#coding=utf-8 import traceback from django.db.models import Q from rest_framework.decorators import action from django.db import transaction from rest_framework.views import APIView from rest_framework.serializers import ValidationError from utils.permission import permission_required, isLogin from django.contrib.auth.models import Group, Permission from rest_framework_jwt.views import ObtainJSONWebToken,VerifyJSONWebToken,RefreshJSONWebToken from utils import response_error, response_ok from django.contrib.auth import get_user_model User = get_user_model() from apps.account.serializers import JWTSerializer, EmployeeSerializer, GroupDictSerializer, GroupSerializer from utils.custom_modelviewset import CustomModelViewSet from apps.account.filters import UserFilter, GroupFilter from apps.account.models import ManageStoreUser from apps.log.models import BizLog from apps.account.consts import PermissionMenu from collections import OrderedDict class LoginView(ObtainJSONWebToken): serializer_class = JWTSerializer def post(self, request, *args, **kwargs): try: ser = self.serializer_class(data=request.data) ser.request = request if ser.is_valid(raise_exception=True): return response_ok(ser.validated_data) except ValidationError as e: return response_error(e.detail['error'][0]) class RefreshTokenView(RefreshJSONWebToken): def post(self, request, *args, **kwargs): try: ser = self.serializer_class(data=request.data) if ser.is_valid(raise_exception=True): return response_ok({'token': ser.validated_data['token']}) except ValidationError as e: return response_error(u'登录状态失效,请重新登录') class EmployeeViewSet(CustomModelViewSet): permission_classes = [isLogin, ] queryset = User.objects.filter() serializer_class = EmployeeSerializer @permission_required('account.browse_user') def filter_queryset(self, queryset): queryset = queryset.filter() user = self.request.user queryset = queryset.filter( Q(store_id__in=self.request.user.get_manager_range()) | Q(id=user.id) | Q(create_user=user)) f = UserFilter(self.request.GET, queryset=queryset) return f.qs @permission_required('account.add_user') def perform_create(self, serializer): super(EmployeeViewSet, self).perform_create(serializer) instance = serializer.instance validated_data = serializer.validated_data BizLog.objects.addnew(self.request.user, BizLog.INSERT, u'添加用户[%s],id=%d' % (instance.name, instance.id), validated_data) @permission_required('account.add_user') def perform_update(self, serializer): super(EmployeeViewSet, self).perform_update(serializer) instance = serializer.instance validated_data = serializer.validated_data BizLog.objects.addnew(self.request.user, BizLog.UPDATE, u'修改用户[%s],id=%d' % (instance.name, instance.id), validated_data) @permission_required('account.delete_user') def perform_destroy(self, instance): ManageStoreUser.objects.filter(manage_user=instance).delete() BizLog.objects.filter(user=instance).delete() BizLog.objects.addnew(self.request.user, BizLog.DELETE, u'删除账号[%s],id=%d' % (instance.username, instance.id)) super(EmployeeViewSet, self).perform_destroy(instance) @action(methods=['post'], detail=True) def branch(self, request, pk): data = request.POST.get('managers') try: with transaction.atomic(): ManageStoreUser.objects.filter(manage_user_id=pk).delete() rows = data.split(',') for row in rows: branch = row.split('_')[1] ManageStoreUser.objects.create(store_id=branch,manage_user_id=pk) return response_ok() except Exception as e: traceback.print_exc() return response_error(u'保存失败') class GroupsViewSet(CustomModelViewSet): permission_classes = [isLogin, ] queryset = Group.objects.filter() serializer_class = GroupSerializer @permission_required('account.manager_permissions') def filter_queryset(self, queryset): if not self.request.user.is_superuser: groups = self.request.user.groups.all() queryset =queryset.filter(id__in=[g.id for g in groups]) f = GroupFilter(self.request.GET, queryset=queryset) return f.qs @permission_required('account.manager_permissions') def perform_create(self, serializer): super(GroupsViewSet, self).perform_create(serializer) instance = serializer.instance validated_data = serializer.validated_data BizLog.objects.addnew(self.request.user, BizLog.INSERT, u'添加权限组[%s],id=%d' % (instance.name, instance.id), validated_data) @permission_required('account.manager_permissions') def perform_update(self, serializer): super(GroupsViewSet, self).perform_update(serializer) instance = serializer.instance validated_data = serializer.validated_data BizLog.objects.addnew(self.request.user, BizLog.UPDATE, u'修改权限组[%s],id=%d' % (instance.name, instance.id), validated_data) @permission_required('account.manager_permissions') def destroy(self, request, *args, **kwargs): with transaction.atomic(): instance = self.get_object() # user_count = instance.user_set.all().count() # if user_count: # raise CustomError(u'该权限组已分配给用户,禁止删除!') BizLog.objects.addnew(self.request.user, BizLog.UPDATE, u'删除权限组[%s],id=%d' % (instance.name, instance.id)) instance.delete() return response_ok() class PermissionsListView(APIView): permission_classes = [isLogin, ] def get(self, request): rows = Permission.objects.all().exclude(name__startswith='Can') perms_menus = PermissionMenu() rows = perms_menus.sort_perms(rows) menus = OrderedDict() for row in rows: item = {'id': row.id, 'name': row.name} mn = perms_menus.get_menuname_of_contenttype(row.content_type.app_label, row.content_type.model) if mn in menus: permissions = menus[mn] else: permissions = menus[mn] = OrderedDict() if row.content_type.name in permissions: if not item in permissions[row.content_type.name]: permissions[row.content_type.name].append(item) else: permissions[row.content_type.name] = [item, ] return response_ok(menus) class PermissionDictView(APIView): permission_classes = [isLogin, ] def get(self, request): rows = Group.objects.filter() print() if not request.user.is_superuser: groups = request.user.groups.all() rows =rows.filter(id__in=[g.id for g in groups]) serializer = GroupDictSerializer(rows, many=True) return response_ok(serializer.data)