权限管理

apps/account/consts.py

@@ -3,53 +3,30 @@
 CONTENT_TYPE_SORTING = (
     # 系统设置
     'account-user',  # 用户管理
-    'account-manageagentuser',  # 权限管理
-    'option-option',  # 自定义项
-    'option-agentlevel',  # 代理商等级
-
+    'option-school',  # 商品管理
+    'option-student',  # 商品管理
+    'option-commoditylevel',  # 商品管理
     'commodity-commodity',  # 商品管理
-    'commodity-commodityparameter',  # 商品参数
-
-    'agent-agentapply',  # 代理商申请
-    'agent-agent',  # 代理商
-    'agent-agentcommodity',  # 代理商商品
+    'order-coupon',  # 代理商订单
     'order-order',  # 代理商订单
-
-    'WechatApplet-wechatapplet',  # 小程序管理
-
-    'deliver-productdeliver',  # 防窜货管理
 )
 
 MENU_TO_MODEL = (
     (
         u'基础数据', (
             'account-user',
-            'account-manageagentuser',
-            'option-option',
-            'option-agentlevel',
-        )
-    ),
-    (
-        u'商品管理', (
+            'option-school',
+            'option-student',
+            'option-commoditylevel',
             'commodity-commodity',
-            'commodity-commodityparameter',
         )
     ),
     (
-        u'代理商管理', (
-            'agent-agentapply',
-            'agent-agent',
-            'agent-agentcommodity',
+        u'订单管理', (
+            'order-coupon',
             'order-order',
         )
     ),
-    (
-        u'其他', (
-            'WechatApplet-wechatapplet',
-            'deliver-productdeliver',
-        ),
-    ),
-
 )
 
 

apps/account/filters.py

@@ -16,3 +16,9 @@ class UserFilter(django_filters.FilterSet):
     class Meta:
         model = User
         fields = ['name', 'username', 'tel', 'is_active']
+
+class GroupFilter(django_filters.FilterSet):
+
+    class Meta:
+        model = Group
+        fields = '__all__'

apps/account/models.py

@@ -83,6 +83,7 @@ class User(AbstractBaseUser, PermissionsMixin):
         permissions = [
             ('browse_user', u'查看'),
             ('add_user', u'添加'),
+            ('manager_permissions', u'权限管理'),
         ]
 
     def __unicode__(self):

apps/account/serializers.py

@@ -60,6 +60,11 @@ class EmployeeSerializer(serializers.ModelSerializer):
     category_text = serializers.SerializerMethodField()
     school_text = serializers.SerializerMethodField()
     category_ids = serializers.SerializerMethodField()
+    groups = serializers.SerializerMethodField()
+    group_ids = serializers.PrimaryKeyRelatedField(source='groups', many=True, read_only=True)
+
+    def get_groups(self, obj):
+        return ','.join(obj.groups.values_list('name', flat=True))
 
     def get_category_ids(self, obj):
         return obj.category.split(',')
@@ -101,19 +106,28 @@ class EmployeeSerializer(serializers.ModelSerializer):
                 validated_data['is_active'] = self.initial_data['is_active'] == '1'
                 validated_data['create_user'] = self.context['request'].user
                 instance = super(EmployeeSerializer, self).update(user, validated_data)
-                instance.set_password(self.initial_data['password'])
-                instance.save()
         else:
             validated_data['is_active'] = self.initial_data['is_active'] == '1'
             user = self.context['request'].user
             validated_data['create_user'] = user
             instance = super(EmployeeSerializer, self).create(validated_data)
-            instance.set_password(self.initial_data['password'])
-            instance.save()
+        instance.set_password(self.initial_data['password'])
+        instance.save()
+        groups = self.context['request'].data.get('groups', None)
+        if groups:
+            groups = json.loads(groups)
+        else:
+            groups = []
+        for group in groups:
+            instance.groups.add(group)
         return instance
 
     def update(self, instance, validated_data):
-
+        username = self.initial_data['username']
+        user = User.objects.filter(username=username).exclude(id=instance.id).first()
+        if user:
+            raise CustomError(u'账号[{0}]和代理商账号、游客账号或其他员工账号重复，禁止修改。'.format(username))
+        instance.groups.clear()
         password = instance.password
         validated_data['is_superuser'] = instance.is_superuser
         validated_data['is_active'] = self.initial_data['is_active'] == '1'
@@ -124,6 +138,13 @@ class EmployeeSerializer(serializers.ModelSerializer):
            instance.set_password(self.initial_data['password'])
 
         instance.save()
+        groups = self.context['request'].data.get('groups', None)
+        if groups:
+            groups = json.loads(groups)
+        else:
+            groups = []
+        for group in groups:
+            instance.groups.add(group)
         return instance
 
 class PermissionSerializer(serializers.ModelSerializer):

apps/account/urls.py

@@ -10,8 +10,12 @@ urlpatterns = [
     url(r'^code2Session/$', WxLoginView.as_view()), # 自动登录
     url(r'^setUserInfo/$', SetUserInfoView.as_view()),
     url(r'^wxbind/$', WxBindView.as_view()), # 微信快捷登录
+
+    url(r'^permission/dict/$', PermissionDictView.as_view()),  # 人员管理，编辑，权限组
+    url(r'^permission/all/$', PermissionsListView.as_view()),  # 权限管理，编辑，加载所有权限
 ]
 
 router = SimpleRouter()
 router.register(r'employee', EmployeeViewSet)
+router.register(r'permission', GroupsViewSet)
 urlpatterns += router.urls

apps/account/views.py

@@ -15,13 +15,15 @@ from django.contrib.auth import get_user_model
 
 User = get_user_model()
 from apps.account.serializers import JWTSerializer, EmployeeSerializer, \
-    WechatLoginSerializer, WechatBindSerializer
+    WechatLoginSerializer, WechatBindSerializer, GroupDictSerializer, GroupSerializer
 from utils.custom_modelviewset import CustomModelViewSet
-from apps.account.filters import UserFilter
+from apps.account.filters import UserFilter, GroupFilter
 from apps.log.models import BizLog
 from utils.exceptions import CustomError
 from apps.account.models import CustomerWechat
 from utils.wx.WXBizDataCrypt import WXBizDataCrypt
+from apps.account.consts import PermissionMenu
+from collections import OrderedDict
 
 class LoginView(ObtainJSONWebToken):
     serializer_class = JWTSerializer
@@ -102,6 +104,48 @@ class EmployeeViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.UPDATE,
                               u'修改用户[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+class GroupsViewSet(CustomModelViewSet):
+    permission_classes = [isLogin, ]
+    queryset = Group.objects.filter()
+    serializer_class = GroupSerializer
+
+    @permission_required('account.manager_permissions')
+    def filter_queryset(self, queryset):
+        if not self.request.user.is_superuser:
+            groups = self.request.user.groups.all()
+            queryset = queryset.filter(id__in=[g.id for g in groups])
+        f = GroupFilter(self.request.GET, queryset=queryset)
+        return f.qs
+
+    @permission_required('account.manager_permissions')
+    def perform_create(self, serializer):
+        super(GroupsViewSet, self).perform_create(serializer)
+        instance = serializer.instance
+        validated_data = serializer.validated_data
+        BizLog.objects.addnew(self.request.user, BizLog.INSERT,
+                              u'添加权限组[%s]，id=%d' % (instance.name, instance.id), validated_data)
+
+    @permission_required('account.manager_permissions')
+    def perform_update(self, serializer):
+        super(GroupsViewSet, self).perform_update(serializer)
+        instance = serializer.instance
+        validated_data = serializer.validated_data
+        BizLog.objects.addnew(self.request.user, BizLog.UPDATE,
+                              u'修改权限组[%s]，id=%d' % (instance.name, instance.id), validated_data)
+
+    @permission_required('account.manager_permissions')
+    def destroy(self, request, *args, **kwargs):
+        with transaction.atomic():
+            instance = self.get_object()
+            # user_count = instance.user_set.all().count()
+            # if user_count:
+            #     raise CustomError(u'该权限组已分配给用户，禁止删除！')
+
+            BizLog.objects.addnew(self.request.user, BizLog.DELETE,
+                                  u'删除权限组[%s]，id=%d' % (instance.name, instance.id))
+            instance.delete()
+        return response_ok()
+
 
 class SetUserInfoView(APIView):
     permission_classes = [isLogin, ]
@@ -154,3 +198,40 @@ class WxBindView(APIView):
             return response_ok(ser.validated_data)
         else:
             return response_error('参数错误')
+
+
+class PermissionsListView(APIView):
+    permission_classes = [isLogin, ]
+
+    @permission_required('account.manager_permissions')
+    def get(self, request):
+        rows = Permission.objects.all().exclude(name__startswith='Can')
+        perms_menus = PermissionMenu()
+        rows = perms_menus.sort_perms(rows)
+        menus = OrderedDict()
+        for row in rows:
+            item = {'id': row.id, 'name': row.name}
+            mn = perms_menus.get_menuname_of_contenttype(row.content_type.app_label, row.content_type.model)
+            if mn in menus:
+                permissions = menus[mn]
+            else:
+                permissions = menus[mn] = OrderedDict()
+            if row.content_type.name in permissions:
+                if not item in permissions[row.content_type.name]:
+                    permissions[row.content_type.name].append(item)
+            else:
+                permissions[row.content_type.name] = [item, ]
+        return response_ok(menus)
+
+
+class PermissionDictView(APIView):
+    permission_classes = [isLogin, ]
+
+    @permission_required('account.add_user')
+    def get(self, request):
+        rows = Group.objects.filter()
+        if not request.user.is_superuser:
+            groups = request.user.groups.all()
+            rows = rows.filter(id__in=[g.id for g in groups])
+        serializer = GroupDictSerializer(rows, many=True)
+        return response_ok(serializer.data)

apps/option/models.py

@@ -126,7 +126,7 @@ class CommodityLevel(models.Model):
                              blank=True, null=True)
 
     class Meta:
-        verbose_name = u"商品级别"
+        verbose_name = u"商品分类"
         db_table = "commodiey_level"
         ordering = ['-id']
         default_permissions = ()

apps/order/views.py

@@ -61,7 +61,7 @@ class OrderViewSet(CustomModelViewSet):
         elif self.request.user.type == User.AGENT:
             # 代理商，筛选代理的类别和学校
             queryset = queryset.filter(
-                Q(commodity__cogetory__in=self.request.user.cogetory) | Q(student__school=self.request.user.school))
+                Q(commodity__category__in=self.request.user.category) | Q(student__school=self.request.user.school))
 
         f = OrderFilter(self.request.GET, queryset=queryset)
         return f.qs

bookshop_admin/settings.py

@@ -218,7 +218,7 @@ UIS_ROOT = os.path.join(BASE_DIR, "uis/")
 EXPORT_URL = '/export/'
 EXPORT_ROOT = os.path.join(BASE_DIR, "export/")
 
-SERVER_DOMAIN = 'https://lsr.zzly.vip'
+SERVER_DOMAIN = 'https://qjxl.zzly.vip'
 # SERVER_DOMAIN = 'http://192.168.2.45:8887'
 
 JWT_AUTH = {

uis/views/employee/edit.html

@@ -94,6 +94,12 @@
                                     <select name="category" xm-select="categoryGroup"></select>
                                 </div>
                             </div>
+                            <div class="layui-col-lg6">
+                                <label class="layui-form-label">权限组：</label>
+                                <div class="layui-input-block">
+                                    <select name="groups" xm-select="selectGroup"></select>
+                                </div>
+                            </div>
                             <div class="layui-col-lg6">
                                 <label class="layui-form-label">是否在用：</label>
                                 <div class="layui-input-block">
@@ -137,6 +143,23 @@
         }
         form.render(null, 'component-form-element');
 
+        formSelects.config('selectGroup', {
+            beforeSuccess: function (eid, url, searchVal, result) {
+                if (id) {
+                    var groupIds = parent.layui.table.editdata.group_ids;
+                    for (var n in result.data) {
+                        var item = result.data[n];
+                        if (groupIds.indexOf(parseInt(item.value)) > -1)
+                            item.selected = 'selected';
+                    }
+                }
+                return result;
+            }
+        });
+        formSelects.data('selectGroup', 'server', {
+            url: '/account/permission/dict/'
+        });
+
         formSelects.config('categoryGroup', {
             beforeSuccess: function (eid, url, searchVal, result) {
                 if (id) {
@@ -215,6 +238,8 @@
                 url = '/account/employee/';
                 type = 'post';
             }
+            var groups = formSelects.value('selectGroup', 'val');
+            data.field.groups = JSON.stringify(groups);
 
             if (!data.field.is_active) {
                 data.field.is_active = '0'

uis/views/employee/index.html

@@ -90,7 +90,8 @@
                 , {field: 'username', title: '账号', width: 120}
                 , {field: 'enable_text', title: '是否在用', width: 100}
                 , {field: 'position', title: '职位', width: 120}
-                , {field: 'type_text', title: '类别', width: 200}
+                , {field: 'type_text', title: '类别', width: 120}
+                , {field: 'groups', title: '权限组', width: 200}
                 , {field: 'date_joined_f', title: '添加时间', width: 150}
                 , {field: 'create_user_text', title: '添加人', width: 100}
                 , {width: 170, align: 'center', fixed: 'right', toolbar: '#datagrid-operate-bar'}

uis/views/index.html

@@ -79,6 +79,9 @@
                             <dd data-name="nav" data-permission="account.browse_user">
                                 <a lay-href="employee/index.html">人员管理</a>
                             </dd>
+                            <dd data-name="nav" data-permission="account.manager_permissions">
+                                <a lay-href="permissions/index.html">权限管理</a>
+                            </dd>
                             <!--dd data-name="nav">
                                 <a lay-href="option/config.html">综合设置</a>
                             </dd-->