from rest_framework.filters import SearchFilter, OrderingFilter from rest_framework.permissions import IsAuthenticated from rest_framework.views import APIView from rest_framework.viewsets import ModelViewSet from rest_framework.response import Response from rest_framework.permissions import IsAuthenticated from rest_framework.decorators import action from rest_framework import status from django_filters.rest_framework import DjangoFilterBackend from openpyxl import Workbook, load_workbook import requests from rest_framework_jwt.serializers import jwt_encode_handler, jwt_payload_handler import json from utils.custom import CommonPagination from rbac.permission import RbacPermission from .models import Company, Consumer from .serializers import CompanySerializer, ConsumerSerializer from server import settings appid = 'wx5c39b569f01c27db' secret = '68762892f8df2b4a0b1940c5250a8dc0' class CompanyViewSet(ModelViewSet): """ 客户企业:增删改查 """ perms_map = ( {'*': 'admin'}, {'*': 'company_all'}, {'get': 'company_list'}, {'post': 'company_create'}, {'put': 'company_update'}, {'delete': 'company_delete'}) queryset = Company.objects.filter(is_delete=0).all() serializer_class = CompanySerializer pagination_class = None #不分页 filter_backends = [DjangoFilterBackend,SearchFilter, OrderingFilter] search_fields = ('^name',) ordering_fields = ('id',) ordering = ['-id'] def check_permissions(self, request): """ Check if the request should be permitted. Raises an appropriate exception if the request is not permitted. """ if request.method == 'GET': pass else: for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( request, message=getattr(permission, 'message', None) ) def destroy(self, request, *args, **kwargs): #逻辑删除 instance = self.get_object() # self.perform_destroy(instance) instance.is_delete = True instance.save() return Response(status=status.HTTP_204_NO_CONTENT) class ConsumerViewSet(ModelViewSet): """ 学员:增删改查 """ perms_map = ( {'*': 'admin'}, {'*': 'consumer_all'}, {'get': 'consumer_list'}, {'post': 'consumer_create'}, {'put': 'consumer_update'}, {'delete': 'consumer_delete'}) queryset = Consumer.objects.filter(is_delete=0).all() serializer_class = ConsumerSerializer pagination_class = CommonPagination ordering_fields = ('id',) ordering = ['id'] filter_backends = [DjangoFilterBackend, SearchFilter, OrderingFilter] filterset_fields = ('is_paid','company') search_fields = ('^name',) def destroy(self, request, *args, **kwargs): #逻辑删除 instance = self.get_object() # self.perform_destroy(instance) instance.is_delete = True instance.save() return Response(status=status.HTTP_204_NO_CONTENT) @action(methods=['post'], detail=False, permission_classes=[IsAuthenticated], url_path='import', url_name='import_consumer') def import_consumer(self, request): """ 导入用户 """ xlsxpath = request.data['path'] fullpath = settings.BASE_DIR + xlsxpath wb = load_workbook(fullpath) sheet = wb.worksheets[0] # 验证文件内容 if sheet['a2'].value != '姓名': return Response({"error":"姓名列错误!"}) if sheet['b2'].value != '账户(微信绑定的手机号)': return Response({"error":"账户列错误!"}) if sheet['c2'].value != '单位': return Response({"error":"单位列错误!"}) companydict = {} consumerdict = {} companys = Company.objects.filter(is_delete=0) for i in companys: companydict[i.name] = i.id i = 3 while sheet['B'+str(i)].value: name = sheet['A'+str(i)].value if name: name = name.replace(' ', '') username = sheet['B'+str(i)].value if username: username = str(username).replace(' ', '') companyname = sheet['C'+str(i)].value if companyname: companyname = companyname.replace(' ', '') if companyname not in companydict: return Response({"error":"不存在单位("+companyname+")!请先新建"}) else: companyobj = Company.objects.get(id=companydict[companyname]) if Consumer.objects.filter(username = username).exists(): consumerdict[username]=i else: obj = Consumer() obj.name = name obj.username = username obj.company = companyobj obj.is_paid = True obj.save() i = i + 1 if consumerdict: return {"code":206,"data":consumerdict,"msg":"导入部分成功"} else: return Response(status=status.HTTP_200_OK) class ConsumerMPLoginView(APIView): """ 小程序登陆颁发token """ authentication_classes=() permission_classes=() def post(self, request, *args, **kwargs): code = request.data['code'] info = requests.get('https://api.weixin.qq.com/sns/jscode2session?appid='+appid+'&secret='+secret+'&js_code=' + code+'&grant_type=authorization_code').content.decode('utf-8') info = json.loads(info) openid = info['openid'] session_key = info['session_key'] try: consumer = Consumer.objects.get(openid = openid) serializer = ConsumerSerializer(instance=consumer) except: return Response("匿名用户",status=status.HTTP_401_UNAUTHORIZED) payload = jwt_payload_handler(consumer) token = jwt_encode_handler(payload) return Response({"token":token,"session_key":session_key, "openid":openid, "userinfo":serializer.data}) class ConsumerLogoutView(APIView): authentication_classes = () permission_classes = () def get(self, request, *args, **kwargs): return Response(status=status.HTTP_200_OK)