def _decorator_func(*args, **kwargs):
if request.authorization is None:
content_type = request.headers["Content-Type"]
if "application/x-www-form-urlencoded" in content_type:
data = request.form.to_dict()
elif "application/json" in content_type:
data = request.get_json()
elif "multipart/form-data" in content_type:
data = request.get_json()
if data is None:
data = request.form.to_dict()
else:
raise error_handlers.BadToken(
http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"认证失败"}))
if not isinstance(data, dict):
raise error_handlers.BadToken(
http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"请传递json格式数据"}))
token = data.get("token", None)
if token is None:
raise error_handlers.MissToken(
http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"认证失败,没有token"}))
else:
token = request.authorization["username"]
g.user = User.verify_auth_token(token)
# 用户权限
identity = g.cache.get(token)
if identity is not None:
g.identity = pickle.loads(identity)
return func(*args, **kwargs)
def delete(self):
args = batch_delete_role_parser.parse_args()
error_roles = []
for role_id in args.role_ids:
try:
role_id = int(role_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色Id必须为整数 - %s" % role_id})
role = Role.query.filter_by(id=role_id).first()
if role is None:
continue
# 判断是否有用户关联
if UsersRoles.query.filter_by(role_id=role_id).count() > 0:
error_roles.append(u"角色: %s 有用户关联不能删除" % role.name)
continue
g.db.delete(role)
if len(args.role_ids):
g.db.commit()
if len(error_roles):
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": "\n".join(error_roles)})
return http_responses.HTTP_200_OK(msg="Delete success")
def post(self):
args = user_parser.parse_args()
# 检查user是否存在
_user = User.query.filter_by(username=args.username).first()
if _user:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"用户名已存在 - %s" % args.username})
user = User(**args)
try:
g.db.add(user)
g.db.commit()
except Exception, e:
return http_responses.HTTP_400_BAD_REQUEST(msg={"error": str(e)})
def post(self):
args = login_parser.parse_args()
_user = User.get_object(username=args.username)
if not _user.verify_password(args.password):
return http_responses.HTTP_400_BAD_REQUEST(msg={"error": u"密码错误"})
token = _user.generate_auth_token()
g.user = _user
# 设置用户权限到缓存
# if not hasattr(g, "identity"):
_permissions = cache_user_privileges(token)
permissions = set()
for per in _permissions:
permissions.add(".".join([per.name, per.needs.name]))
return http_responses.HTTP_200_OK(
msg={
"message": "Login success",
"username": _user.username,
"nickname": _user.nickname,
"id": _user.id,
"is_superuser": _user.is_superuser,
"permissions": list(permissions),
"token": token
})
def post(self):
args = role_parser.parse_args()
_role = Role.query.filter_by(name=args.name).first()
if _role:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色已存在 - %s" % args.name})
role = Role(**args)
g.db.add(role)
g.db.commit()
return http_responses.HTTP_200_OK()
def verify_auth_token(cls, token):
s = TimedJSONWebSignatureSerializer(
current_app.config.get("SECRET_KEY", "No secret key"))
try:
data = s.loads(token)
except SignatureExpired:
raise TokenExpired(
http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"Token过期了,请重新登录"}))
except BadSignature:
raise BadToken(
http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"Token无效,请重新登录"}))
try:
user = User.get_object(id=data["user_id"])
except ObjectNotExists:
raise BadToken(
http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"Token无效,请重新登录"}))
return user
def delete(self):
args = batch_delete_user_parser.parse_args()
error_users = []
for user_id in args.user_ids:
try:
user_id = int(user_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"用户Id必须为整数"})
user = User.query.filter_by(id=user_id).first()
if user is None:
continue
g.db.delete(user)
if len(args.user_ids):
g.db.commit()
if len(error_users):
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": "\n".join(error_users)})
return http_responses.HTTP_200_OK(msg="Delete success")
def delete(self, role_id):
args = role_permissions_parser.parse_args()
for per_id in args.permission_ids:
try:
per_id = int(per_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"权限Id必须为整数"})
role_permission = RolesPermissions.query.filter_by(
role_id=role_id, permission_id=per_id)
if role_permission:
g.db.delete(role_permission)
if len(args.permission_ids):
g.db.commit()
return http_responses.HTTP_200_OK(msg="delete success")
def delete(self, user_id):
args = user_roles_parser.parse_args()
for role_id in args.role_ids:
try:
role_id = int(role_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色Id必须为整数"})
user_role = UsersRoles.query.filter_by(user_id=user_id,
role_id=role_id).first()
if user_role:
g.db.delete(user_role)
if len(args.role_ids):
g.db.commit()
return http_responses.HTTP_200_OK()
def post(self, user_id):
args = user_roles_parser.parse_args()
user = User.get_object(id=user_id)
for role_id in args.role_ids:
try:
role_id = int(role_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色Id必须为整数"})
if UsersRoles.query.filter_by(user_id=user_id,
role_id=role_id).first():
continue
role = Role.get_object(id=role_id)
user_role = UsersRoles(user, role)
g.db.add(user_role)
if len(args.role_ids):
g.db.commit()
return http_responses.HTTP_200_OK()
def post(self, role_id):
args = role_permissions_parser.parse_args()
role = Role.get_object(id=role_id)
for permission_id in args.permission_ids:
try:
p_id = int(permission_id)
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"权限id'%s'必须为整数" % permission_id})
if RolesPermissions.query.filter_by(role_id=role_id,
permission_id=p_id).first():
continue
permission_obj = Permission.get_object(id=p_id)
role_permission = RolesPermissions(role, permission_obj)
g.db.add(role_permission)
if len(args.permission_ids):
g.db.commit()
return http_responses.HTTP_200_OK()
def put(self, user_id):
args = user_roles_parser.parse_args()
user = User.get_object(id=user_id)
all_user_roles = UsersRoles.query.filter_by(user_id=user_id).all()
if args.role_ids:
all_role_ids = set(
[user_role.role.id for user_role in all_user_roles])
try:
new_role_ids = set([int(role_id) for role_id in args.role_ids])
except ValueError:
return http_responses.HTTP_400_BAD_REQUEST(
msg={"error": u"角色id必须为整数"})
add_role_ids = new_role_ids - all_role_ids
delete_role_ids = all_role_ids - new_role_ids
# 删除角色
for role_id in delete_role_ids:
g.db.delete(
filter(lambda x: x.role_id == role_id, all_user_roles)[0])
# 新增角色
for role_id in add_role_ids:
role = Role.query.filter_by(id=role_id).first()
if role is None:
continue
user_role = UsersRoles(user=user, role=role)
g.db.add(user_role)
else:
for user_role in all_user_roles:
g.db.delete(user_role)
g.db.commit()
return http_responses.HTTP_200_OK(msg="Update role permission success")