def wrapper(self, *args, **kwargs): if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_admin_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) return self.redirect(url) raise HTTPError(403) return func(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urllib.urlencode(dict(next=next_url)) self.redirect(url) return raise HTTPError(403) return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): user = self.current_user if not user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return elif f(user): return method(self, *args, **kwargs) raise HTTPError(403)
def wrapper(self, *args, **kwargs): if not self.current_user: # 如果是ajax的请求,不使用302的重定向 is_ajax=self.request.headers.get('X-Requested-With') == 'XMLHttpRequest' if self.request.method in ("GET", "HEAD") and not is_ajax: url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return self.send_error(status_code=403,reason="未经认证或认证过期,请重新登录进行认证.") #raise HTTPError(403,reason="未经认证或认证过期,请重新登录进行认证.") return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): """ @type self BaseHandler """ # 如果没有登录,强制登录 if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise tornado.web.HTTPError(403) # 如果1小时内不活跃,强制退出 if (datetime.now() - self.current_user.last_active).total_seconds() >= 60 * 60: self.redirect( url_concat(self.reverse_url('logout'), {'next': self.request.uri})) return self.db.execute( 'update operator set last_active=NOW() where id=%s', self.current_user.id) # 检查权限 if required_roles: roles = self.current_user.roles.split(',') passed = False if required_roles == ('developer_mgr', ): # 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问 if 'developer_mgr' in roles: passed = True else: for role in roles: if role == 'developer' or role in required_roles: passed = True break if not passed: self.render('403.html') return return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): """ @type self BaseHandler """ # 如果没有登录,强制登录 if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise tornado.web.HTTPError(403) # 如果是已登录用户,但账号被禁止,强制退出 if self.current_user.deleted == '1': self.redirect(self.reverse_url('logout')) return # 检查微信是否绑定,未绑定跳转到设置页面 if self.request.uri.startswith('/wx'): if 'sp_props' in self.current_user: if not 'wx_type' in self.current_user.sp_props: return self.redirect(self.reverse_url('wx.setting')) # 检查权限 if required_roles: roles = self.current_user.roles.split(',') passed = False for role in roles: if role == 'manager' or role in required_roles: passed = True break if not passed: self.render('403.html') return # if self.current_user.password.lower() == hashlib.md5('123456' + self.current_user.pwd_salt).hexdigest(): # if self.request.uri not in ('/password', '/message/unread'): # return self.redirect(self.reverse_url('password')) return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler if localAccess and (self.request.remote_ip in ('::1', '127.0.0.1') or \ addressInNetwork(self.request.remote_ip, '192.168.1.0/24')): return method(self, *args, **kwargs) if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) if 'application/json' in self.request.headers.get('Accept'): raise HTTPError(401) else: self.redirect(url) return raise HTTPError(403) return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler ip = ipaddress.ip_address(self.request.remote_ip) if localAccess and (ip.is_private or ip in ipaddress.ip_network('192.168.1.0/24')): return method(self, *args, **kwargs) if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) if 'application/json' in self.request.headers.get('Accept'): raise HTTPError(401) else: self.redirect(url) return raise HTTPError(403) return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): """ @type self BaseHandler """ # 如果没有登录,强制登录 if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise tornado.web.HTTPError(403) # 如果1小时内不活跃,强制退出 if (datetime.now() - self.current_user.last_active).total_seconds() >= 60*60: self.redirect(url_concat(self.reverse_url('logout'), {'next': self.request.uri})) return self.db.execute('update operator set last_active=NOW() where id=%s', self.current_user.id) # 检查权限 if required_roles: roles = self.current_user.roles.split(',') passed = False if required_roles == ('developer_mgr',): # 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问 if 'developer_mgr' in roles: passed = True else: for role in roles: if role == 'developer' or role in required_roles: passed = True break if not passed: self.render('403.html') return return method(self, *args, **kwargs)