diff --git a/mysite/settings.py b/mysite/settings.py
index f6d1e1e9..5c9618d6 100644
--- a/mysite/settings.py
+++ b/mysite/settings.py
@@ -145,7 +145,7 @@ CELERY_TIMEZONE='Asia/Shanghai'
 CELERY_ENABLE_UTC=True
 
 ##配置session
-SESSION_EXPIRE_AT_BROWSER_CLOSE =  True
+#SESSION_EXPIRE_AT_BROWSER_CLOSE =  True
 SESSION_COOKIE_AGE = 1800
 SESSION_SAVE_EVERY_REQUEST = True
 
diff --git a/safesite/templates/abdrill.html b/safesite/templates/abdrill.html
index 3a059c9f..ede12494 100644
--- a/safesite/templates/abdrill.html
+++ b/safesite/templates/abdrill.html
@@ -90,7 +90,7 @@
                     required=true>
             </div>
             <div id="filediv" style="margin-bottom:5px;display:none">
-                <label>相关资料: </label><input type="file" id="file" name="" accept="*" style="margin-left: 20px" />
+                <label>相关资料: </label><input type="file" id="file" name="" accept="image/*,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.zip" style="margin-left: 20px" />
                 <span id='ps' style="display:none">
                     <input type="button" onclick="cancleUploadFile()" value="取消" />
                     <progress id="progressBar" value="0" max="100" style="width: 100px;"></progress>
diff --git a/safesite/templates/abtrain.html b/safesite/templates/abtrain.html
index cc5dd2df..0e0a3b00 100644
--- a/safesite/templates/abtrain.html
+++ b/safesite/templates/abtrain.html
@@ -70,7 +70,7 @@
                 <input id="examtest" name="examtest" class="easyui-combobox" style="width:480px;" editable=false data-options="label:'关联考试',url:'api/examtest?a=listtrain'">
             </div>
             <div id='filediv' style="margin-bottom:5px;">
-                <label>相关资料 </label><input type="file" id="file" name="" accept="*" style="margin-left: 20px" />
+                <label>相关资料 </label><input type="file" id="file" name="" accept="image/*,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.zip" style="margin-left: 20px" />
                 <span id='ps' style="display:none">
                     <input type="button" onclick="cancleUploadFile()" value="取消" />
                     <progress id="progressBar" value="0" max="100" style="width: 100px;"></progress>
diff --git a/safesite/templates/noticeadd.html b/safesite/templates/noticeadd.html
index 26558993..38e67f2c 100644
--- a/safesite/templates/noticeadd.html
+++ b/safesite/templates/noticeadd.html
@@ -29,7 +29,7 @@
             </div>
             <div style="margin-top:10px;margin-bottom:5px">
                 <label class='labeldiv'>附件</label>
-                <input type="file" id="file" name="" accept="*" style="margin-left: 20px" />
+                <input type="file" id="file" name="" accept="image/*,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.zip" style="margin-left: 20px" />
                 <span id='ps' style="display:none">
                     <input type="button" onclick="cancleUploadFile()" value="取消" />
                     <progress id="progressBar" value="0" max="100" style="width: 100px;"></progress>
diff --git a/safesite/views.py b/safesite/views.py
index df2d9e36..f835d1d7 100644
--- a/safesite/views.py
+++ b/safesite/views.py
@@ -67,8 +67,10 @@ def getcompany(x):
         return str(a.ubelongpart.partid)
     else:
         return a.ubelongpart.partlink.split(',')[1]
+
 def getparts(partid):#获取该部门及下属部门
     return Partment.objects.filter(Q(partid=partid) | Q(partlink__contains=',' + str(partid) + ','))
+
 #转换为datagrid所用json
 def transjson(total, obj):
     a = {'total':total,'rows':list(obj),'code':1}
@@ -76,6 +78,7 @@ def transjson(total, obj):
     return jsondata
 def transjson2(v):
     return json.dumps(list(v), cls=DjangoJSONEncoder)
+
 #转换为combobox所用string
 def transstr(obj,str1,str2):
     keylist = []
@@ -85,206 +88,22 @@ def transstr(obj,str1,str2):
     keystr = '['+','.join(keylist)+']'
     return keystr
 
-#html页面
-def riskas(req):
-    return render(req,'riskas.html')
-def reportedit(req):
-    return render(req,'reportedit.html',{'year':req.GET.get('year'),'month':req.GET.get('month'),'part':req.GET.get('part')})
-def riskedit(req,id):
-    return render(req,'riskedit.html',{'id':id})
-def riskcheck(req):#风险点排查记录
-    return render(req,'riskactcheck.html')
-def taskdo(req):
-    return render(req,'taskdo.html')
-def task(req):
-    return render(req,'task.html')
-def riskactchose(req):
-    area = 0
-    if req.GET.get('area',None):
-        area = req.GET.get('area')
-    return render(req,'riskactchose.html',locals())
-def riskactedit(req,id):
-    return render(req,'riskactedit.html',{'id':id})
-def riskactadd(req):
-    return render(req,'riskactadd.html')
-def riskadd(req,id):
-    return render(req,'riskadd.html',{'id':id})
-def risk(req):
-    return render(req,'risk.html')
-def inspect(req):
-    return render(req,'inspect.html')
-def equipment(req):
-    return render(req,'equipment.html')
-def areaedit(req,id):
-    return render(req,'areaedit.html',{'id':id})
-def areaadd(req):
-    return render(req,'areaadd.html')
-def areadetail(req):
-    id = req.GET.get('id')
-    return render(req,'areadetail.html',{'id':id})
-def mapshow(req):
-    return render(req,'mapshow.html')
-def area(req):
-    return render(req,'area.html')
-def personaltrain(req):
-    return render(req,'personaltrain.html')
-def examtest(req):
-    return render(req,'examtest.html')
-def safecert(req):
-    return render(req,'safecert.html')
-def safecertadd(req):
-    return render(req,'safecertadd.html')
-def examtestdetail(req,id):
-    return render(req,'examtestdetail.html',{'id':id})
-def examtestadd(req):
-    return render(req,'examtestadd.html')
-def examtestadd2(req):
-    return render(req,'examtestadd2.html')
-def questionchoose(req):
-    return render(req,'questionchoose.html')
-def exampaperedit(req,id):
-    return render(req,'exampaperedit.html',{'id':id})
-def exampaperadd(req):
-    return render(req,'exampaperadd.html')
-def exampaper(req):
-    return render(req,'exampaper.html')
-def examhistory(req,id):
-    return render(req,'examhistory.html',{'id':id})
-def questionadd(req):
-    return render(req,'questionadd.html')
-def questionadd2(req):
-    return render(req,'questionadd2.html')
-def questionadd3(req):
-    return render(req,'questionadd3.html')
-def questionedit(req,id):
-    obj = Question.objects.get(id=id)
-    if obj.type==1:
-        return render(req,'questionedit.html',{'id':id})
-    elif obj.type==2:
-        return render(req,'questionedit2.html',{'id':id})
-    elif obj.type==3:
-        return render(req,'questionedit3.html',{'id':id})
-def question(req):
-    return render(req,'question.html')
-def questioncatadd(req):
-    return render(req,'questioncatadd.html')
-def questioncatedit(req,id):
-    return render(req,'questioncatedit.html',{'id':id})
-def operationspjdadd(req):
-    return render(req,'operationspjdadd.html')
-def fxcsadd(req):
-    return render(req,'fxcsadd.html')
-def operationadd(req,zyid):
-    return render(req,'operationadd.html',{'zyid':zyid})
-def operationdetail(req,zyid):
-    return render(req,'operationdetail.html',{'zyid':zyid})
-def operation(req):
-    return render(req,'operation.html')
-def zuoyepeizhi(req):
-    return render(req,'zuoyepeizhi.html')
-def notice(req):
-    return render(req,'notice.html')
-def noticeadd(req):
-    return render(req,'noticeadd.html')
-def noticedetail(req,id):
-    return render(req,'noticedetail.html',{'id':id})
-def noticeedit(req,id):
-    return render(req,'noticeedit.html',{'id':id})
-def suggestupdate(req,jyid):
-    return render(req,'suggestupdate.html',{'jyid':jyid})
-def suggestdetail(req,jyid):
-    return render(req,'suggestdetail.html',{'jyid':jyid})
-def suggestadd(req):
-    return render(req,'suggestadd.html')
-def suggest(req):
-    return render(req,'suggest.html')
-def medetail(req):
-    return render(req,'medetail.html')
-def socerthtml(req):
-    return render(req,'socert.html')
-def socertadd(req):
-    return render(req,'socertadd.html')
-def rightshtml(req):
-    groupid = req.GET.get('groupid')
-    return render(req,'rights.html',{'groupid':groupid})
-def misshtml(req):
-    return render(req,'miss.html')
-def missadd(req):
-    return render(req,'missadd.html')
-def missdetail(req,missid):
-    return render(req,'missdetail.html',{'missid':missid})
-def troublehtml(req):
-    return render(req,'trouble.html')
-def observehtml(req):
-    return render(req,'observe.html')
-def addobserve(req):
-    return render(req,'addobserve.html')
-def accesstrouble(req):
-    return render(req,'accesstrouble.html')
-def addtrouble(req):
-    return render(req,'addtrouble.html')
-def dichtml(req):
-    return render(req,'dichtml.html')
-def putreehtml(req):
-    return render(req,'putree.html')
-def usergroup(req):
-    return render(req,'usergroup.html')
-def getuserf(req):
-    return render(req,'getuser.html')
-def getusersf(req):
-    return render(req,'getusers.html')
-def trainhtml(req):
-    return render(req,'train.html')
-def abtrain(req):
-    return render(req,'abtrain.html')
-def drillhtml(req):
-    return render(req,'drill.html')
-def abdrill(req):
-    return render(req,'abdrill.html')
-def reporthtml(req):
-    return render(req,'report.html')
-def troubleashtml(req):
-    return render(req,'troubleashtml.html')
-def userhtml(req):
-    return render(req,'userhtml.html')
-def bhrhtml(req):
-    return render(req,'behavior.html')
-def trainfigure(req):
-    return render(req,'trainfigure.html')
-def equipmentfigure(req):
-    return render(req,'equipmentfigure.html')
-
-
 def check_login(func):
     def warpper(request,*args,**kwargs):
         is_login = request.session.get('userid', None)
         if is_login:
             return func(request,*args,**kwargs)
         else:
-            return HttpResponse(status=405)
-            # try:
-            #     auth = request.META.get('HTTP_AUTHORIZATION').split()
-            #     # 用户通过 API 获取数据验证流程
-            #     if auth[0].lower() == 'token':
-            #         try:
-            #             dict = jwt.decode(auth[1], 'safeyun', algorithms=['HS256'])
-            #             userid = dict.get('data').get('userid')
-            #         except jwt.ExpiredSignatureError:
-            #             return JsonResponse({"status_code": 401, "message": "Token expired"})
-            #         except jwt.InvalidTokenError:
-            #             return JsonResponse({"status_code": 401, "message": "Invalid token"})
-            #         except Exception as e:
-            #             return JsonResponse({"status_code": 401, "message": "Can not get user object"})
-            #         try:
-            #             user = User.objects.get(userid=userid)
-            #         except user.DoesNotExist:
-            #             return JsonResponse({"status_code": 401, "message": "User Does not exist"})
-            #     else:
-            #         return JsonResponse({"status_code": 401, "message": "Not support auth type"})
-            # except AttributeError:
-            #     return JsonResponse({"code": 401, "message": "No authenticate header"})
-            # except:
-            #     return JsonResponse({"code": 401, "message": "please login!"})
+            return redirect('login')
+    return warpper
+
+def apicheck_login(func):
+    def warpper(request,*args,**kwargs):
+        is_login = request.session.get('userid', None)
+        if is_login:
+            return func(request,*args,**kwargs)
+        else:
+            return JsonResponse({'code':0,'msg':'login required'})
     return warpper
 
 def check_session(req):
@@ -292,6 +111,7 @@ def check_session(req):
         return JsonResponse({"code":1})
     else:
         return JsonResponse({"code":0})
+
 #存储文件
 def upfile(req):
     username = User.objects.get(userid=req.session['userid']).username
@@ -305,10 +125,275 @@ def upfile(req):
         f.write(req.FILES['upfile'].read())
     return JsonResponse({"code":1,"filename":file_name,"filepath":filepath})
 
+#html页面
+@check_login
+def riskas(req):
+    return render(req,'riskas.html')
+@check_login
+def reportedit(req):
+    return render(req,'reportedit.html',{'year':req.GET.get('year'),'month':req.GET.get('month'),'part':req.GET.get('part')})
+@check_login
+def riskedit(req,id):
+    return render(req,'riskedit.html',{'id':id})
+@check_login
+def riskcheck(req):#风险点排查记录
+    return render(req,'riskactcheck.html')
+@check_login
+def taskdo(req):
+    return render(req,'taskdo.html')
+@check_login
+def task(req):
+    return render(req,'task.html')
+@check_login
+def riskactchose(req):
+    area = 0
+    if req.GET.get('area',None):
+        area = req.GET.get('area')
+    return render(req,'riskactchose.html',locals())
+@check_login
+def riskactedit(req,id):
+    return render(req,'riskactedit.html',{'id':id})
+@check_login
+def riskactadd(req):
+    return render(req,'riskactadd.html')
+@check_login
+def riskadd(req,id):
+    return render(req,'riskadd.html',{'id':id})
+@check_login
+def risk(req):
+    return render(req,'risk.html')
+@check_login
+def inspect(req):
+    return render(req,'inspect.html')
+@check_login
+def equipment(req):
+    return render(req,'equipment.html')
+@check_login
+def areaedit(req,id):
+    return render(req,'areaedit.html',{'id':id})
+@check_login
+def areaadd(req):
+    return render(req,'areaadd.html')
+@check_login
+def areadetail(req):
+    id = req.GET.get('id')
+    return render(req,'areadetail.html',{'id':id})
+@check_login
+def mapshow(req):
+    return render(req,'mapshow.html')
+@check_login
+def area(req):
+    return render(req,'area.html')
+@check_login
+def personaltrain(req):
+    return render(req,'personaltrain.html')
+@check_login
+def examtest(req):
+    return render(req,'examtest.html')
+@check_login
+def safecert(req):
+    return render(req,'safecert.html')
+@check_login
+def safecertadd(req):
+    return render(req,'safecertadd.html')
+@check_login
+def examtestdetail(req,id):
+    return render(req,'examtestdetail.html',{'id':id})
+@check_login
+def examtestadd(req):
+    return render(req,'examtestadd.html')
+@check_login    
+def examtestadd2(req):
+    return render(req,'examtestadd2.html')
+@check_login
+def questionchoose(req):
+    return render(req,'questionchoose.html')
+@check_login
+def exampaperedit(req,id):
+    return render(req,'exampaperedit.html',{'id':id})
+@check_login
+def exampaperadd(req):
+    return render(req,'exampaperadd.html')
+@check_login
+def exampaper(req):
+    return render(req,'exampaper.html')
+@check_login
+def examhistory(req,id):
+    return render(req,'examhistory.html',{'id':id})
+@check_login
+def questionadd(req):
+    return render(req,'questionadd.html')
+@check_login
+def questionadd2(req):
+    return render(req,'questionadd2.html')
+@check_login
+def questionadd3(req):
+    return render(req,'questionadd3.html')
+@check_login
+def questionedit(req,id):
+    obj = Question.objects.get(id=id)
+    if obj.type==1:
+        return render(req,'questionedit.html',{'id':id})
+    elif obj.type==2:
+        return render(req,'questionedit2.html',{'id':id})
+    elif obj.type==3:
+        return render(req,'questionedit3.html',{'id':id})
+@check_login
+def question(req):
+    return render(req,'question.html')
+@check_login
+def questioncatadd(req):
+    return render(req,'questioncatadd.html')
+@check_login
+def questioncatedit(req,id):
+    return render(req,'questioncatedit.html',{'id':id})
+@check_login
+def operationspjdadd(req):
+    return render(req,'operationspjdadd.html')
+@check_login
+def fxcsadd(req):
+    return render(req,'fxcsadd.html')
+@check_login
+def operationadd(req,zyid):
+    return render(req,'operationadd.html',{'zyid':zyid})
+@check_login
+def operationdetail(req,zyid):
+    return render(req,'operationdetail.html',{'zyid':zyid})
+@check_login
+def operation(req):
+    return render(req,'operation.html')
+@check_login
+def zuoyepeizhi(req):
+    return render(req,'zuoyepeizhi.html')
+@check_login
+def notice(req):
+    return render(req,'notice.html')
+@check_login
+def noticeadd(req):
+    return render(req,'noticeadd.html')
+@check_login
+def noticedetail(req,id):
+    return render(req,'noticedetail.html',{'id':id})
+@check_login
+def noticeedit(req,id):
+    return render(req,'noticeedit.html',{'id':id})
+@check_login
+def suggestupdate(req,jyid):
+    return render(req,'suggestupdate.html',{'jyid':jyid})
+@check_login
+def suggestdetail(req,jyid):
+    return render(req,'suggestdetail.html',{'jyid':jyid})
+@check_login
+def suggestadd(req):
+    return render(req,'suggestadd.html')
+@check_login
+def suggest(req):
+    return render(req,'suggest.html')
+@check_login
+def medetail(req):
+    return render(req,'medetail.html')
+@check_login
+def socerthtml(req):
+    return render(req,'socert.html')
+@check_login
+def socertadd(req):
+    return render(req,'socertadd.html')
+@check_login
+def rightshtml(req):
+    groupid = req.GET.get('groupid')
+    return render(req,'rights.html',{'groupid':groupid})
+@check_login
+def misshtml(req):
+    return render(req,'miss.html')
+@check_login
+def missadd(req):
+    return render(req,'missadd.html')
+@check_login
+def missdetail(req,missid):
+    return render(req,'missdetail.html',{'missid':missid})
+@check_login
+def troublehtml(req):
+    return render(req,'trouble.html')
+@check_login
+def observehtml(req):
+    return render(req,'observe.html')
+@check_login
+def addobserve(req):
+    return render(req,'addobserve.html')
+@check_login
+def accesstrouble(req):
+    return render(req,'accesstrouble.html')
+@check_login
+def addtrouble(req):
+    return render(req,'addtrouble.html')
+@check_login
+def dichtml(req):
+    return render(req,'dichtml.html')
+@check_login
+def putreehtml(req):
+    return render(req,'putree.html')
+@check_login
+def usergroup(req):
+    return render(req,'usergroup.html')
+@check_login
+def getuserf(req):
+    return render(req,'getuser.html')
+@check_login
+def getusersf(req):
+    return render(req,'getusers.html')
+@check_login
+def trainhtml(req):
+    return render(req,'train.html')
+@check_login
+def abtrain(req):
+    return render(req,'abtrain.html')
+@check_login
+def drillhtml(req):
+    return render(req,'drill.html')
+@check_login
+def abdrill(req):
+    return render(req,'abdrill.html')
+@check_login
+def reporthtml(req):
+    return render(req,'report.html')
+@check_login
+def troubleashtml(req):
+    return render(req,'troubleashtml.html')
+@check_login
+def userhtml(req):
+    return render(req,'userhtml.html')
+@check_login
+def bhrhtml(req):
+    return render(req,'behavior.html')
+@check_login
+def trainfigure(req):
+    return render(req,'trainfigure.html')
+@check_login
+def equipmentfigure(req):
+    return render(req,'equipmentfigure.html')
+@check_login
+def mainhtml(req):
+    #计算一些数据
+    userid = req.session['userid']
+    companyid = getcompany(userid)
+    first_day,first_day_of_next_month=gettime()
+    #查询
+    a = Trouble.objects.filter(usecomp__partid=companyid,deletemark=1)
+    totalyh = a.count()
+    monthyh = a.filter(fxsj__range=(first_day, first_day_of_next_month)).count()
+    yhnum = a.filter(todouser__userid=userid).count()
+    b = Train.objects.filter(usecomp__partid=companyid,deletemark=1)
+    pxnum = b.filter(state=0,submituser__userid=userid).count()
+    totalpx = b.count()
+    monthpx = b.filter(starttime__range=(first_day, first_day_of_next_month)).count()
+    c = Drill.objects.filter(usecomp__partid=companyid,deletemark=1)
+    totalyl=c.count()
+    ylnum =c.filter(state=0,submituser__userid=userid).count()
+    monthyl=c.filter(starttime__range=(first_day, first_day_of_next_month)).count()
+    return render(req,'main.html',{'yhnum':yhnum,'totalyh':totalyh,'monthyh':monthyh,'pxnum':pxnum,'totalpx':totalpx,'monthpx':monthpx,'ylnum':ylnum,'totalyl':totalyl,'monthyl':monthyl})
 def login(req):
     if req.session.get('userid', None):
         return redirect('index')
-
     if req.method == 'POST':
         user_form = UserForm(req.POST)
         if user_form.is_valid():
@@ -332,7 +417,6 @@ def login(req):
         user_form = UserForm()
         return render(req,'login.html', locals())
 
-
 def index(req):
     if not req.session.get('userid', None):
         return redirect('login')
@@ -345,22 +429,14 @@ def index(req):
     nickname=user.nickname
     issuper = user.issuper
     return render(req, 'index.html',{'username':name,'userid':userid,'openid':openid,'headimgurl':headimgurl,'nickname':nickname,'companyname':companyname,'issuper':issuper,'token':user.token})
-
 def logout(req):
-    #清理cookie里保存username
-    #del req.session['username']
-    # if "userid" in req.session:
-    #     del req.session['userid']
     if req.session.get('userid',None):
         logger.info('method: %s user: %s 登出' % (req.method,req.session['userid']))
         req.session.flush()
-    #req.session.flush()
-    #req.session.delete("session_key")
     return redirect('login')
 
-@check_login
+
 def changepwd(req):
-#if 'userid' in req.session:
     userid = req.session['userid']
     oldpassword = req.POST.get('oldpassword')
     newpassword = req.POST.get('newpassword')
@@ -374,27 +450,6 @@ def changepwd(req):
     else:
         return JsonResponse({"code":2})
 
-@check_login
-def mainhtml(req):
-    #计算一些数据
-    userid = req.session['userid']
-    companyid = getcompany(userid)
-    first_day,first_day_of_next_month=gettime()
-    #查询
-    a = Trouble.objects.filter(usecomp__partid=companyid,deletemark=1)
-    totalyh = a.count()
-    monthyh = a.filter(fxsj__range=(first_day, first_day_of_next_month)).count()
-    yhnum = a.filter(todouser__userid=userid).count()
-    b = Train.objects.filter(usecomp__partid=companyid,deletemark=1)
-    pxnum = b.filter(state=0,submituser__userid=userid).count()
-    totalpx = b.count()
-    monthpx = b.filter(starttime__range=(first_day, first_day_of_next_month)).count()
-    c = Drill.objects.filter(usecomp__partid=companyid,deletemark=1)
-    totalyl=c.count()
-    ylnum =c.filter(state=0,submituser__userid=userid).count()
-    monthyl=c.filter(starttime__range=(first_day, first_day_of_next_month)).count()
-    return render(req,'main.html',{'yhnum':yhnum,'totalyh':totalyh,'monthyh':monthyh,'pxnum':pxnum,'totalpx':totalpx,'monthpx':monthpx,'ylnum':ylnum,'totalyl':totalyl,'monthyl':monthyl})
-
 def mainapi(req):
     #计算一些数据
     userid = req.session['userid']
@@ -566,7 +621,7 @@ def getsprs_ubp2(userid,ubp):
     else:
         return False
 
-@check_login
+
 def menutree(req):
     userid = req.session['userid']
     if User.objects.get(userid=userid).issuper == 1:#如果是超管
@@ -583,7 +638,7 @@ def menutree(req):
     menus = Menu.objects.exclude(menuid__in=[11,9]).filter(menuid__in=list(filter(None,list(set(list1)))),deletemark=1).order_by('sortnum').values('menuid','menucode','parentid','url','menuname','icon').distinct()
     return HttpResponse(json.dumps(list(menus)),content_type="application/json")
 
-@check_login
+
 def apirights(req):
     a = req.GET.get('a')
     if a=='detail':
@@ -3138,41 +3193,45 @@ def importusers(req):
     drusers(companyid)
     return JsonResponse({"code":1})
 
+@apicheck_login
 def apicompany(req):
-    a = req.GET.get('a')
-    menurights = '11,1,2,3,4,5,6,7,8,9,10,12,13,15,16,17,18,19,20,21,22,23,24,28,29,32,36,46,47,48,50'#菜单编码
-    if a=='add':
-        admin = req.GET.get('admin')
-        company = req.GET.get('company')
-        y = Partment()
-        if Partment.objects.filter(partname=company).exists():
-            return JsonResponse({'code':0})
-        else:
-            y.partname = company
-            y.partlink = ','
-            y.iscompany = 1
-            y.save()
-            x = User()
-            x.username = admin
-            x.name = '超级管理员'
-            x.password = 'Aq123456'
-            x.epassword = make_password('Aq123456')
-            x.issuper = 1
-            x.ubelongpart = y
-            x.usecomp = y
-            x.save()
-            y.bmzg = ','+str(x.userid)+','
-            y.save()
-            part = Partment.objects.get(partid=y.partid)
-            Group.objects.create(groupname='超管',grouptype=0,usecomp=part,menulink=menurights)
-            Group.objects.create(groupname='安全员',grouptype=1,usecomp=part,menulink=menurights)
-            Group.objects.create(groupname='全体用户',grouptype=3,usecomp=part,menulink=menurights)
-            z = Group(groupname='主管',grouptype=2,usecomp=part,menulink=menurights)
-            z.save()
-            z.users.add(x)
-            Yjsetup.objects.create(monthyhavg=100,safev=50,warnv=75,alertv=100,maxv=200,yhpgqz=4,yhdjqz=4,yhsblqz=1,yhzglqz=4,pxdjqz=3,pxxgqz=4,yldjqz=3,ylxgqz=3,usecomp=y)
-            Map.objects.create(name='默认地图',pic='/static/safesite/mystatic/images/snc.jpg',usecomp=y,default=1)
-            return JsonResponse({'code':1,'companyid':y.partid})
+    if int(request.session.get('userid'))==8:
+        a = req.GET.get('a')
+        menurights = '11,1,2,3,4,5,6,7,8,9,10,12,13,15,16,17,18,19,20,21,22,23,24,28,29,32,36,46,47,48,50'#菜单编码
+        if a=='add':
+            admin = req.GET.get('admin')
+            company = req.GET.get('company')
+            y = Partment()
+            if Partment.objects.filter(partname=company).exists():
+                return JsonResponse({'code':0})
+            else:
+                y.partname = company
+                y.partlink = ','
+                y.iscompany = 1
+                y.save()
+                x = User()
+                x.username = admin
+                x.name = '超级管理员'
+                x.password = 'Aq123456'
+                x.epassword = make_password('Aq123456')
+                x.issuper = 1
+                x.ubelongpart = y
+                x.usecomp = y
+                x.save()
+                y.bmzg = ','+str(x.userid)+','
+                y.save()
+                part = Partment.objects.get(partid=y.partid)
+                Group.objects.create(groupname='超管',grouptype=0,usecomp=part,menulink=menurights)
+                Group.objects.create(groupname='安全员',grouptype=1,usecomp=part,menulink=menurights)
+                Group.objects.create(groupname='全体用户',grouptype=3,usecomp=part,menulink=menurights)
+                z = Group(groupname='主管',grouptype=2,usecomp=part,menulink=menurights)
+                z.save()
+                z.users.add(x)
+                Yjsetup.objects.create(monthyhavg=100,safev=50,warnv=75,alertv=100,maxv=200,yhpgqz=4,yhdjqz=4,yhsblqz=1,yhzglqz=4,pxdjqz=3,pxxgqz=4,yldjqz=3,ylxgqz=3,usecomp=y)
+                Map.objects.create(name='默认地图',pic='/static/safesite/mystatic/images/snc.jpg',usecomp=y,default=1)
+                return JsonResponse({'code':1,'companyid':y.partid})
+    else:
+        return JsonResponse({'code':0,'msg':'no right!'})
 
 def drapi(req):
     a = req.GET.get('a')
@@ -3934,6 +3993,7 @@ def apisuggest(req):
 
 #特别操作
 def apitool(req):
+    is_login = request.session.get('userid', None)
     a = req.GET.get('a')
     if a == 'updatecompany':
         for i in User.objects.all():
@@ -4096,7 +4156,7 @@ def apitool(req):
                 print(i.partname+'---加入supergroup')
         return JsonResponse({"code":1})
     elif a == 'correct_password':
-        for i in User.objects.all():
+        for i in User.objects.exclude(epassword=None):
             i.epassword = make_password(i.password)
             i.save()
         return JsonResponse({"code":1})
@@ -4334,6 +4394,7 @@ def apioperation(req):
         postdict={
         'touser':'',
         'template_id':'lOuwSE67vZC3ZVFYPZvz2eb7JdFxqx7ysMFkXrYmYh0',
+        "miniprogram":{"appid":"wx5c39b569f01c27db"},
         'data':{
             'first':{
                 'value':obj.zylx.dickeyname + '作业通知:'
@@ -4443,6 +4504,7 @@ def apioperation(req):
                 postdict={
                 'touser':'',
                 'template_id':User.objects.get(userid=i).openid,
+                "miniprogram":{"appid":"wx5c39b569f01c27db"},
                 'data':{
                     'first':{
                         'value':obj.zylx.dickeyname + '作业审批:'
@@ -4472,7 +4534,7 @@ def apioperation(req):
         oldjdmc = obj.zyzt['jdmc']
         nextindex =  obj.zyzt['index']+1
         spruser = User.objects.get(userid=userid)
-        if 'zzsp' in data:
+        if 'zzsp' in data:#关闭审批
             obj.zyzt['zyzt'] = '待关闭'
             obj.todouser = obj.zyfzr
             obj.todousers = None
@@ -4481,6 +4543,7 @@ def apioperation(req):
             postdict={
             'touser':'',
             'template_id':obj.zyfzr.openid,
+            "miniprogram":{"appid":"wx5c39b569f01c27db"},
             'data':{
                 'first':{
                     'value':obj.zylx.dickeyname + '作业审批通过:'
@@ -4501,7 +4564,7 @@ def apioperation(req):
             }
             send_wechatmsg.delay(postdict)
             return JsonResponse({"code":1})
-        if 'zjsp' in data:
+        if 'zjsp' in data:#转交审批
             newsprs = data['newsprs']#新审批人
             obj.todousers = newsprs
             obj.save()
@@ -4509,6 +4572,7 @@ def apioperation(req):
                 postdict={
                 'touser':'',
                 'template_id':User.objects.get(userid=i).openid,
+                "miniprogram":{"appid":"wx5c39b569f01c27db"},
                 'data':{
                     'first':{
                         'value':obj.zylx.dickeyname + '作业审批:'
@@ -4541,6 +4605,7 @@ def apioperation(req):
                 postdict={
                 'touser':'',
                 'template_id':User.objects.get(userid=i).openid,
+                "miniprogram":{"appid":"wx5c39b569f01c27db"},
                 'data':{
                     'first':{
                         'value':obj.zylx.dickeyname + '作业审批:'
@@ -4571,6 +4636,7 @@ def apioperation(req):
             postdict={
             'touser':'',
             'template_id':obj.zyfzr.openid,
+            "miniprogram":{"appid":"wx5c39b569f01c27db"},
             'data':{
                 'first':{
                     'value':obj.zylx.dickeyname + '作业审批通过:'
@@ -4624,15 +4690,7 @@ def apioperation(req):
             return JsonResponse({"code":1})
         else:
             return JsonResponse({"code":0})
-    # elif a == 'splcdetail':
-    #     zylx = req.GET.get('zylx')
-    #     userid = req.session['userid']
-    #     company = User.objects.get(userid=userid).usecomp
-    #     objs = Operationspjd.objects.get(zylx=Dickey.objects.get(dickeyid=zylx),usecomp=company)
-    #     str='作业部门主管——属地部门主管'
-    #     for i in objs:
-    #         str = str + '——' + i.jdmc
-    #     return JsonResponse({"code":1,"splcdetail":str})
+
 
 def apioperationsetting(req):
     a = req.GET.get('a')