/
authorized.py
executable file
·91 lines (87 loc) · 3.22 KB
/
authorized.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
"""
authorized.py
"""
import django_version
import logging
from constants import *
from google.appengine.api import users
from datetime import datetime
import json
import messages
import tools
def role(role=None):
def wrapper(handler_method):
def check_login(self, *args, **kwargs):
d = {
'SITENAME':SITENAME,
'COMPANY_NAME': COMPANY_NAME,
'YEAR':datetime.now().year,
'CURTIME': datetime.now(),
'GA_ID': GA_ID,
'DEV': tools.on_dev_server(),
}
allow = False
handled = False
error_code = 0
user = enterprise = None
session = self.session
messages.get_messages(self, d)
if session.has_key('user'):
user = session['user']
if 'enterprise' in session:
enterprise = session['enterprise']
if not role:
allow = True
elif role == "user":
if user:
allow = True
elif role == "admin":
if user and user.is_admin():
allow = True
elif role == "api":
status = None
from models import User
api_auth = self.request.get('auth')
if not user:
if api_auth == API_AUTH:
uid = self.request.get_range('uid')
pw = self.request.get('pw')
token = self.request.get('token')
if uid:
_user = User.get_by_id(uid)
if _user and pw and _user.validatePassword(pw):
user = _user # Authorized client API
else:
error_code = 5 # Auth failed
else:
error_code = 4 # Malformed
else:
error_code = 1 # Unauthorized
status = 401
if user:
d['user'] = user
if not enterprise:
enterprise = user.enterprise
self.user = d['user'] = user
self.enterprise = d['enterprise'] = enterprise
else:
error_code = 3 # User not found
if not error_code:
kwargs['d'] = d
handler_method(self, *args, **kwargs)
else:
message = messages.ERROR.LABELS.get(error_code)
logging.error(message)
self.json_out(success=False, error=error_code, message=message, status=status)
handled = True
if not handled:
if allow:
d['user'] = user
d['enterprise'] = enterprise
d['logout_url'] = "/logout" #users.create_logout_url("/logout")
kwargs['d'] = d
handler_method(self, *args, **kwargs)
else:
self.redirect("/login")
return check_login
return wrapper