2024-06-04 18:45:11 +08:00
|
|
|
|
# 标准库导入
|
|
|
|
|
from django.http import JsonResponse, HttpResponseBadRequest
|
|
|
|
|
from django.shortcuts import redirect, render, get_object_or_404
|
2024-05-29 15:25:17 +08:00
|
|
|
|
from django.utils.decorators import method_decorator
|
|
|
|
|
|
2024-06-04 18:45:11 +08:00
|
|
|
|
# Django组件导入
|
|
|
|
|
from django.contrib import messages
|
|
|
|
|
from django.contrib.auth import logout
|
2024-05-30 13:40:50 +08:00
|
|
|
|
from django.contrib.auth.decorators import login_required, permission_required
|
2024-06-04 18:45:11 +08:00
|
|
|
|
from django.contrib.auth.models import Permission, User
|
|
|
|
|
from django.contrib.auth.views import LoginView
|
2024-05-29 15:25:17 +08:00
|
|
|
|
from django.views.decorators.csrf import csrf_protect
|
|
|
|
|
|
2024-06-05 00:45:24 +08:00
|
|
|
|
from XH_Digital_Management import settings
|
2024-06-04 18:45:11 +08:00
|
|
|
|
# 本地Django应用导入
|
|
|
|
|
from application.accounts.models import AccountProfile
|
|
|
|
|
from common.utils.page_helper import paginate_query_and_assign_numbers
|
|
|
|
|
|
2024-05-29 15:25:17 +08:00
|
|
|
|
|
2024-06-05 00:45:24 +08:00
|
|
|
|
def format_permissions(permissions):
|
|
|
|
|
action_prefixes = ['Can add ', 'Can change ', 'Can delete ', 'Can view ']
|
|
|
|
|
# 创建动作映射字典
|
|
|
|
|
action_mapping = {
|
|
|
|
|
'add': '新增',
|
|
|
|
|
'change': '修改',
|
|
|
|
|
'view': '查看',
|
|
|
|
|
'delete': '删除'
|
|
|
|
|
}
|
|
|
|
|
formatted_permissions = []
|
|
|
|
|
|
|
|
|
|
for perm in permissions:
|
|
|
|
|
name = perm['name']
|
|
|
|
|
# 从权限名称中移除动作前缀
|
|
|
|
|
for prefix in action_prefixes:
|
|
|
|
|
if name.startswith(prefix):
|
|
|
|
|
name = name.replace(prefix, '')
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
# 从settings中获取APP_NAME_MAPPING
|
|
|
|
|
app_label = perm['content_type__app_label']
|
|
|
|
|
resource_group = settings.APP_NAME_MAPPING.get(app_label)
|
|
|
|
|
|
|
|
|
|
# 如果APP_NAME_MAPPING中没有相应的映射,则跳过这个权限
|
|
|
|
|
if resource_group is None:
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
# 获取权限的动作描述
|
|
|
|
|
action = perm['codename'].split('_')[0]
|
|
|
|
|
permission_description = action_mapping.get(action, '未知操作')
|
|
|
|
|
|
|
|
|
|
# 构建格式化后的权限字典并添加到列表中
|
|
|
|
|
formatted_permissions.append({
|
|
|
|
|
'id': perm['id'],
|
|
|
|
|
'resource_group': resource_group,
|
|
|
|
|
'resource': name,
|
|
|
|
|
'permission': permission_description,
|
|
|
|
|
'codename': perm['codename']
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return formatted_permissions
|
|
|
|
|
|
|
|
|
|
|
2024-05-29 15:25:17 +08:00
|
|
|
|
@method_decorator(csrf_protect, name='dispatch')
|
|
|
|
|
class CustomLoginView(LoginView):
|
|
|
|
|
template_name = 'accounts/login.html'
|
|
|
|
|
|
|
|
|
|
def form_valid(self, form):
|
|
|
|
|
remember_me = form.cleaned_data.get('remember_me')
|
|
|
|
|
if remember_me:
|
|
|
|
|
self.request.session.set_expiry(1209600) # 2 weeks
|
|
|
|
|
else:
|
|
|
|
|
self.request.session.set_expiry(0) # Browser close
|
|
|
|
|
return super(CustomLoginView, self).form_valid(form)
|
|
|
|
|
|
|
|
|
|
def form_invalid(self, form):
|
|
|
|
|
messages.error(self.request, '用户名或密码错误。')
|
|
|
|
|
return super().form_invalid(form)
|
2024-05-29 17:26:54 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def logout_view(request):
|
|
|
|
|
logout(request)
|
|
|
|
|
# Redirect to a success page, such as the home page
|
|
|
|
|
return redirect('user_login')
|
2024-05-30 13:40:50 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
@permission_required('auth.view_user', raise_exception=True)
|
|
|
|
|
def user_permissions_list(request):
|
2024-06-04 18:45:11 +08:00
|
|
|
|
query_set = AccountProfile.objects.filter().order_by('id')
|
|
|
|
|
|
|
|
|
|
name = request.GET.get('name', '')
|
|
|
|
|
primary_department = request.GET.get('primary_department', '')
|
|
|
|
|
|
|
|
|
|
if name:
|
|
|
|
|
query_set = query_set.filter(employee_information__name__icontains=name)
|
|
|
|
|
if primary_department:
|
|
|
|
|
query_set = query_set.filter(employee_information__primary_department=primary_department)
|
|
|
|
|
query_set = query_set.filter(user__is_superuser=True)
|
|
|
|
|
|
|
|
|
|
items = paginate_query_and_assign_numbers(
|
|
|
|
|
request=request,
|
|
|
|
|
queryset=query_set,
|
|
|
|
|
per_page=10
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# 构建上下文查询参数字符串
|
|
|
|
|
query_params = '&name={}' + format(name) + '&primary_department={}' + format(primary_department)
|
|
|
|
|
|
|
|
|
|
context = {
|
2024-06-04 22:35:12 +08:00
|
|
|
|
'list_key': 'id',
|
2024-06-04 18:45:11 +08:00
|
|
|
|
'breadcrumb_list': [
|
|
|
|
|
{"title": "首页", "name": "index"},
|
|
|
|
|
{"title": "权限设置", "name": "user_permissions_list"},
|
|
|
|
|
{"title": "账号权限表", "name": "user_permissions_list"}
|
|
|
|
|
],
|
|
|
|
|
"form_action_url": "user_permissions_list",
|
|
|
|
|
'filters': [
|
|
|
|
|
{
|
|
|
|
|
"type": "text",
|
|
|
|
|
"id": "name",
|
|
|
|
|
"name": "name",
|
|
|
|
|
"label": "姓名",
|
|
|
|
|
"placeholder": "请输入姓名"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "select",
|
|
|
|
|
"id": "primary_department",
|
|
|
|
|
"name": "primary_department",
|
|
|
|
|
"label": "一级部门",
|
|
|
|
|
"options": [
|
|
|
|
|
{"value": "天信", "display": "天信"},
|
|
|
|
|
{"value": "混改", "display": "混改"},
|
|
|
|
|
{"value": "艾力芬特", "display": "艾力芬特"},
|
|
|
|
|
{"value": "星河", "display": "星河"},
|
|
|
|
|
{"value": "星海", "display": "星海"}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"table_columns": [
|
|
|
|
|
{"header": "姓名", "field": "employee_information.name"},
|
|
|
|
|
{"header": "邮箱", "field": "user.email"},
|
|
|
|
|
{"header": "角色", "field": "user.is_superuser"},
|
|
|
|
|
{"header": "部门", "field": "employee_information.primary_department"},
|
|
|
|
|
{"header": "职务", "field": "employee_information.position"},
|
|
|
|
|
{"header": "状态", "field": "employee_information.status"},
|
|
|
|
|
{"header": "权限", "field": "authority"},
|
|
|
|
|
{"header": "编辑", "field": "actions"}
|
|
|
|
|
],
|
|
|
|
|
'query_params': query_params,
|
|
|
|
|
'items': items,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return render(request, 'accounts/user_permissions_list.html', context)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
@permission_required('auth.view_permission', raise_exception=True)
|
|
|
|
|
def available_permissions(request):
|
|
|
|
|
# 从请求中获取'user_id'查询参数
|
|
|
|
|
user_id = request.GET.get('user_id')
|
|
|
|
|
if not user_id:
|
|
|
|
|
return HttpResponseBadRequest('User ID is required.')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user_id = int(user_id)
|
|
|
|
|
except ValueError:
|
|
|
|
|
return HttpResponseBadRequest('Invalid User ID.')
|
|
|
|
|
|
|
|
|
|
# 使用user_id获取用户对象
|
|
|
|
|
user = get_object_or_404(User, pk=user_id)
|
|
|
|
|
|
2024-06-05 00:45:24 +08:00
|
|
|
|
# 获取用户已有的权限,并关联content_type的app_label
|
|
|
|
|
user_permissions = user.user_permissions.all().prefetch_related('content_type').values('id', 'name', 'codename', 'content_type__app_label')
|
2024-06-04 18:45:11 +08:00
|
|
|
|
|
2024-06-05 00:45:24 +08:00
|
|
|
|
# 获取系统中所有的权限,并关联content_type的app_label
|
|
|
|
|
all_permissions = Permission.objects.all().prefetch_related('content_type').values('id', 'name', 'codename', 'content_type__app_label')
|
2024-06-04 18:45:11 +08:00
|
|
|
|
|
|
|
|
|
# 找出用户尚未拥有的权限
|
|
|
|
|
available_permissions = all_permissions.exclude(id__in=user_permissions.values_list('id', flat=True))
|
|
|
|
|
|
|
|
|
|
# 序列化可添加的权限并格式化
|
2024-06-05 00:45:24 +08:00
|
|
|
|
formatted_permissions_list = format_permissions(available_permissions)
|
2024-05-30 13:40:50 +08:00
|
|
|
|
|
2024-06-04 18:45:11 +08:00
|
|
|
|
# 返回JSON响应
|
|
|
|
|
return JsonResponse(formatted_permissions_list, safe=False)
|
2024-06-04 22:35:12 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
def get_user_existing_permissions(request):
|
|
|
|
|
# 从请求中获取'user_id'查询参数
|
|
|
|
|
user_id = request.GET.get('user_id')
|
|
|
|
|
if not user_id:
|
|
|
|
|
return JsonResponse({'error': 'User ID is required.'}, status=400)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user_id = int(user_id)
|
|
|
|
|
except ValueError:
|
|
|
|
|
return JsonResponse({'error': 'Invalid User ID.'}, status=400)
|
|
|
|
|
|
|
|
|
|
# 使用user_id获取用户对象
|
|
|
|
|
user = get_object_or_404(User, pk=user_id)
|
|
|
|
|
|
2024-06-05 00:45:24 +08:00
|
|
|
|
# 获取用户所有权限的QuerySet,并包含content_type的app_label
|
|
|
|
|
user_permissions = user.user_permissions.all().prefetch_related('content_type').values('id', 'name', 'codename', 'content_type__app_label')
|
2024-06-04 22:35:12 +08:00
|
|
|
|
|
|
|
|
|
# 将权限序列化为列表
|
2024-06-05 00:45:24 +08:00
|
|
|
|
permissions_list = format_permissions(user_permissions)
|
2024-06-04 22:35:12 +08:00
|
|
|
|
|
|
|
|
|
# 返回JSON响应
|
2024-06-05 00:45:24 +08:00
|
|
|
|
return JsonResponse(permissions_list, safe=False)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_user_permissions_with_app(request):
|
|
|
|
|
user_id = request.GET.get('user_id')
|
|
|
|
|
|
|
|
|
|
# 使用user_id获取用户对象
|
|
|
|
|
user = get_object_or_404(User, pk=user_id)
|
|
|
|
|
|
|
|
|
|
# 获取用户所有权限的QuerySet
|
|
|
|
|
permissions = user.user_permissions.select_related('content_type')
|
|
|
|
|
|
|
|
|
|
# 创建包含权限和它们所属应用的列表
|
|
|
|
|
permissions_with_app = [
|
|
|
|
|
{
|
|
|
|
|
'permission': perm.codename,
|
|
|
|
|
'app': perm.content_type.app_label,
|
|
|
|
|
}
|
|
|
|
|
for perm in permissions
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
return permissions_with_app
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
def view_permissions(request, user_id):
|
|
|
|
|
# 获取指定的用户对象
|
|
|
|
|
user = get_object_or_404(User, pk=user_id)
|
|
|
|
|
|
|
|
|
|
# 获取用户已有的权限ID集合
|
|
|
|
|
user_permissions_ids = set(user.user_permissions.values_list('id', flat=True))
|
|
|
|
|
|
|
|
|
|
# 查询所有权限,并包括关联的ContentType
|
|
|
|
|
all_permissions = Permission.objects.select_related('content_type').all()
|
|
|
|
|
|
|
|
|
|
# 将权限组织为一个字典,以资源分组为键
|
|
|
|
|
grouped_permissions = {}
|
|
|
|
|
for perm in all_permissions:
|
|
|
|
|
group = perm.content_type.app_label
|
|
|
|
|
perm_dict = {
|
|
|
|
|
'id': perm.id,
|
|
|
|
|
'name': perm.name,
|
|
|
|
|
'codename': perm.codename,
|
|
|
|
|
'checked': perm.id in user_permissions_ids # 标记用户是否已有该权限
|
|
|
|
|
}
|
|
|
|
|
grouped_permissions.setdefault(group, []).append(perm_dict)
|
|
|
|
|
|
|
|
|
|
# 渲染模板并传递grouped_permissions和user_id
|
|
|
|
|
return render(request, 'authority_modal1.html', {
|
|
|
|
|
'grouped_permissions': grouped_permissions,
|
|
|
|
|
'user_id': user_id
|
|
|
|
|
})
|