权限二期
需求
全局
1.1 排查无效权限,无权限的页面或按钮不可见
方案:前端根据后端提供用户当前权限隐藏权限页面入口
admin
2.1 增加应用登录限制 对station设置可登陆采购app的上限
方案:给station添加新字段记录登录上限
2.2 全局的权限需要排序功能以及权限管理中的UI调整
方案:给权限表添加新的字段用于排序
station
用户管理
3.1 拓展用户类型字段:管理员/普通用户/供应商
方案:给auth_user添加新字段 用于记录用户类型
3.2 用户:查看用户的已有权限合集的功能
方案:修改已有接口复用
采购员
4.1 采购员账号独立,采购员账号不能再登录station
方案:新建采购员表,参照司机app做
4.2 修改编辑逻辑,仅修改业务信息
供应商
5.1 去掉原创建账号功能
5.2 修改编辑逻辑,仅修改业务信息
采购APP登录
6.1 取消登录只能通过手机号登录的限制
6.2 校验是否可以登录
接口(联调)
采购App
新增 /purchase_assistant/login 采购app登录
替代 /station/login
Method POST
request:
username str M
password str M
新增 /purchase_assistant/logout 采购app登出
Method POST
替代 /station/logout
request: 无
新增 /purchase_assistant/service_time 采购app获取站点服务时间
Method GET
替代 /station/service_time
新增 /purchase_assistant/purchase_sheet/create
Method POST
替代 /station/task/purchase/create_sheet
新增 /purchase_assistant/purchase_sheet/details
Method GET
替代 /station/stock/purchase_sheet/details
新增 /purchase_assistant/purchase_sheet/submit
Method POST
替代 /station/stock/purchase_sheet/submit
新增 /purchase_assistant/finish_task
Method POST
替代 /station/task/purchase/finish_task
新增 /purchase_assistant/settle_supplier/supply_sku
Method GET
替代 /station/stock/settle_supplier/supply_sku
Admin
修改 /station/create 新建station
Method: POST
添加一个 purchase_app_limit 字段, 为对应的station 可登录采购app的采购员账号数
request:
[新增] "purchase_app_limit" O int 可登陆app数
name: xth新站点
partner_id: 1
role:
distribute_cities: ["440300"]
description:
receiver_phone: 18879140881
receiver_name: 阿萨德
receive_begin_time: 00:00
receive_end_time: 23:30
address: 阿萨德
is_valid: 1
stock_method: 1
enable_pay_info: 0
pay_info_id: PAY0650
wechat_pay_info: {"appid":"","appsecret":"","mch_id":"","key":""}
enable_customized: 0
customized_info_id: gm
customized_info: {"cms_key":"","appid":"","appsecret":""}
permission_ids: [64,65,66]
station_type_id: 0
response[不变]
修改 /station/update 更新station
Method: POST
添加一个 提交字段 purchase_app_limit , 为对应的station 可登录采购app的采购员账号数
request:
[新增] purchase_app_limit O int 可登陆app数
wechat_pay_info: {}
description:
customized_info: {"appsecret":"d4fbdce4fe3efbfbd6506d64896cf111","id":"5a3a061122139365f741143b","appid":"wx4b71f3d3b055bdee","cms_key":"xjxc01"}
enable_customized: 1
receiver_phone: 15886534577
station_type_id: 0
receiver_name: xjxc01
permission_ids: [64,65,66]
receive_begin_time: 10:30
distribute_cities: ["440300"]
partner_id: 428
address: lamia
receive_end_time: 16:00
sms_signature: 先进先出01
pay_key: xjxc01
id: T10001
enable_pay_info: 0
stock_method: 2
partner_name: 先进先出测试Group
customized_info_id: xjxc01
name: 先进先出01
is_valid: 1
response[不变]
修改 /station/detail station详情
Method: GET
response 添加一个 purchase_app_limit 字段, 为对应的station 可登录采购app的采购员账号数
request:
station_id M
response:
{
"code": 0,
"msg": "ok",
"data": {
[新增] "purchase_app_limit" O int
"wechat_pay_info": {},
"description": "",
"customized_info": {
"appsecret": "d4fbdce4fe3efbfbd6506d64896cf111",
"id": "5a3a061122139365f741143b",
"appid": "wx4b71f3d3b055bdee",
"cms_key": "xjxc01"
},
"enable_customized": 1,
"receiver_phone": "15886534577",
"station_type_id": 0,
"receiver_name": "xjxc01",
"permission_ids": [
64,
65,
66,
],
"receive_begin_time": "10:30",
"pay_info_id": null,
"distribute_cities": [
"440300"
],
"partner_id": 428,
"address": "lamia",
"receive_end_time": "16:00",
"sms_signature": "先进先出01",
"pay_key": "xjxc01",
"id": "T10001",
"enable_pay_info": 0,
"stock_method": 2,
"partner_name": "先进先出测试Group",
"customized_info_id": "xjxc01",
"name": "先进先出01",
"is_valid": 1,
}
}
station 用户管理
修改 /gm_account/station/user/search 用户搜索
Method: GET
请求时is_admin不再作为过滤参数,
改成用type_id,0.普通用户 1.供应商 999.管理员
响应时会返回对应用户的type_id 即类型
request
不传的字段代表全部
[新增]type_id O int 0.普通用户 1.供应商 999.管理员
[删除]is_admin O bool (0 或 1) 是否是管理员不再作为过滤条件
is_valid O bool
station_id O str
role_id O int
search_text O str 用户名
// 分页
offset O int 默认 0
limit O int 默认 20
response
{
data: {
users: [
{
[新增]type_id M int
id M int
username M str
name M str
roles: [
{
id: 123,
name: '角色名'
}
],
station_name M str
is_admin M bool
is_valid M bool
create_date M str or null
}
]
},
msg: 'OK',
code: 0,
}
修改 /gm_account/station/user/detail 用户详情
Method: GET
请求不变,
响应增加一个type_id的返回字段,用以表示用户的类型 0.普通用户 1.供应商 999.管理员
request [不变]
id M int
response
{
"data": {
"user": {
[新增]type_id M int
"id": 2,
"name": "李腾飞",
"username": "bugall",
"is_admin": false,
"station_id": "T123",
"phone": "12345",
"email": "123@5",
"card_photo_img_url": "http://somewhere.com/123.jpg",
"card_emblem_img_url": "http://somewhere.com/234.jpg",
"card_id": "12345X",
"is_valid": false,
"create_date": "1999-12-31",
"roles": [
{
"id": 1,
"name": "abcd"
}
],
}
},
"msg": "ok",
"code": 0
}
修改 /gm_account/station/user/update 更新用户
Method: POST
提交修改时 可以添加多添加一个type_id 用于更新用户的类型
request
不传的字段不会被更新
[新增]type_id O str
id M int user's id
username O str
role_ids O json list of int (不能为空)
is_admin O bool
is_active O bool
password O str
name O str
phone O str
email O str
card_id O str
card_emblem_img O str
card_photo_img O str
response[不变]
{ msg: OK, code: 0, data: null }
新增 /gm_account/station/role/permission/roles_permissions 搜索权限
Method: GET
根据所选角色获取权限
request
[新增]role_ids list M 角色ids
response[不变]
{
"code": 0,
"msg": "ok",
"data": [
"添加销售报价单",
"查看销售报价单",
"编辑销售单信息",
"查看任务",
"利润报表基础查看权限",
"查看短信管理"
]
}
station 采购员
新增 /station/task/purchase/purchaser/detail 采购员详情
Method GET
request[不变]
'id': M int
response
{
"msg": "ok",
"data":
{
'username' M str 采购员登录账号
'is_allow_login'M bool 该采购员是否可以登录app
"settle_suppliers": [],
"is_online": null,
"status": 1,
"name": "采购二号",
"phone": "18879140882",
"id": 11789
}
,
"code": 0
}
station 采购员
修改 /station/task/purchase/purchaser/search 搜索采购员
Method GET
request[不变]
'search_text': O str
'offset': O int
'limit': O int
response
{
"msg": "ok",
"data": [
{
[新增]'username' M str 采购员登录账号
[新增]'is_allow_login'M bool 该采购员是否可以登录app
"settle_suppliers": [],
"is_online": null,
"status": 1,
"name": "采购二号",
"phone": "18879140882",
"id": 11789
}
],
"code": 0
}
修改 /station/task/purchase/purchaser/create 新建采购员
Method POST
新建采购员
request
[新增]'username' M str 采购员登录账号
[新增]'password' M str 采购员登录密码
[新增]'is_allow_login'M bool 该采购员是否可以登录app
[修改]'phone': O str 手机号不再必填 M=>O
'settle_suppliers': M list
'name': Param(str), M str 姓名
'status': M bool
修改 /station/task/purchase/purchaser/edit 更新采购员
Method:POST
修改采购员
request
不传则不修改
[新增]'is_allow_login' O bool 该采购员是否可以登录app\
[新增]'password' O str 采购员登录密码
'settle_suppliers': O list
'id': M id
'name': O str
'phone': O str
'status': O bool
station 供应商
修改 /supplier/search 供应商搜索
Method:GET
添加供应商对应的供应商账号id,
用以在供应商详情处选择,
配合/gm_accountstation/user/search?type_id =1 使用 可拼凑 供应商登录账号(供应商名称)
配合 /station/task/purchase/purchaser/search 使用 可拼凑 供应商名称(采购员姓名)
request[不变]
response
{
"msg": "ok",
"data": [
{
[新增]"user_id" O str 对应的供应商账号id
"phone": null,
"supplier_id": "T16891",
"name": "蔬菜供应商",
"customer_id": "GYS1"
},
],
"code": 0
}
修改/supplier/detail 供应商详情
Method:GET
响应返回数据添加供应商用户id
request[不变]
id M str
response
{
"msg": "",
"data": {
[新增]user_id O str 供应商账号id
"location_lon": null,
"pay_method": 1,
"business_licence": null,
"phone": null,
"is_active": 1,
"company_name": null,
"card_no": null,
"account_name": null,
"finance_manager_phone": null,
"company_address": null,
"id": "T16891",
"finance_manager": null,
"qualification_images": [],
"username": "18879140881",
"customer_id": "GYS1",
"location_lat": null,
"name": "蔬菜供应商",
"bank": null,
"merchandise": [
"B39088"
]
},
"code": 0
}
修改 /supplier/create 新建供应商
Method:POST
添加一个供应商登录的request字段
request
[新增]user_id O str 供应商账号id
customer_id M str
name M str
merchandise M list
phone O str
company_name O str
finance_manager O str
finance_manager_phone O str
bank O str
pay_method O int
card_no O str
business_licence O str
location_lon O float
location_lat O float
quelification_images O list
修改 /supplier/update 更新供应商
Method:POST
[新增]user_id O str 供应商账号id
id M str
customer_id M str
name M str
merchandise M list
phone O str
company_name O str
finance_manager O str
finance_manager_phone O str
bank O str
pay_method O int
card_no O str
business_licence O str
location_lon O float
location_lat O float
quelification_images O list
接口(逻辑变更)
采购App接口修改
/station/login 登录
/station/logout 登出
/purchase_assistant/info 获取用户信息
等共22个app专用接口
其他
/station/task/purchase/purchaser/delete 删除采购员
/station/task/purchase/release 发布采购任务
/station/task/purchase/search 获取采购任务
/station/task/purchase/export 导出采购任务
/station/task/purchase/print 打印采购任务
/station/task/purchase/create_sheet 生成采购单
/station/stock/purchase_sheet/get 获取采购单
/station/stock/purchase_sheet/share_token 采购单二维码
/station/stock/purchase_sheet/export 导出采购单
/station/task/purchase/quote_price/edit station询价
数据结构变化
mysql
use xnn_core_product_2;
-- 采购员表
CREATE TABLE `tbl_purchaser` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`password` varchar(128) COLLATE utf8mb4_unicode_ci NOT NULL,
`last_login` datetime DEFAULT NULL,
`username` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
`name` varchar(30) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
`email` varchar(75) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
`station_id` varchar(16) COLLATE utf8mb4_unicode_ci NOT NULL COMMENT '所属station',
`is_active` tinyint(1) DEFAULT '0' COMMENT '是否激活',
`is_allow_login` tinyint(1) DEFAULT '0' COMMENT '是否允许登录app',
`telephone` varchar(20) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
`creator` varchar(30) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
`create_time` datetime DEFAULT NULL,
`delete_time` datetime DEFAULT NULL,
`modify_time` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=100002 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- tbl_permission 添加新字段用于排序
ALTER TABLE xnn_core_product_2.tbl_permission_class ADD sort_no int NULL COMMENT '用于排序' ;
-- auth_role 添加新字段 用于标记默认角色
ALTER TABLE xnn_core_product_2.auth_role ADD is_default tinyint(1) DEFAULT 0 NULL COMMENT '是否是系统创建的默认角色(不显示也不可修改权限)' ;
mongo
1.station(普通)
+ purchase_app_limit O int 用以存储当前station的可登陆采购app数
2.station(运营商)
+ user_id O str 运营商账号的id
数据变更脚本
-- 修改权限名称
update tbl_permission_class set name = '报价单管理', name_en = '报价单管理' where name = '我出售的商品';
update auth_permission set name = '新建报价单' where name = '添加销售报价单';
update auth_permission set name = '查看报价单管理' where name = '查看销售报价单';
update auth_permission set name = '新建订单' where name = '增加订单';
-- 创建新权限
-- 在 配送任务 下添加新权限 查看调度中心 get_distribute_center
INSERT INTO xnn_core_product_2.auth_permission
(name, name_en, content_type_id, codename, level2_id)
VALUES('查看调度中心', 'Get DistributeCenter Tab', 68, 'get_distribute_center_tab', 9);
-- 在 分拣任务 下添加新权限 查看分拣方式 get_dispatch_method
INSERT INTO xnn_core_product_2.auth_permission
(name, name_en, content_type_id, codename, level2_id)
VALUES('查看分拣方式', 'Get DispatchMethod', 12, 'get_dispatch_method', 23);
-- 在 供应链 订单管理 加新权限 查看录入售后信息
INSERT INTO xnn_core_product_2.auth_permission
(name, name_en, content_type_id, codename, level2_id)
VALUES('录入售后信息', 'Add Exception', 21, 'add_exception', 11);
-- 权限显示排序
-- 将所有排序号先设置为0
update tbl_permission_class set sort_no = 0;
update tbl_permission_class set sort_no = 1 where name = '商品' and level = 1;
update tbl_permission_class set sort_no = 101 where name = '报价单管理' and level = 2;
update tbl_permission_class set sort_no = 102 where name = '商品库索引' and level = 2;
update tbl_permission_class set sort_no = 103 where name = '营销' and level = 2;
update tbl_permission_class set sort_no = 2 where name = '供应链' and level = 1;
update tbl_permission_class set sort_no = 201 where name = '订单管理' and level = 2;
update tbl_permission_class set sort_no = 202 where name = '采购任务' and level = 2;
update tbl_permission_class set sort_no = 203 where name = '采购单据' and level = 2;
update tbl_permission_class set sort_no = 204 where name = '采购员' and level = 2;
update tbl_permission_class set sort_no = 205 where name = '询价记录' and level = 2;
update tbl_permission_class set sort_no = 206 where name = '分拣任务' and level = 2;
update tbl_permission_class set sort_no = 207 where name = '配送任务' and level = 2;
update tbl_permission_class set sort_no = 3 where name = '进销存' and level = 1;
update tbl_permission_class set sort_no = 301 where name = '入库' and level = 2;
update tbl_permission_class set sort_no = 302 where name = '出库' and level = 2;
update tbl_permission_class set sort_no = 303 where name = '盘点' and level = 2;
update tbl_permission_class set sort_no = 304 where name = '结款' and level = 2;
update tbl_permission_class set sort_no = 305 where name = '供应商' and level = 2;
update tbl_permission_class set sort_no = 4 where name = '系统' and level = 1;
update tbl_permission_class set sort_no = 401 where name = '运营时间设置' and level = 2;
update tbl_permission_class set sort_no = 402 where name = '运费模板设置' and level = 2;
update tbl_permission_class set sort_no = 403 where name = '打印模板设置' and level = 2;
update tbl_permission_class set sort_no = 404 where name = '系统设置' and level = 2;
update tbl_permission_class set sort_no = 405 where name = '税额' and level = 2;
update tbl_permission_class set sort_no = 406 where name = '消息提醒' and level = 2;
update tbl_permission_class set sort_no = 407 where name = '短信提醒' and level = 2;
update tbl_permission_class set sort_no = 5 where name = '数据中心' and level = 1;
update tbl_permission_class set sort_no = 501 where name = '报表分析' and level = 2;
update tbl_permission_class set sort_no = 6 where name = '定制' and level = 1;
update tbl_permission_class set sort_no = 601 where name = '定制' and level = 2;
-- 废弃两个权限
-- 删除 查看时价
UPDATE tbl_station_permission set `delete`=1 WHERE permission_id = (
SELECT id from auth_permission where name = '查看时价'
);
DELETE from auth_role_permission where permission_id = (
SELECT id from auth_permission where name = '查看时价'
);
DELETE from auth_user_user_permissions where permission_id = (
SELECT id from auth_permission where name = '查看时价'
);
DELETE from auth_permission where name = '查看时价';
-- 删除编辑时价
UPDATE tbl_station_permission set `delete`=1 WHERE permission_id = (
SELECT id from auth_permission where name = '编辑时价'
);
DELETE from auth_role_permission where permission_id = (
SELECT id from auth_permission where name = '编辑时价'
);
DELETE from auth_user_user_permissions where permission_id = (
SELECT id from auth_permission where name = '编辑时价'
);
DELETE from auth_permission where name = '编辑时价';
-- 给付费权限名称加上 "(付费)" 后缀
-- station
use xnn_core_product_2;
UPDATE auth_permission set name = CONCAT(name,'(付费)') where name in (
"增加检测报告",
"删除检测报告",
"修改检测报告",
"查看检测报告",
"追溯信息查询",
"编辑溯源信息",
"检测控制",
"录入检测报告",
"金蝶订单导入",
"采购任务-二维表下载",
"新建预售服务时间",
"编辑预售服务时间",
"修改默认结算方式"
);
-- ma
use management;
UPDATE tbl_permission set name = CONCAT(name,'(付费)') where name in (
"修改结算方式",
"插入财务调整",
"查看财务调整",
"导出财务调整"
);
历史数据处理
刷数据脚本 tools/tmp/change_purchaser_supplier_user.py
全局
对所有用户需要刷他们的用户类型
采购员
取消原有的采购员账号的激活状态,
并根据它们创建新的采购员账号,
修改并继承其原采购员同供应商,采购任务,采购单等功能的联系
是否可登录APP默认为False
供应商账号
解绑原绑定信息。
供应商
刷登录账号
station
可登陆app数 默认为0
注意:
记得将requeirement下的rmiclient改回
还有那些url