From 03f4c44b0b2f93cd1b4c29a65908225ba27b2e70 Mon Sep 17 00:00:00 2001 From: sichan Date: Tue, 18 Jun 2024 21:59:27 +0800 Subject: [PATCH] =?UTF-8?q?=E6=89=B9=E9=87=8F=E4=BF=AE=E6=94=B9delete?= =?UTF-8?q?=E8=A7=86=E5=9B=BE=E6=96=B9=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/asset_mgnt/views.py | 31 +++--- application/cpc_mgnt/views.py | 71 ++++++-------- application/fac_mgnt/views.py | 167 +++++++++++--------------------- application/hrm_mgnt/views.py | 49 ++++++---- application/perf_mgnt/views.py | 16 +-- templates/items_list.html | 2 +- 6 files changed, 140 insertions(+), 196 deletions(-) diff --git a/application/asset_mgnt/views.py b/application/asset_mgnt/views.py index 1fdd1d5..ee83ee3 100644 --- a/application/asset_mgnt/views.py +++ b/application/asset_mgnt/views.py @@ -1,17 +1,17 @@ -from django.contrib.auth.decorators import login_required, permission_required +from django.contrib.auth.decorators import permission_required from django.http import JsonResponse, Http404 -from django.shortcuts import render, get_object_or_404, redirect +from django.shortcuts import render from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods -from common.auth import group_required, custom_permission_required +from common.auth import custom_permission_required from common.utils.page_helper import paginate_query_and_assign_numbers from .forms import FixedAssetsInventoryForm, IntangibleAssetsInventoryForm from .models import * # Create your views.txt here. -@login_required @custom_permission_required('asset_mgnt.view_fixedassetsinventory') def fixed_assets_list_view(request): """ @@ -76,7 +76,6 @@ def fixed_assets_list_view(request): return render(request, 'items_list.html', context) -@login_required @permission_required('asset_mgnt.add_fixedassetsinventory', raise_exception=True) def fixed_assets_list_add(request): """ @@ -98,7 +97,6 @@ def fixed_assets_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @permission_required('asset_mgnt.change_fixedassetsinventory', raise_exception=True) def fixed_assets_list_modify(request): """ @@ -133,20 +131,20 @@ def fixed_assets_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @permission_required('asset_mgnt.delete_fixedassetsinventory', raise_exception=True) def fixed_assets_list_delete(request): """ 资产管理-固定资产清单表-删除视图 """ - if request.method == 'GET': - asset_id = request.GET.get('asset_id') + asset_id = request.POST.get('id') + if asset_id: FixedAssetsInventory.objects.filter(asset_id=asset_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @permission_required('asset_mgnt.view_intangibleassetsinventory', raise_exception=True) def intangible_assets_list_view(request): """ @@ -211,7 +209,6 @@ def intangible_assets_list_view(request): return render(request, 'items_list.html', context) -@login_required @permission_required('asset_mgnt.add_intangibleassetsinventory', raise_exception=True) def intangible_assets_list_add(request): """ @@ -233,7 +230,6 @@ def intangible_assets_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @permission_required('asset_mgnt.change_intangibleassetsinventory', raise_exception=True) def intangible_assets_list_modify(request): """ @@ -268,14 +264,15 @@ def intangible_assets_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @permission_required('asset_mgnt.delete_intangibleassetsinventory', raise_exception=True) def intangible_assets_list_delete(request): """ 资产管理-无形资产清单表-删除视图 """ - if request.method == 'GET': - asset_id = request.GET.get('asset_id') + asset_id = request.POST.get('id') + if asset_id: IntangibleAssetsInventory.objects.filter(asset_id=asset_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) diff --git a/application/cpc_mgnt/views.py b/application/cpc_mgnt/views.py index 98e646f..517426b 100644 --- a/application/cpc_mgnt/views.py +++ b/application/cpc_mgnt/views.py @@ -3,6 +3,7 @@ from django.http import JsonResponse, Http404 from django.shortcuts import render from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from common.auth import custom_permission_required from common.utils.page_helper import paginate_query_and_assign_numbers @@ -10,7 +11,6 @@ from .forms import * from .models import * -@login_required @custom_permission_required('cpc_mgnt.view_sealusageregistry') def seal_reg_list_view(request): """ @@ -56,7 +56,6 @@ def seal_reg_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('cpc_mgnt.add_sealusageregistry') def seal_reg_list_add(request): """ @@ -78,7 +77,6 @@ def seal_reg_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('cpc_mgnt.change_sealusageregistry') def seal_reg_list_modify(request): """ @@ -113,23 +111,20 @@ def seal_reg_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('cpc_mgnt.delete_sealusageregistry') def seal_reg_list_delete(request): """ 基础数据-合规管理-用印登记表-删除视图 """ - if request.method == 'GET': - target_id = request.GET.get('id') - if target_id: - SealUsageRegistry.objects.filter(record_id=target_id).delete() - return JsonResponse({"message": "删除成功"}) - else: - return JsonResponse({"message": "id错误"}, status=400) - return JsonResponse({"message": "无效的请求方法"}, status=405) + target_id = request.POST.get('id') + if target_id: + SealUsageRegistry.objects.filter(record_id=target_id).delete() + return JsonResponse({"message": "删除成功"}) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('cpc_mgnt.view_sealandocumentborrowingregistry') def seal_doc_borrow_list_view(request): """ @@ -176,7 +171,6 @@ def seal_doc_borrow_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('cpc_mgnt.add_sealandocumentborrowingregistry') def seal_doc_borrow_list_add(request): """ @@ -198,7 +192,6 @@ def seal_doc_borrow_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('cpc_mgnt.change_sealandocumentborrowingregistry') def seal_doc_borrow_list_modify(request): """ @@ -233,23 +226,20 @@ def seal_doc_borrow_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('cpc_mgnt.delete_sealandocumentborrowingregistry') def seal_doc_borrow_list_delete(request): """ 基础数据-合规管理-用印登记表-删除视图 """ - if request.method == 'GET': - target_id = request.GET.get('id') - if target_id: - SealAndDocumentBorrowingRegistry.objects.filter(record_id=target_id).delete() - return JsonResponse({"message": "删除成功"}) - else: - return JsonResponse({"message": "id错误"}, status=400) - return JsonResponse({"message": "无效的请求方法"}, status=405) + target_id = request.POST.get('id') + if target_id: + SealAndDocumentBorrowingRegistry.objects.filter(record_id=target_id).delete() + return JsonResponse({"message": "删除成功"}) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('cpc_mgnt.view_contractmanagementledger') def contract_mgmt_list_view(request): """ @@ -310,7 +300,6 @@ def contract_mgmt_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('cpc_mgnt.add_contractmanagementledger') def contract_mgmt_list_add(request): """ @@ -332,7 +321,6 @@ def contract_mgmt_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('cpc_mgnt.change_contractmanagementledger') def contract_mgmt_list_modify(request): """ @@ -367,23 +355,21 @@ def contract_mgmt_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('cpc_mgnt.delete_contractmanagementledger') def contract_mgmt_list_delete(request): """ 基础数据-合规管理-合同管理台账-删除视图 """ - if request.method == 'GET': - contract_number = request.GET.get('id') - if contract_number: - ContractManagementLedger.objects.filter(contract_number=contract_number).delete() - return JsonResponse({"message": "删除成功"}) - else: - return JsonResponse({"message": "id错误"}, status=400) - return JsonResponse({"message": "无效的请求方法"}, status=405) + contract_number = request.POST.get('id') + if contract_number: + ContractManagementLedger.objects.filter(contract_number=contract_number).delete() + return JsonResponse({"message": "删除成功"}) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) + -@login_required @custom_permission_required('cpc_mgnt.view_companypolicies') def policies_list_view(request): """ @@ -444,7 +430,6 @@ def policies_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('cpc_mgnt.add_companypolicies') def policies_list_add(request): """ @@ -466,7 +451,6 @@ def policies_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('cpc_mgnt.change_companypolicies') def policies_list_modify(request): """ @@ -501,14 +485,15 @@ def policies_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('cpc_mgnt.delete_companypolicies') def policies_list_delete(request): """ 基础数据-合规管理-公司制度表-删除视图 """ - if request.method == 'GET': - policy_id = request.GET.get('policy_id') + policy_id = request.POST.get('policy_id') + if policy_id: CompanyPolicies.objects.filter(policy_id=policy_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) diff --git a/application/fac_mgnt/views.py b/application/fac_mgnt/views.py index a81ed86..3b6354e 100644 --- a/application/fac_mgnt/views.py +++ b/application/fac_mgnt/views.py @@ -1,15 +1,11 @@ -import json from decimal import Decimal -from django.contrib.auth.decorators import login_required -from django.http import JsonResponse, Http404 +from django.http import Http404 from django.shortcuts import render, get_object_or_404 from django.template.loader import render_to_string from django.urls import reverse -from django.views.decorators.csrf import csrf_protect from django.views.decorators.http import require_POST, require_http_methods -from application import pjt_mgnt from application.fac_mgnt.forms import * from application.fac_mgnt.models import * from application.hrm_mgnt.models import PerformanceEvaluation, EmployeeInformation @@ -17,16 +13,8 @@ from common.auth import custom_permission_required from common.utils.page_helper import paginate_query_and_assign_numbers from django.http import JsonResponse -from django.core.files.storage import default_storage -from django.conf import settings -from openpyxl import load_workbook -from django.apps import apps -from rest_framework.serializers import ModelSerializer -from django.core.exceptions import ValidationError -import os -@login_required @custom_permission_required('fac_mgnt.view_expensetype') def exp_type_list_view(request): """ @@ -66,7 +54,6 @@ def exp_type_list_view(request): return render(request, 'exp_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_expensetype') def exp_type_list_add(request): """ @@ -88,7 +75,6 @@ def exp_type_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_expensetype') def exp_type_list_modify(request): """ @@ -121,20 +107,20 @@ def exp_type_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_expensetype') def exp_type_list_delete(request): """ 基础数据-财会管理-费用类型-删除视图 """ - if request.method == 'GET': - type_id = request.GET.get('id') + type_id = request.POST.get('id') + if type_id: ExpenseType.objects.filter(type_id=type_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_expensedetail') def exp_detail_list_view(request): """ @@ -178,7 +164,6 @@ def exp_detail_list_view(request): return render(request, 'exp_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_expensedetail') def exp_detail_list_add(request): """ @@ -200,7 +185,6 @@ def exp_detail_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_expensedetail') def exp_detail_list_modify(request): """ @@ -233,20 +217,20 @@ def exp_detail_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_expensedetail') def exp_detail_list_delete(request): """ 基础数据-财会管理-费用明细-删除视图 """ - if request.method == 'GET': - detail_id = request.GET.get('detail_id') + detail_id = request.POST.get('id') + if detail_id: ExpenseDetail.objects.filter(detail_id=detail_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_groupannualbudget') def gpb_list_view(request): """ @@ -317,7 +301,6 @@ def gpb_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_groupannualbudget') def gpb_list_add(request): """ @@ -339,7 +322,6 @@ def gpb_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_groupannualbudget') def gpb_list_modify(request): """ @@ -372,20 +354,19 @@ def gpb_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.delete_groupannualbudget') def gpb_list_delete(request): """ 基础数据-财会管理-集团年度预算-删除 """ - if request.method == 'GET': - budget_id = request.GET.get('budget_id') + budget_id = request.POST.get('id') + if budget_id: GroupAnnualBudget.objects.filter(budget_id=budget_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_laborcostdetail') def lcb_list_view(request): """ @@ -434,7 +415,6 @@ def lcb_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_laborcostdetail') def lcb_list_add(request): """ @@ -456,7 +436,6 @@ def lcb_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_laborcostdetail') def lcb_list_modify(request): """ @@ -489,20 +468,19 @@ def lcb_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.delete_laborcostdetail') def lcb_list_delete(request): """ 基础数据-财会管理-人工费明细-删除 """ - if request.method == 'GET': - record_id = request.GET.get('record_id') + record_id = request.POST.get('id') + if record_id: LaborCostDetail.objects.filter(record_id=record_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_reimbursementdetail') def rbm_detail_list_view(request): """ @@ -562,7 +540,6 @@ def rbm_detail_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_reimbursementdetail') def rbm_detail_list_add(request): """ @@ -584,7 +561,6 @@ def rbm_detail_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_reimbursementdetail') def rbm_detail_list_modify(request): """ @@ -617,20 +593,19 @@ def rbm_detail_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.delete_reimbursementdetail') def rbm_detail_list_delete(request): """ 基础数据-财会管理-报销明细-删除 """ - if request.method == 'GET': - record_id = request.GET.get('record_id') + record_id = request.POST.get('id') + if record_id: ReimbursementDetail.objects.filter(record_id=record_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_bonuscategoty') def bns_cat_list_view(request): """ @@ -673,7 +648,6 @@ def bns_cat_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_bonuscategoty') def bns_cat_list_add(request): """ @@ -695,7 +669,6 @@ def bns_cat_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_bonuscategoty') def bns_cat_list_modify(request): """ @@ -728,20 +701,20 @@ def bns_cat_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_bonuscategoty') def bns_cat_list_delete(request): """ 基础数据-财会管理-奖金类别-删除 """ - if request.method == 'GET': - category_id = request.GET.get('category_id') + category_id = request.POST.get('id') + if category_id: BonusCategory.objects.filter(category_id=category_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_bonuscategoty') def bns_alloc_list_view(request): """ @@ -794,7 +767,6 @@ def bns_alloc_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_bonuscategoty') def bns_alloc_list_add(request): """ @@ -816,7 +788,6 @@ def bns_alloc_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_bonuscategoty') def bns_alloc_list_modify(request): """ @@ -849,20 +820,20 @@ def bns_alloc_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_bonuscategoty') def bns_alloc_list_delete(request): """ 基础数据-财会管理-奖金分配表-删除 """ - if request.method == 'GET': - record_id = request.GET.get('record_id') + record_id = request.POST.get('id') + if record_id: BonusAllocation.objects.filter(record_id=record_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_taxrecord') def tax_rec_list_view(request): """ @@ -912,7 +883,6 @@ def tax_rec_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_taxrecord') def tax_rec_list_add(request): """ @@ -934,7 +904,6 @@ def tax_rec_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_taxrecord') def tax_rec_list_modify(request): """ @@ -967,20 +936,20 @@ def tax_rec_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_taxrecord') def tax_rec_list_delete(request): """ 基础数据-财会管理-纳税记录表-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: TaxRecord.objects.filter(id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_electronicinvoiceledger') def inv_ledger_list_view(request): """ @@ -1045,7 +1014,6 @@ def inv_ledger_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_electronicinvoiceledger') def inv_ledger_list_add(request): """ @@ -1067,7 +1035,6 @@ def inv_ledger_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_electronicinvoiceledger') def inv_ledger_list_modify(request): """ @@ -1100,20 +1067,20 @@ def inv_ledger_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_electronicinvoiceledger') def inv_ledger_list_delete(request): """ 基础数据-财会管理-电子发票台账-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: ElectronicInvoiceLedger.objects.filter(invoice_number=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_invoicerecord') def inv_rec_list_view(request): """ @@ -1180,7 +1147,6 @@ def inv_rec_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_invoicerecord') def inv_rec_list_add(request): """ @@ -1202,7 +1168,6 @@ def inv_rec_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_invoicerecord') def inv_rec_list_modify(request): """ @@ -1235,20 +1200,19 @@ def inv_rec_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.delete_invoicerecord') def inv_rec_list_delete(request): """ 基础数据-财会管理-开票记录-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: InvoiceRecord.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('fac_mgnt.view_repaymentrecord') def rep_rec_list_view(request): """ @@ -1289,7 +1253,6 @@ def rep_rec_list_view(request): return render(request, 'rep_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_repaymentrecord') def rep_rec_list_add(request): """ @@ -1311,7 +1274,6 @@ def rep_rec_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_repaymentrecord') def rep_rec_list_modify(request): """ @@ -1344,20 +1306,20 @@ def rep_rec_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('fac_mgnt.delete_repaymentrecord') def rep_rec_list_delete(request): """ 基础数据-财会管理-回款记录-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: RepaymentRecord.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required # @custom_permission_required('hrm_mgnt.view_repaymentdetail') def get_repayment_details(request, repayment_record_id): """ @@ -1368,7 +1330,6 @@ def get_repayment_details(request, repayment_record_id): return JsonResponse(list(details), safe=False) -@login_required # @custom_permission_required('hrm_mgnt.add_repaymentdetail') @require_POST def add_repayment_detail(request): @@ -1399,7 +1360,6 @@ def add_repayment_detail(request): }) -@login_required @custom_permission_required('fac_mgnt.view_employeecommission') def emp_comm_list_view(request): """ @@ -1457,7 +1417,6 @@ def emp_comm_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('fac_mgnt.add_employeecommission') def emp_comm_list_add(request): """ @@ -1479,7 +1438,6 @@ def emp_comm_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.change_employeecommission') def emp_comm_list_modify(request): """ @@ -1514,20 +1472,19 @@ def emp_comm_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('fac_mgnt.delete_employeecommission') def emp_comm_list_delete(request): """ 基础数据-财会管理-员工提成情况表-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: EmployeeCommission.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('hrm_mgnt.view_projectcommission') def project_commission_list_view(request): """ @@ -1592,7 +1549,6 @@ def project_commission_list_view(request): return render(request, 'pc_list.html', context) -@login_required # @custom_permission_required('hrm_mgnt.add_projectcommission') def project_commission_add(request): """ @@ -1614,7 +1570,6 @@ def project_commission_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required # @custom_permission_required('hrm_mgnt.change_projectcommission') def project_commission_modify(request): """ @@ -1649,7 +1604,6 @@ def project_commission_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required # @custom_permission_required('hrm_mgnt.delete_projectcommission') def project_commission_delete(request): """ @@ -1662,7 +1616,6 @@ def project_commission_delete(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required # @custom_permission_required('hrm_mgnt.view_employeecommissiondetail') def get_employee_commission_details(request, project_commission_id): """ @@ -1687,7 +1640,6 @@ def get_employee_commission_details(request, project_commission_id): return JsonResponse(data, safe=False) -@login_required # @custom_permission_required('hrm_mgnt.view_employeeinformation') def get_employees(request): """ @@ -1698,7 +1650,6 @@ def get_employees(request): return JsonResponse({"employees": data}) -@login_required # @custom_permission_required('hrm_mgnt.view_employeeinformation') def get_employee_info(request, employee_id): """ @@ -1711,7 +1662,6 @@ def get_employee_info(request, employee_id): return JsonResponse(data) -@login_required # @custom_permission_required('hrm_mgnt.view_performanceevaluation') def get_performance_score(request, employee_id, year): """ @@ -1725,7 +1675,6 @@ def get_performance_score(request, employee_id, year): return JsonResponse(data) -@login_required # @custom_permission_required('hrm_mgnt.add_employeecommissiondetail') def add_employee_commission_detail(request): """ @@ -1764,7 +1713,6 @@ def add_employee_commission_detail(request): return JsonResponse({"success": False, "message": "Invalid request method."}) -@login_required @require_http_methods(["DELETE"]) def delete_employee_commission(request, commission_id): """ @@ -1775,7 +1723,6 @@ def delete_employee_commission(request, commission_id): return JsonResponse({"success": True}) -@login_required # @custom_permission_required('fm.change_employeecommission') def edit_employee_commission_detail(request, commission_id): """ @@ -1808,7 +1755,6 @@ def edit_employee_commission_detail(request, commission_id): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required def get_invoice_records(request): """ 基础数据-财会管理-发票记录表-搜索 @@ -1842,7 +1788,6 @@ def get_invoice_records(request): return JsonResponse({"invoices": data}) -@login_required def get_repayment_records(request): """ 基础数据-财会管理-回款记录表-搜索 diff --git a/application/hrm_mgnt/views.py b/application/hrm_mgnt/views.py index 57e2188..22eb6c8 100644 --- a/application/hrm_mgnt/views.py +++ b/application/hrm_mgnt/views.py @@ -5,6 +5,7 @@ from django.http import Http404 from django.shortcuts import render from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from application.hrm_mgnt.forms import * from application.hrm_mgnt.models import * @@ -182,16 +183,18 @@ def emp_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('hrm_mgnt.delete_employeeinformation') def emp_list_delete(request): """ 基础数据-人力资源管理-人员基本信息表-删除视图 """ - if request.method == 'GET': - employee_id = request.GET.get('id') + employee_id = request.POST.get('id') + if employee_id: EmployeeInformation.objects.filter(employee_id=employee_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('hrm_mgnt.view_salarychangerecord') @@ -328,16 +331,18 @@ def attd_rec_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('hrm_mgnt.delete_employeeattendancerecord') def attd_rec_list_delete(request): """ 基础数据-人力资源管理-员工考勤记录表-删除视图 """ - if request.method == 'GET': - record_id = request.GET.get('record_id') + record_id = request.POST.get('id') + if record_id: EmployeeAttendanceRecord.objects.filter(record_id=record_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('hrm_mgnt.view_otherleavedetails') @@ -472,16 +477,18 @@ def alv_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('hrm_mgnt.delete_annualleaverecord') def alv_list_delete(request): """ 基础数据-人力资源管理-年假使用记录表-删除 """ - if request.method == 'GET': - record_id = request.GET.get('record_id') + record_id = request.post.get('id') + if record_id: AnnualLeaveRecord.objects.filter(record_id=record_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('hrm_mgnt.view_rank') @@ -597,16 +604,18 @@ def rk_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('hrm_mgnt.delete_rank') def rk_list_delete(request): """ 基础数据-人力资源管理-职级表-删除 """ - if request.method == 'GET': - rank_id = request.GET.get('rank_id') + rank_id = request.post.get('id') + if rank_id: Rank.objects.filter(rank_id=rank_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('hrm_mgnt.view_position') @@ -724,16 +733,18 @@ def pst_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('hrm_mgnt.delete_position') def pst_list_delete(request): """ 基础数据-人力资源管理-岗位表-删除 """ - if request.method == 'GET': - position_id = request.GET.get('position_id') + position_id = request.POST.get('id') + if position_id: Position.objects.filter(position_id=position_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) def emp_list_for_create_account_profile(request): @@ -913,13 +924,15 @@ def performance_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('hrm_mgnt.delete_performanceevaluation') def performance_delete(request): """ 基础数据-人力资源管理-员工绩效表-删除 """ - if request.method == 'GET': - performance_id = request.GET.get('performance_id') + performance_id = request.POST.get('id') + if performance_id: PerformanceEvaluation.objects.filter(performance_id=performance_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) diff --git a/application/perf_mgnt/views.py b/application/perf_mgnt/views.py index 404cfc1..6eabee5 100644 --- a/application/perf_mgnt/views.py +++ b/application/perf_mgnt/views.py @@ -3,6 +3,7 @@ from django.http import JsonResponse, Http404 from django.shortcuts import render from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.decorators import api_view, permission_classes @@ -171,16 +172,18 @@ def gbo_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('perf_mgnt.delete_groupbusinesstarget') def gbo_list_delete(request): """ 基础数据-业绩管理-集团经营目标表-删除 """ - if request.method == 'GET': - target_id = request.GET.get('id') + target_id = request.POST.get('id') + if target_id: GroupBusinessTarget.objects.filter(target_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('perf_mgnt.view_targetaudit') @@ -387,16 +390,17 @@ def emt_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('perf_mgnt.delete_employeeperformancetarget') def emt_list_delete(request): """ 基础数据-业绩管理-员工业绩目标表-删除 """ - if request.method == 'GET': - target_id = request.GET.get('id') + target_id = request.POST.get('id') + if target_id: EmployeePerformanceTarget.objects.filter(target_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + return JsonResponse({"message": "请求参数错误"}, status=404) @custom_permission_required('perf_mgnt.view_employeeperformancetargetaudit') diff --git a/templates/items_list.html b/templates/items_list.html index 04645ae..d6ba8df 100644 --- a/templates/items_list.html +++ b/templates/items_list.html @@ -323,7 +323,7 @@ // 确认删除 if (targetIdToDelete !== null) { $.ajax({ - type: 'GET', + type: 'POST', url: deleteUrl, data: { 'id': targetIdToDelete