is_delete=False).first().staff_type
- if staff_type not in ['admin', '主管', '管理员','经理']:
- if self.action in ['list', 'retrieve', 'destroy']:
- return serializers.userStaffGetSerializer
- elif self.action in ['create']:
- return serializers.userStaffPostSerializer
- elif self.action in ['update']:
- return serializers.userStaffUpdateSerializer
- elif self.action in ['partial_update']:
- return serializers.userStaffPartialUpdateSerializer
- else:
- return self.http_method_not_allowed(request=self.request)
- else:
- if self.action in ['list', 'retrieve', 'destroy']:
- return serializers.StaffGetSerializer
- elif self.action in ['create']:
- return serializers.StaffPostSerializer
- elif self.action in ['update']:
- return serializers.StaffUpdateSerializer
- elif self.action in ['partial_update']:
- return serializers.StaffPartialUpdateSerializer
- else:
- return self.http_method_not_allowed(request=self.request)
- def create(self, request, *args, **kwargs):
- data = self.request.data
- data['openid'] = self.request.auth.openid
-
- # 检查角色是否存在
- role_name = data.get('role')
- if role_name:
- role, created = Role.objects.get_or_create(name=role_name)
- data['role'] = role.id
-
- if ListModel.objects.filter(openid=data['openid'], staff_name=data['staff_name'], is_delete=False).exists():
- raise APIException({"detail": "Data exists"})
- else:
- app_code = Md5.md5(data['staff_name'] + '1')
- data['appid'] = app_code
- check_code = random.randint(1000, 9999)
- data['check_code'] = check_code
-
- # 创建用户
- user = User.objects.create_user(
- username=str(data['staff_name']),
- password=str(check_code)
- )
-
- serializer = self.get_serializer(data=data)
- serializer.is_valid(raise_exception=True)
- serializer.save()
- headers = self.get_success_headers(serializer.data)
- return Response(serializer.data, status=200, headers=headers)
- def update(self, request, pk):
- qs = self.get_object()
- if qs.openid != self.request.auth.openid:
- creator = ListModel.objects.filter(openid=self.request.auth.openid, is_delete=False)
- raise APIException({"detail": "该用户不是您创建的,不能修改"})
- else:
- data = self.request.data
-
- # 更新角色
- role_name = data.get('role')
- if role_name:
- role, created = Role.objects.get_or_create(name=role_name)
- data['role'] = role.id
-
- serializer = self.get_serializer(qs, data=data)
- serializer.is_valid(raise_exception=True)
- serializer.save()
- headers = self.get_success_headers(serializer.data)
- return Response(serializer.data, status=200, headers=headers)
- def partial_update(self, request, pk):
- qs = self.get_object()
- if qs.openid != self.request.auth.openid:
- raise APIException({"detail": "Cannot Update Data Which Not Yours"})
- else:
- data = self.request.data
-
- # 更新角色
- role_name = data.get('role')
- if role_name:
- role, created = Role.objects.get_or_create(name=role_name)
- data['role'] = role.id
-
- serializer = self.get_serializer(qs, data=data, partial=True)
- serializer.is_valid(raise_exception=True)
- serializer.save()
- headers = self.get_success_headers(serializer.data)
- return Response(serializer.data, status=200, headers=headers)
- def destroy(self, request, pk):
- qs = self.get_object()
- if qs.openid != self.request.auth.openid:
- raise APIException({"detail": "Cannot Delete Data Which Not Yours"})
- else:
- qs.is_delete = True
- qs.save()
- serializer = self.get_serializer(qs, many=False)
- headers = self.get_success_headers(serializer.data)
- return Response(serializer.data, status=200, headers=headers)
- class RoleViewSet(viewsets.ModelViewSet):
- """角色管理API"""
- queryset = Role.objects.all()
- serializer_class = serializers.RoleSerializer
- pagination_class = MyPageNumberPagination
- filter_backends = [DjangoFilterBackend, OrderingFilter]
- ordering_fields = ['id', "name"]
-
- def get_queryset(self):
- return Role.objects.all()
- class PermissionViewSet(viewsets.ModelViewSet):
- """权限管理API"""
- queryset = Permission.objects.all()
- serializer_class = serializers.PermissionSerializer
- # pagination_class = MyPageNumberPagination
- filter_backends = [DjangoFilterBackend, OrderingFilter]
- ordering_fields = ['id', "page"]
-
- def get_queryset(self):
- role = self.request.query_params.get('role')
- if role:
- return Permission.objects.filter(role__name=role)
- return Permission.objects.all()
- class RolePermissionViewSet(viewsets.ViewSet):
- """角色权限配置API"""
-
- def list(self, request):
- """获取所有角色类型"""
- roles = Role.objects.values_list('name', flat=True).distinct()
- return Response(list(roles))
-
- def retrieve(self, request, pk=None):
- """获取特定角色的权限配置"""
- try:
- role = Role.objects.get(name=pk)
-
- serializer = serializers.RoleGETSerializer(role)
- return Response(serializer.data)
- except Role.DoesNotExist:
- return Response({"error": "Role not found"}, status=404)
-
- def update(self, request, pk=None):
- """更新角色权限"""
- try:
- role = Role.objects.get(name=pk)
- permissions_data = request.data.get('permissions', [])
-
- # 清除现有权限
- role.permissions.clear()
-
- # 添加新权限
- for perm_data in permissions_data:
- perm, created = Permission.objects.get_or_create(
- page=perm_data['page'],
- component=perm_data.get('component'),
- defaults={'enabled': perm_data['enabled']}
- )
- role.permissions.add(perm)
-
- return Response({"message": "Permissions updated successfully"})
- except Role.DoesNotExist:
- return Response({"error": "Role not found"}, status=404)
- class RolePagePermissionViewSet(viewsets.ViewSet):
- """角色权限配置API"""
-
- def list(self, request):
- """获取所有角色类型"""
- roles = Role.objects.values_list('name', flat=True).distinct()
- return Response(list(roles))
-
- def retrieve(self, request, pk=None):
- """获取特定角色的权限配置"""
- try:
- role = Role.objects.get(name=pk)
- serializer = serializers.RolePageGETSerializer(role)
- return Response(serializer.data)
- except Role.DoesNotExist:
- return Response({"error": "Role not found"}, status=404)
-
- def get_page_permissions(self, request, pk=None):
- """获取特定角色的页面访问权限配置"""
- try:
- role = Role.objects.get(name=pk)
- primary_page = request.data.get('primary_page')
- if primary_page:
- fliterpermissions= role.permissions.filter(primary_page=primary_page)
- serializer = self.get_permissions_group(fliterpermissions)
- return Response(serializer)
-
- serializer = self.get_permissions_group(role.permissions.all())
- return Response(serializer)
- except Role.DoesNotExist:
- return Response({"error": "Role not found"}, status=404)
-
- def get_permissions_group(self, permissions):
- # 获取角色关联的所有权限并预取数据
-
-
- # 按page字段分组,只处理component为null的权限
- page_access = {}
- for perm in permissions:
- # 只处理页面访问权限(component为null)
- if perm.component is None:
- page_access[perm.page] = perm.enabled
-
- # 转换为前端需要的格式
- return [{"page": page, "enabled": enabled} for page, enabled in page_access.items()]
-
- class RolePageComponentPermissionViewSet(viewsets.ViewSet):
- """角色权限配置API"""
-
- def get_page_component_permissions(self, request, pk=None):
- """获取特定角色的页面访问权限配置"""
- try:
- role = Role.objects.get(name=pk)
- page = request.data.get('page')
- if page:
- fliterpermissions= role.permissions.filter(page=page)
- serializer = self.get_permissions_group(fliterpermissions)
- return Response(serializer)
-
- serializer = self.get_permissions_group(role.permissions.all())
- return Response(serializer)
- except Role.DoesNotExist:
- return Response({"error": "Role not found"}, status=404)
-
- def get_permissions_group(self, permissions):
- # 获取角色关联的所有权限并预取数据
-
- page_access = {}
- for perm in permissions:
- if perm.component is not None:
- page_access[perm.component] = perm.enabled
-
- # 转换为前端需要的格式
- return [{"component": component, "enabled": enabled} for component, enabled in page_access.items()]
- class TypeAPIViewSet(viewsets.ModelViewSet):
- """
- list:
- Response a data list(all)
- """
- pagination_class = MyPageNumberPagination
- filter_backends = [DjangoFilterBackend, OrderingFilter, ]
- ordering_fields = ['id', "create_time", "update_time", ]
- filter_class = TypeFilter
- def get_queryset(self):
- if self.request.user:
- return TypeListModel.objects.filter(openid='init_data')
- else:
- return TypeListModel.objects.none()
- def get_serializer_class(self):
- if self.action in ['list']:
- return serializers.StaffTypeGetSerializer
- else:
- return self.http_method_not_allowed(request=self.request)
- class FileDownloadView(viewsets.ModelViewSet):
- renderer_classes = (FileRenderCN,) + tuple(api_settings.DEFAULT_RENDERER_CLASSES)
- filter_backends = [DjangoFilterBackend, OrderingFilter, ]
- ordering_fields = ['id', "create_time", "update_time", ]
- filter_class = Filter
- def get_project(self):
- try:
- id = self.kwargs.get('pk')
- return id
- except:
- return None
- def get_queryset(self):
- id = self.get_project()
- if self.request.user:
- if id is None:
- return ListModel.objects.filter(openid=self.request.auth.openid, is_delete=False)
- else:
- return ListModel.objects.filter(openid=self.request.auth.openid, id=id, is_delete=False)
- else:
- return ListModel.objects.none()
- def get_serializer_class(self):
- if self.action in ['list']:
- return serializers.FileRenderSerializer
- else:
- return self.http_method_not_allowed(request=self.request)
- def get_lang(self, data):
- lang = self.request.META.get('HTTP_LANGUAGE')
- if lang:
- if lang == 'zh-hans':
- return FileRenderCN().render(data)
- else:
- return FileRenderEN().render(data)
- else:
- return FileRenderEN().render(data)
- def list(self, request, *args, **kwargs):
- from datetime import datetime
- dt = datetime.now()
- data = (
- FileRenderSerializer(instance).data
- for instance in self.filter_queryset(self.get_queryset())
- )
- renderer = self.get_lang(data)
- response = StreamingHttpResponse(
- renderer,
- content_type="text/csv"
- )
- response['Content-Disposition'] = "attachment; filename='staff_{}.csv'".format(
- str(dt.strftime('%Y%m%d%H%M%S%f')))
- return response
|
