diff --git a/application/mkt_mgnt/views.py b/application/mkt_mgnt/views.py index e1a0054..f91bf95 100644 --- a/application/mkt_mgnt/views.py +++ b/application/mkt_mgnt/views.py @@ -1,8 +1,8 @@ -from django.contrib.auth.decorators import login_required from django.http import JsonResponse, Http404 from django.shortcuts import render, get_object_or_404 from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from rest_framework import status from rest_framework.decorators import api_view, permission_classes from rest_framework.pagination import PageNumberPagination @@ -17,7 +17,6 @@ from common.auth import custom_permission_required from common.utils.page_helper import paginate_query_and_assign_numbers -@login_required @custom_permission_required('mkt_mgnt.view_projectresources') def proj_res_list_view(request): """ @@ -86,7 +85,6 @@ def proj_res_list_view(request): return render(request, 'pj_list.html', context) -@login_required @custom_permission_required('mkt_mgnt.add_projectresources') def proj_res_list_add(request): """ @@ -108,7 +106,6 @@ def proj_res_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('mkt_mgnt.change_projectresources') def proj_res_list_modify(request): """ @@ -143,20 +140,19 @@ def proj_res_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('mkt_mgnt.delete_projectresources') def proj_res_list_delete(request): """ 基础数据-营销管理-项目资源表-删除视图 """ - if request.method == 'GET': - resource_id = request.GET.get('resource_id') + resource_id = request.POST.get('id') + if resource_id: ProjectResources.objects.filter(resource_id=resource_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) -@login_required @custom_permission_required('mkt_mgnt.view_customer') def cust_list_view(request): """ @@ -220,7 +216,6 @@ def cust_list_view(request): return render(request, 'items_list.html', context) -@login_required @custom_permission_required('mkt_mgnt.add_customer') def cust_list_add(request): """ @@ -242,7 +237,6 @@ def cust_list_add(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required @custom_permission_required('mkt_mgnt.change_customer') def cust_list_modify(request): """ @@ -277,17 +271,18 @@ def cust_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) -@login_required +@require_http_methods(["POST"]) @custom_permission_required('mkt_mgnt.delete_customer') def cust_list_delete(request): """ 基础数据-营销管理-客户表-删除视图 """ - if request.method == 'GET': - customer_id = request.GET.get('customer_id') + customer_id = request.POST.get('id') + if customer_id: Customer.objects.filter(customer_id=customer_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) class StandardResultsSetPagination(PageNumberPagination): diff --git a/application/opa_mgnt/views.py b/application/opa_mgnt/views.py index ed72de7..0ba9a34 100644 --- a/application/opa_mgnt/views.py +++ b/application/opa_mgnt/views.py @@ -2,6 +2,7 @@ from django.http import JsonResponse, Http404 from django.shortcuts import render from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from application.opa_mgnt.forms import * from application.opa_mgnt.models import * @@ -109,16 +110,18 @@ def sma_reg_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('opa_mgnt.delete_socialmediaaccountregistration') def sma_reg_list_delete(request): """ 基础数据-运营管理-新媒体账号登记-删除视图 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: SocialMediaAccountRegistration.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('opa_mgnt.view_accountoperationmanagement') @@ -221,16 +224,18 @@ def acc_op_mgmt_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('opa_mgnt.delete_accountoperationmanagement') def acc_op_mgmt_list_delete(request): """ 基础数据-运营管理-账号运营管理记录-删除视图 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: AccountOperationManagement.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('opa_mgnt.view_websiteregistration') @@ -339,11 +344,12 @@ def web_reg_list_delete(request): """ 基础数据-运营管理-网站登记-删除视图 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: WebsiteRegistration.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('opa_mgnt.view_websitemaintenancerecord') @@ -447,13 +453,15 @@ def web_maint_rec_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('opa_mgnt.delete_websitemaintenancerecord') def web_maint_rec_list_delete(request): """ 基础数据-运营管理-网站运维记录-删除视图 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: WebsiteMaintenanceRecord.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) diff --git a/application/org_mgnt/views.py b/application/org_mgnt/views.py index 69ed5d7..9995a7d 100644 --- a/application/org_mgnt/views.py +++ b/application/org_mgnt/views.py @@ -1,14 +1,9 @@ -import json - -from django.apps import apps -from django.contrib.auth.decorators import login_required -from django.core.exceptions import ValidationError -from django.http import JsonResponse, Http404 +from django.http import JsonResponse, Http404 from django.shortcuts import render, get_object_or_404 from django.template.loader import render_to_string from django.urls import reverse from django.utils.timezone import now -from django.views.decorators.csrf import csrf_protect +from django.views.decorators.http import require_http_methods from rest_framework import status from rest_framework.decorators import api_view, permission_classes from rest_framework.pagination import PageNumberPagination @@ -189,16 +184,18 @@ def eir_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('org_mgnt.delete_companyentity') def eir_list_delete(request): """ 基础数据-组织管理-公司主体信息登记-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: CompanyEntity.objects.filter(entity_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @api_view(['GET']) @@ -404,16 +401,18 @@ def pd_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('org_mgnt.delete_primarydepartment') def pd_list_delete(request): """ 基础数据-组织管理-一级部门表-删除 """ - if request.method == 'GET': - id = request.GET.get('id') - PrimaryDepartment.objects.filter(primary_department_id=id).delete() + primary_department_id = request.POST.get('id') + if primary_department_id: + PrimaryDepartment.objects.filter(primary_department_id=primary_department_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('org_mgnt.view_secondarydepartment') @@ -530,13 +529,15 @@ def sd_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('org_mgnt.delete_secondarydepartment') def sd_list_delete(request): """ 基础数据-组织管理-二级部门表-删除 """ - if request.method == 'GET': - secondary_department_id = request.GET.get('secondary_department_id') + secondary_department_id = request.GET.get('id') + if secondary_department_id: SecondaryDepartment.objects.filter(secondary_department_id=secondary_department_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) diff --git a/application/pjt_mgnt/views.py b/application/pjt_mgnt/views.py index 96caf33..fec168d 100644 --- a/application/pjt_mgnt/views.py +++ b/application/pjt_mgnt/views.py @@ -2,6 +2,7 @@ from django.http import JsonResponse, Http404 from django.shortcuts import render from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from application.pjt_mgnt.forms import ProjectLedgerForm, EmployeeProjectIncomeSettlementForm from application.pjt_mgnt.models import * @@ -129,16 +130,18 @@ def proj_ledger_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('pjt_mgnt.delete_projectledger') def proj_ledger_list_delete(request): """ 基础数据-项目管理-项目台账-删除视图 """ - if request.method == 'GET': - project_id = request.GET.get('project_id') + project_id = request.POST.get('id') + if project_id: ProjectLedger.objects.filter(project_id=project_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('pjt_mgnt.view_employeeprojectincome') @@ -260,13 +263,15 @@ def emp_proj_income_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('pjt_mgnt.delete_employeeprojectincome') def emp_proj_income_list_delete(request): """ 基础数据-项目管理-项目组员收入结算表-删除视图 """ - if request.method == 'GET': - record_id = request.GET.get('record_id') + record_id = request.POST.get('id') + if record_id: EmployeeProjectIncomeSettlement.objects.filter(record_id=record_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) diff --git a/application/rsc_mgnt/views.py b/application/rsc_mgnt/views.py index 3c47a61..d052994 100644 --- a/application/rsc_mgnt/views.py +++ b/application/rsc_mgnt/views.py @@ -2,6 +2,7 @@ from django.http import JsonResponse, Http404 from django.shortcuts import render, get_object_or_404 from django.template.loader import render_to_string from django.urls import reverse +from django.views.decorators.http import require_http_methods from rest_framework import status from rest_framework.decorators import api_view, permission_classes from rest_framework.pagination import PageNumberPagination @@ -117,16 +118,18 @@ def cg_cat_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('rsc_mgnt.delete_consumablegoodscategory') def cg_cat_list_delete(request): """ 基础数据-资源管理-消耗品类别管理-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: ConsumableGoodsCategory.objects.filter(category_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('rsc_mgnt.view_consumablegoodsinventory') @@ -228,16 +231,18 @@ def cg_inv_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('rsc_mgnt.delete_consumablegoodsinventory') def cg_inv_list_delete(request): """ 基础数据-资源管理-消耗品库存管理-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: ConsumableGoodsInventory.objects.filter(inventory_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('rsc_mgnt.view_consumablegoodsinventory') @@ -350,16 +355,18 @@ def cmp_phone_reg_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('rsc_mgnt.delete_companymobilephoneusageregistry') def cmp_phone_reg_list_delete(request): """ 基础数据-资源管理-公司手机号使用登记-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: CompanyMobilePhoneUsageRegistry.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('rsc_mgnt.view_businessvehicleusageregistry') @@ -467,16 +474,18 @@ def bv_usage_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('rsc_mgnt.delete_businessvehicleusageregistry') def bv_usage_list_delete(request): """ 基础数据-资源管理-商务车使用登记-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: BusinessVehicleUsageRegistry.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('rsc_mgnt.view_membershipaccountsregistry') @@ -586,16 +595,18 @@ def mem_acc_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('rsc_mgnt.delete_membershipaccountsregistry') def mem_acc_list_delete(request): """ 基础数据-资源管理-会员账号登记-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: MembershipAccountsRegistry.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) @custom_permission_required('rsc_mgnt.view_storedvaluecardregistration') @@ -698,16 +709,18 @@ def svc_reg_list_modify(request): return JsonResponse({"message": "无效的请求方法"}, status=405) +@require_http_methods(["POST"]) @custom_permission_required('rsc_mgnt.delete_storedvaluecardregistration') def svc_reg_list_delete(request): """ 基础数据-资源管理-储值卡登记表-删除 """ - if request.method == 'GET': - target_id = request.GET.get('target_id') + target_id = request.POST.get('id') + if target_id: StoredValueCardRegistration.objects.filter(record_id=target_id).delete() return JsonResponse({"message": "删除成功"}) - return JsonResponse({"message": "无效的请求方法"}, status=405) + else: + return JsonResponse({"message": "请求参数错误"}, status=400) class StandardResultsSetPagination(PageNumberPagination):