def wrapper(*args, **kwargs):
if flask.g.cms_user.has_permission(permission):
return func(*args, **kwargs)
else:
# 如果通过ajax的方式
if flask.request.is_xhr:
return xtjson.json_unauth_error() # 未授权
else:
flask.abort(401)
def cms_not_found(error):
if flask.request.is_xhr:
return xtjson.json_unauth_error()
else:
return flask.render_template('cms/cms_401.html'), 401
def post_auth_forbidden(error):
if flask.request.is_xhr:
return xtjson.json_unauth_error()
else:
return flask.redirect(flask.url_for('account.login'))
def wrapper(*args,**kwargs):
id = flask.session.get(settings.SESSION_FRONT_USER_ID)
if id:
return func(*args, **kwargs)
else:
return xtjson.json_unauth_error()
def abort(error):
if request.is_xhr:
return xtjson.json_unauth_error(message=u'你没有权限访问这个页面')
return render_template('common/401.html'), 401
def cms_auth_forbidden(error):
if flask.request.is_xhr:
return xtjson.json_unauth_error()
else:
return flask.render_template('common/401.html'), 401
def post_auth_forbidden(error):
if request.is_xhr:
return xtjson.json_unauth_error()
else:
return redirect(url_for('account.front_login'))