def wrapper(self, *args, **kwargs):
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_admin_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
return self.redirect(url)
raise HTTPError(403)
return func(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urllib.urlencode(dict(next=next_url))
self.redirect(url)
return
raise HTTPError(403)
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
user = self.current_user
if not user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
elif f(user):
return method(self, *args, **kwargs)
raise HTTPError(403)
def wrapper(self, *args, **kwargs):
if not self.current_user:
# 如果是ajax的请求,不使用302的重定向
is_ajax=self.request.headers.get('X-Requested-With') == 'XMLHttpRequest'
if self.request.method in ("GET", "HEAD") and not is_ajax:
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
self.send_error(status_code=403,reason="未经认证或认证过期,请重新登录进行认证.")
#raise HTTPError(403,reason="未经认证或认证过期,请重新登录进行认证.")
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果1小时内不活跃,强制退出
if (datetime.now() -
self.current_user.last_active).total_seconds() >= 60 * 60:
self.redirect(
url_concat(self.reverse_url('logout'),
{'next': self.request.uri}))
return
self.db.execute(
'update operator set last_active=NOW() where id=%s',
self.current_user.id)
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
if required_roles == ('developer_mgr', ):
# 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问
if 'developer_mgr' in roles:
passed = True
else:
for role in roles:
if role == 'developer' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果是已登录用户,但账号被禁止,强制退出
if self.current_user.deleted == '1':
self.redirect(self.reverse_url('logout'))
return
# 检查微信是否绑定,未绑定跳转到设置页面
if self.request.uri.startswith('/wx'):
if 'sp_props' in self.current_user:
if not 'wx_type' in self.current_user.sp_props:
return self.redirect(self.reverse_url('wx.setting'))
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
for role in roles:
if role == 'manager' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
# if self.current_user.password.lower() == hashlib.md5('123456' + self.current_user.pwd_salt).hexdigest():
# if self.request.uri not in ('/password', '/message/unread'):
# return self.redirect(self.reverse_url('password'))
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果是已登录用户,但账号被禁止,强制退出
if self.current_user.deleted == '1':
self.redirect(self.reverse_url('logout'))
return
# 检查微信是否绑定,未绑定跳转到设置页面
if self.request.uri.startswith('/wx'):
if 'sp_props' in self.current_user:
if not 'wx_type' in self.current_user.sp_props:
return self.redirect(self.reverse_url('wx.setting'))
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
for role in roles:
if role == 'manager' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
# if self.current_user.password.lower() == hashlib.md5('123456' + self.current_user.pwd_salt).hexdigest():
# if self.request.uri not in ('/password', '/message/unread'):
# return self.redirect(self.reverse_url('password'))
return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler
if localAccess and (self.request.remote_ip in ('::1', '127.0.0.1') or \
addressInNetwork(self.request.remote_ip, '192.168.1.0/24')):
return method(self, *args, **kwargs)
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
if 'application/json' in self.request.headers.get('Accept'):
raise HTTPError(401)
else:
self.redirect(url)
return
raise HTTPError(403)
return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler
ip = ipaddress.ip_address(self.request.remote_ip)
if localAccess and (ip.is_private or ip in ipaddress.ip_network('192.168.1.0/24')):
return method(self, *args, **kwargs)
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
if 'application/json' in self.request.headers.get('Accept'):
raise HTTPError(401)
else:
self.redirect(url)
return
raise HTTPError(403)
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果1小时内不活跃,强制退出
if (datetime.now() - self.current_user.last_active).total_seconds() >= 60*60:
self.redirect(url_concat(self.reverse_url('logout'), {'next': self.request.uri}))
return
self.db.execute('update operator set last_active=NOW() where id=%s', self.current_user.id)
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
if required_roles == ('developer_mgr',):
# 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问
if 'developer_mgr' in roles:
passed = True
else:
for role in roles:
if role == 'developer' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
return method(self, *args, **kwargs)
