XH_Digital_Management/common/auth.py

from django.apps import apps
from django.contrib.auth.decorators import user_passes_test
from functools import wraps

from django.http import JsonResponse
from django.shortcuts import redirect
from django.core.exceptions import PermissionDenied

from application.accounts.models import AccountProfile
from application.pjt_mgnt.forms import ProjectLedgerForm, ProjectLedgerManagementForm


def is_in_group(user, group_name):
    return user.groups.filter(name=group_name).exists()


def group_required(group_name):
    return user_passes_test(lambda u: is_in_group(u, group_name))


def custom_permission_required(perm, raise_exception=False):
    def decorator(view_func):
        @wraps(view_func)
        def _wrapped_view(request, *args, **kwargs):
            if request.user.has_perm(perm):
                return view_func(request, *args, **kwargs)
            if raise_exception:
                raise PermissionDenied
            return redirect('error_page')
        return _wrapped_view
    return decorator


def permission_based_queryset(app_name, model_name, id_field, leader_field=None, department_field=None):
    def decorator(view_func):
        @wraps(view_func)
        def _wrapped_view(request, *args, **kwargs):
            current_user = request.user

            try:
                account_profile = AccountProfile.objects.get(user=current_user)
                employee = account_profile.employee_information
            except AccountProfile.DoesNotExist:
                return JsonResponse({'message': '您的账户未关联到员工信息，请联系管理员。'}, status=405)

            model = apps.get_model(app_name, model_name)

            if account_profile.role == 'all_permissions':
                query_set = model.objects.all().order_by(f'-{id_field}')
            elif account_profile.role == 'department_permissions':
                filter_kwargs = {department_field: employee.primary_department}
                query_set = model.objects.filter(**filter_kwargs).order_by(f'-{id_field}')
            elif department_field and not leader_field and account_profile.role in ['department_permissions',
                                                                                    'own_permissions']:
                filter_kwargs = {department_field: employee.primary_department}
                query_set = model.objects.filter(**filter_kwargs).order_by(f'-{id_field}')
            elif leader_field and account_profile.role == 'own_permissions':
                filter_kwargs = {leader_field: employee.name}
                query_set = model.objects.filter(**filter_kwargs).order_by(f'-{id_field}')
            else:
                query_set = model.objects.none()

            request.query_set = query_set

            return view_func(request, *args, **kwargs)

        return _wrapped_view

    return decorator


def dynamic_form_selection(view_func):
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        current_user = request.user

        try:
            account_profile = AccountProfile.objects.get(user=current_user)
            user_department = account_profile.employee_information.primary_department
        except AccountProfile.DoesNotExist:
            return JsonResponse({'message': '您的账户未关联到员工信息，请联系管理员。'}, status=405)

        if user_department == '中后台':
            request.form_class = ProjectLedgerManagementForm
        else:
            request.form_class = ProjectLedgerForm
        return view_func(request, *args, **kwargs)

    return _wrapped_view


def dynamic_form_selection_by_department(view_func):
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        current_user = request.user

        try:
            account_profile = AccountProfile.objects.get(user=current_user)
            user_primary_department = account_profile.employee_information.primary_department
            user_secondary_department = account_profile.employee_information.secondary_department
        except AccountProfile.DoesNotExist:
            return JsonResponse({'message': '您的账户未关联到员工信息，请联系管理员。'}, status=405)

        if user_primary_department == '中后台':
            if user_secondary_department == '财务部':
                request.is_finance_dept = True
            else:
                request.is_finance_dept = False
        else:
            request.is_finance_dept = False

        return view_func(request, *args, **kwargs)

    return _wrapped_view
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00			`from django.apps import apps`
commit 2024-06-05 14:05:45 +08:00			`from django.contrib.auth.decorators import user_passes_test`
base.html views 权限配置 2024-06-14 16:47:43 +08:00			`from functools import wraps`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00
			`from django.http import JsonResponse`
base.html views 权限配置 2024-06-14 16:47:43 +08:00			`from django.shortcuts import redirect`
			`from django.core.exceptions import PermissionDenied`
commit 2024-06-05 14:05:45 +08:00
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00			`from application.accounts.models import AccountProfile`
commit 1. 完善项目台账全部功能 2024-06-28 02:06:39 +08:00			`from application.pjt_mgnt.forms import ProjectLedgerForm, ProjectLedgerManagementForm`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00
commit 2024-06-05 14:05:45 +08:00
			`def is_in_group(user, group_name):`
			`return user.groups.filter(name=group_name).exists()`


			`def group_required(group_name):`
			`return user_passes_test(lambda u: is_in_group(u, group_name))`
base.html views 权限配置 2024-06-14 16:47:43 +08:00

			`def custom_permission_required(perm, raise_exception=False):`
			`def decorator(view_func):`
			`@wraps(view_func)`
			`def _wrapped_view(request, args, *kwargs):`
			`if request.user.has_perm(perm):`
			`return view_func(request, args, *kwargs)`
			`if raise_exception:`
			`raise PermissionDenied`
			`return redirect('error_page')`
			`return _wrapped_view`
			`return decorator`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00

			`def permission_based_queryset(app_name, model_name, id_field, leader_field=None, department_field=None):`
			`def decorator(view_func):`
			`@wraps(view_func)`
			`def _wrapped_view(request, args, *kwargs):`
			`current_user = request.user`

			`try:`
			`account_profile = AccountProfile.objects.get(user=current_user)`
			`employee = account_profile.employee_information`
			`except AccountProfile.DoesNotExist:`
			`return JsonResponse({'message': '您的账户未关联到员工信息，请联系管理员。'}, status=405)`

			`model = apps.get_model(app_name, model_name)`

commit 1. accounts新增role 2. 修改权限校验逻辑 3. 修改使用pandas导出 2024-06-26 11:09:07 +08:00			`if account_profile.role == 'all_permissions':`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00			`query_set = model.objects.all().order_by(f'-{id_field}')`
commit 1. 完善项目台账全部功能 2024-06-28 02:06:39 +08:00			`elif account_profile.role == 'department_permissions':`
			`filter_kwargs = {department_field: employee.primary_department}`
			`query_set = model.objects.filter(**filter_kwargs).order_by(f'-{id_field}')`
commit 1. 视图数据 2024-07-14 16:38:15 +08:00			`elif department_field and not leader_field and account_profile.role in ['department_permissions',`
			`'own_permissions']:`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00			`filter_kwargs = {department_field: employee.primary_department}`
			`query_set = model.objects.filter(**filter_kwargs).order_by(f'-{id_field}')`
commit 1. accounts新增role 2. 修改权限校验逻辑 3. 修改使用pandas导出 2024-06-26 11:09:07 +08:00			`elif leader_field and account_profile.role == 'own_permissions':`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00			`filter_kwargs = {leader_field: employee.name}`
			`query_set = model.objects.filter(**filter_kwargs).order_by(f'-{id_field}')`
			`else:`
commit 1. accounts新增role 2. 修改权限校验逻辑 3. 修改使用pandas导出 2024-06-26 11:09:07 +08:00			`query_set = model.objects.none()`
commit 1. 修改部分问题-上传excel、提交表单相关 2. 导出功能 3. 页面访问权限功能 2024-06-26 09:52:00 +08:00
			`request.query_set = query_set`

			`return view_func(request, args, *kwargs)`

			`return _wrapped_view`

			`return decorator`
commit 1. 完善项目台账全部功能 2024-06-28 02:06:39 +08:00

			`def dynamic_form_selection(view_func):`
			`@wraps(view_func)`
			`def _wrapped_view(request, args, *kwargs):`
			`current_user = request.user`

			`try:`
			`account_profile = AccountProfile.objects.get(user=current_user)`
			`user_department = account_profile.employee_information.primary_department`
			`except AccountProfile.DoesNotExist:`
			`return JsonResponse({'message': '您的账户未关联到员工信息，请联系管理员。'}, status=405)`

			`if user_department == '中后台':`
			`request.form_class = ProjectLedgerManagementForm`
			`else:`
			`request.form_class = ProjectLedgerForm`
			`return view_func(request, args, *kwargs)`
commit 1. 视图数据 2024-07-14 16:38:15 +08:00
			`return _wrapped_view`


			`def dynamic_form_selection_by_department(view_func):`
			`@wraps(view_func)`
			`def _wrapped_view(request, args, *kwargs):`
			`current_user = request.user`

			`try:`
			`account_profile = AccountProfile.objects.get(user=current_user)`
			`user_primary_department = account_profile.employee_information.primary_department`
			`user_secondary_department = account_profile.employee_information.secondary_department`
			`except AccountProfile.DoesNotExist:`
			`return JsonResponse({'message': '您的账户未关联到员工信息，请联系管理员。'}, status=405)`

			`if user_primary_department == '中后台':`
			`if user_secondary_department == '财务部':`
			`request.is_finance_dept = True`
			`else:`
			`request.is_finance_dept = False`
			`else:`
			`request.is_finance_dept = False`

			`return view_func(request, args, *kwargs)`

commit 1. 完善项目台账全部功能 2024-06-28 02:06:39 +08:00			`return _wrapped_view`