def sub_port(request):
top_dict = {}
top_dict.update(request.REQUEST)
# URL合法性校验
if not top_dict:
return render_to_limited(request, '您的登录方式有误,请重新登陆您的管理后台,然后点击开车精灵的图标')
check_result = jl_check_sign_with_secret(top_dict, timeout=60 * 6)
if check_result == 'no_permission':
return render_to_limited(request, '您没有使用权限,请订购后重新登录')
elif check_result == 'timeout':
return HttpResponse('请求超时,请重新进入')
log.info("LOGIN sub_port, nick=%s, from=%s" %
(top_dict['visitor_nick'], top_dict['visitor_from']))
auth_logout(request)
try: # 执行登陆
visit_dict = {
'nick': top_dict['visitor_nick'],
'session': top_dict['top_session'],
'visitor_from': top_dict['visitor_from']
}
return for_user_login(request, visit_dict)
except Exception, e:
log.exception(
"sub_port exception, nick=%s, session=%s, visitor_from=%s, error=%s"
% (top_dict['visitor_nick'], top_dict['top_session'],
top_dict['visitor_from'], e))
return render_to_limited(request, '登陆开车精灵发生系统错误')
def for_user_login(request, visit_dict, is_backend=False, is_agent=False):
# 获取和保存用户信息
visitor_from = visit_dict['visitor_from'] # 访问来源,可能是web、qnyd、qnpc
request.session['platform'] = visitor_from # 保存平台便于limited、error页面定位模板
platform = (visitor_from == 'web' and 'web' or 'qn') # 访问平台,可能是web、qn
uit = UserInfoTool(nick=visit_dict['nick'], session=visit_dict['session'])
user = uit.user
if not user:
return render_to_limited(request, '您的登录方式有误,请重新登陆您的管理后台,然后点击开车精灵的图标')
is_valid, reason = uit.test_api()
if not is_valid:
if is_backend:
return render_to_limited(request, '登录失败,失败原因:%s' % reason)
else:
return render_to_limited(request, '请重新登陆您的管理后台,然后点击开车精灵的图标')
# 校验权限和初始化店铺
if not user.is_staff:
if not uit.init_shop():
return render_to_limited(request, '获取店铺信息失败,请重新登录淘宝之后,再登陆开车精灵')
perms_code = user.sync_perms_code()
request.session['perms_code'] = perms_code
if BASE_CODE not in perms_code:
return render_to_limited(request, '您的没有权限登录开车精灵,请购买后再重新尝试')
# 模拟用户登陆
# user.set_password(user.email)
user_cache = authenticate(nick=user.nick, password=visit_dict['session'])
# 同步用户店铺信息,确认用户是B店还是C店
# try:
# last_login = user.last_login
# now = datetime.datetime.today()
# if (now - last_login).days >= 7:
# user.sync_user_shop_type(platform)
# except Exception, e:
# log.error('fail to sync user shop type the shop_id=%s and error=%s' % (user.shop_id, e))
# pass
request.session[
'login_from'] = 'backend' if is_backend else 'taobao' # 钟超 保存session获取来源
try:
auth_login(request, user_cache)
except Exception, e:
if "'AnonymousUser' object has no attribute 'backend'" in str(e):
if visitor_from == 'web':
return LoginWeb.redirect_2top_authorize()
elif visitor_from == 'qnpc':
return LoginQnpc.redirect_2top_authorize()
elif visitor_from == 'qnyd':
return LoginQnyd.redirect_2top_authorize()
raise e
def rob_rank(request, adgroup_id, template='rob_rank.html'):
try:
adgroup = Adgroup.objects.get(shop_id=request.user.shop_id,
adgroup_id=adgroup_id)
except DoesNotExist:
return render_to_limited(request, '该宝贝已经被删除,请返回页面重新操作')
if adgroup.error_descr(adgroup.campaign):
return render_to_limited(
request, '%s,不能进行极速排名操作' % adgroup.error_descr(adgroup.campaign))
if adgroup.mnt_type:
return render_to_limited(request, '该宝贝已经由系统自动托管,请选择其他宝贝')
return render_to_response(template, {'adg': adgroup},
context_instance=RequestContext(request))
def backend_login(request):
top_dict = {}
top_dict.update(request.REQUEST)
# URL合法性校验
check_result = jl_check_sign_with_secret(top_dict, timeout=60 * 60)
if check_result == 'no_permission':
return HttpResponse('非法访问,您没有访问权限')
elif check_result == 'timeout':
return HttpResponse('非法访问,请求超时')
elif not top_dict.has_key('shop_id'):
return HttpResponse('非法访问,请求参数错误')
auth_logout(request)
try: # 模拟登陆
is_agent = (top_dict.get('user_type', 'staff') == 'agent')
visit_dict = {
'nick': top_dict['nick'],
'session': top_dict['session'],
'visitor_from': top_dict['visitor_from']
}
request.session['psuser_name'] = top_dict['psuser_name']
request.session['user_type'] = top_dict['user_type']
return for_user_login(request,
visit_dict,
is_backend=(not is_agent),
is_agent=is_agent)
except Exception, e:
log.exception(
"backend_login exception, nick=%s, session=%s, visitor_from=%s, error=%s"
% (top_dict['nick'], top_dict['session'], top_dict['visitor_from'],
e))
return render_to_limited(request, '模拟登陆开车精灵发生系统错误')
def redirect_sale_link(request):
"""跳转到推广链接"""
sale_link_id = int(request.GET.get('sale_link_id', -1))
a_id = int(request.GET.get('a_id', -1))
shop_id = request.user.shop_id
nick = request.user.nick
redirect_url = reverse('web_home')
sale_link = SaleLink.objects.filter(id=sale_link_id)
if sale_link:
sale_link = sale_link[0]
# 限制链接为指定活动
if a_id != -1:
vaild_id_list = MainAds(shop_id=shop_id).get_showad_list()
if a_id not in vaild_id_list:
return render_to_limited(request, '对不起,您不符合该活动的条件')
try:
tapi = get_tapi(shop_id=shop_id)
top_obj = tapi.fuwu_sale_link_gen(nick=nick,
param_str=sale_link.param_str)
if top_obj and hasattr(top_obj, 'url'):
redirect_url = top_obj.url
except Exception, e:
log.exception('fuwu_sale_link_gen, nick=%s, e=%s' % (nick, e))
return render_to_error(request, '生成链接失败,请联系顾问')
def lottery_coupon(request, template='lottery_coupon.html'):
"""抽奖优惠券领取页面"""
user_lottery = Lottery.get_user_lottery(request.user)
if not user_lottery:
return render_to_limited(request, '亲,您没有优惠券:)')
template_list = LotteryOrder.query_order_template_bydiscount(
discount=int(user_lottery.sale_url))
template_infos = LotteryOrder.aggregate_version_infos_bydiscount(
template_list)
double_version = sorted(template_infos.get("ts-25811-8", []),
key=lambda obj: -obj.cycle)
four_version = sorted(template_infos.get("ts-25811-1", []),
key=lambda obj: -obj.cycle)
cate_version = template_infos.get("ts-25811-6", [])
vip_version = template_infos.get("ts-25811-v9", [])
version = request.session['item_code']
return render_to_response(
template, {
'cur_level': LotteryOrder.get_version_level(version),
'double_version': double_version,
'double_size': len(double_version),
'four_version': four_version,
'four_size': len(four_version),
'cate_version': cate_version,
'cate_size': len(cate_version),
'vip_version': vip_version,
'vip_size': len(vip_version),
},
context_instance=RequestContext(request))
def user_config(request, template='user_config.html'):
"""设置代理页面"""
if get_value_with_secret(request.COOKIES.get('user_type', 'INVALID_VALUE'),
'AGENT_COOKIES') == '0':
agent_list = Agent.objects.filter(
principal=request.user).order_by('-last_modified')
data = {'agent_list': agent_list}
return render_to_response(template,
data,
context_instance=RequestContext(request))
else:
return render_to_limited(request, '亲,您没有权限使用该功能,请联系您代理的用户:)')
def web_home(request, template='web_home.html'):
if hasattr(request, 'session') and request.session.get('next_url', ''):
next_url = request.session['next_url']
del request.session['next_url']
return HttpResponseRedirect(next_url)
shop_id = int(request.user.shop_id)
try:
account = Account.objects.get(shop_id=shop_id)
except DoesNotExist, e:
log.error('account limit error e=%s' % e)
return render_to_limited(request, '您的直通车账户不存在,请确认登陆账号是否正确')
order_temp = OrderTemplate.get_ordertemplate_byid(template_id)
redirect_url = ""
if order_temp:
try:
tapi = get_tapi(shop_id=shop_id)
if order_temp.is_base:
from apps.web.point import Renewal
Renewal.add_point_record(shop_id=shop_id,
template_id=order_temp.id)
redirect_url = order_temp.generate_order_link(nick, tapi)
except Exception, e:
log.exception('fuwu_sale_link_gen, nick=%s, e=%s' % (nick, e))
return render_to_error(request, '生成链接失败,请联系顾问')
else:
return render_to_limited(request, '亲,对不起,优惠链接已经失效!')
return HttpResponseRedirect(redirect_url)
@login_required
def redirect_sale_link(request):
"""跳转到推广链接"""
sale_link_id = int(request.GET.get('sale_link_id', -1))
a_id = int(request.GET.get('a_id', -1))
shop_id = request.user.shop_id
nick = request.user.nick
redirect_url = reverse('web_home')
sale_link = SaleLink.objects.filter(id=sale_link_id)
def ps_view_limited(request):
return render_to_limited(request, '亲,您没有权限使用该功能,请联系系统管理员!')
def view_limited(request, perms_code):
return render_to_limited(request, '亲,您尚未购买该功能,请购买后再使用!')
def jump_limited_page(self, error):
return render_to_limited(self.request, error)
def process_request(self, request):
# if not request.user.is_authenticated():
# log.info('SecurityMiddleware.process_request user: %s@%s:%s' % (request.session.get('psuser_name', 'Unknown'), request.META['REMOTE_ADDR'], request.path))
# 根据请求类型,校验功能权限
if request.is_ajax():
try:
path_list = request.META['HTTP_REFERER'].replace(
'http://', '').split('/')
if 'crm' in path_list:
return None
ajax_func = request.POST.get('function')
perms_tuple = AJAX_PERMS_CONFIG.get(ajax_func,
('undefined', '', 0, ()))
if (perms_tuple[0] != 'undefined' and perms_tuple[2]):
if perms_tuple[0] and not test_permission(
perms_tuple[0], request.user):
if 'qnpc' in path_list: # TODO 2015.11.3 临时处理,千牛改版时再重新设计该模块
from dajax.core import Dajax
dajax = Dajax()
dajax.script(
"PT.confirm('您当前的版本需要升级后才能使用该功能,要升级吗?', function(){window.open('https://fuwu.taobao.com/ser/detail.html?spm=a1z13.1113643.51940006.43.RmTuNs&service_code=FW_GOODS-1921400&tracelog=category&scm=1215.1.1.51940006', '_blank');},[],this,null,[],this, ['升级'])"
)
return dajax
result = perms_tuple[1](request=request,
perms_code=perms_tuple[0])
return result
else:
for i in perms_tuple[3]:
if i == 'href':
ajax_func = path_list[2] + '_' + ajax_func
continue
ajax_func = ajax_func + '_' + request.POST.get(
i, '')
if 'behavior_only' in ajax_func:
return perms_tuple[1]()
except Exception:
return None
# TODO: wangqi 2013-12-29 ajax暂时不处理
# ajax 请求权限验证
# ajax_func = request.POST.get('function')暂时写死,全部以基础权限统一处理
# try:
# ajax_path = request.path[1:-1].split('/')[-1]
# except Exception:
# ajax_path = ''
# perms_config = AJAX_PERMS_CONFIG.get(ajax_path, None)
# if perms_config and not test_permission(perms_config[0], request.user):
# return perms_config[1](request = request, perms_code = perms_config[0])
else:
# from 请求权限验证
try:
path_list = request.path[1:].split('/')
except Exception:
return None
if path_list[0] in ['web', 'mnt']:
perms_tuple = VIEW_PERMS_CONFIG.get(path_list[1], ('', '', 0))
if perms_tuple[0] and not test_permission(
perms_tuple[0], request.user):
return perms_tuple[1](request=request,
perms_code=perms_tuple[0])
elif path_list[0] == 'kwlib': # 建议将这几个功能也迁移到CRM中去
from apps.common.utils.utils_render import render_to_limited
if not request.user.is_superuser:
return render_to_limited(request, '亲,您没有权限使用该功能!')
elif path_list[0] in ['crm', 'ncrm']:
perms_tuple = CRM_PERMS_CONFIG.get(path_list[1], ('', ''))
if perms_tuple[0] and not check_perms(perms_tuple[0], request):
return perms_tuple[1](request=request)
return None