def _decorator_func(*args, **kwargs): if request.authorization is None: content_type = request.headers["Content-Type"] if "application/x-www-form-urlencoded" in content_type: data = request.form.to_dict() elif "application/json" in content_type: data = request.get_json() elif "multipart/form-data" in content_type: data = request.get_json() if data is None: data = request.form.to_dict() else: raise error_handlers.BadToken( http_responses.HTTP_400_BAD_REQUEST( msg={"error": u"认证失败"})) if not isinstance(data, dict): raise error_handlers.BadToken( http_responses.HTTP_400_BAD_REQUEST( msg={"error": u"请传递json格式数据"})) token = data.get("token", None) if token is None: raise error_handlers.MissToken( http_responses.HTTP_400_BAD_REQUEST( msg={"error": u"认证失败,没有token"})) else: token = request.authorization["username"] g.user = User.verify_auth_token(token) # 用户权限 identity = g.cache.get(token) if identity is not None: g.identity = pickle.loads(identity) return func(*args, **kwargs)
def post(self): args = login_parser.parse_args() _user = User.get_object(username=args.username) if not _user.verify_password(args.password): return http_responses.HTTP_400_BAD_REQUEST(msg={"error": u"密码错误"}) token = _user.generate_auth_token() g.user = _user # 设置用户权限到缓存 # if not hasattr(g, "identity"): _permissions = cache_user_privileges(token) permissions = set() for per in _permissions: permissions.add(".".join([per.name, per.needs.name])) return http_responses.HTTP_200_OK( msg={ "message": "Login success", "username": _user.username, "nickname": _user.nickname, "id": _user.id, "is_superuser": _user.is_superuser, "permissions": list(permissions), "token": token })
def put(self, user_id): _user = User.get_object(id=user_id) args = user_modify_parser.parse_args() _user.username = args.username if args.nickname is not None: _user.nickname = args.nickname if args.email is not None: _user.email = args.email g.db.commit() return http_responses.HTTP_200_OK(msg=u"修改用户信息成功")
def get(self, user_id): user = User.get_object(id=user_id) user_roles = UsersRoles.query.filter_by(user_id=user_id).all() roles = [user_role.role.to_dict() for user_role in user_roles] return http_responses.HTTP_200_OK(msg={ "user": user.username, "roles": roles })
def post(self): args = user_parser.parse_args() # 检查user是否存在 _user = User.query.filter_by(username=args.username).first() if _user: return http_responses.HTTP_400_BAD_REQUEST( msg={"error": u"用户名已存在 - %s" % args.username}) user = User(**args) try: g.db.add(user) g.db.commit() except Exception, e: return http_responses.HTTP_400_BAD_REQUEST(msg={"error": str(e)})
def post(self, user_id): args = user_roles_parser.parse_args() user = User.get_object(id=user_id) for role_id in args.role_ids: try: role_id = int(role_id) except ValueError: return http_responses.HTTP_400_BAD_REQUEST( msg={"error": u"角色Id必须为整数"}) if UsersRoles.query.filter_by(user_id=user_id, role_id=role_id).first(): continue role = Role.get_object(id=role_id) user_role = UsersRoles(user, role) g.db.add(user_role) if len(args.role_ids): g.db.commit() return http_responses.HTTP_200_OK()
def put(self, user_id): args = user_roles_parser.parse_args() user = User.get_object(id=user_id) all_user_roles = UsersRoles.query.filter_by(user_id=user_id).all() if args.role_ids: all_role_ids = set( [user_role.role.id for user_role in all_user_roles]) try: new_role_ids = set([int(role_id) for role_id in args.role_ids]) except ValueError: return http_responses.HTTP_400_BAD_REQUEST( msg={"error": u"角色id必须为整数"}) add_role_ids = new_role_ids - all_role_ids delete_role_ids = all_role_ids - new_role_ids # 删除角色 for role_id in delete_role_ids: g.db.delete( filter(lambda x: x.role_id == role_id, all_user_roles)[0]) # 新增角色 for role_id in add_role_ids: role = Role.query.filter_by(id=role_id).first() if role is None: continue user_role = UsersRoles(user=user, role=role) g.db.add(user_role) else: for user_role in all_user_roles: g.db.delete(user_role) g.db.commit() return http_responses.HTTP_200_OK(msg="Update role permission success")
def delete(self, user_id): _user = User.get_object(id=user_id) g.db.delete(_user) g.db.commit() return http_responses.HTTP_200_OK()