def process_request(self, request): path = request_api.get_path(request) if AuthMiddleware.__not_check_login(path): return # 如果用户没登录,就先重定向到登录页 if request_api.is_login(request) is False: # 如果是GET请求,则重定向 if request.method == 'GET': return redirect('/login/') else: return HttpResponse(json.dumps(dict(Result.error('请先登录!')))) # 检查用户是否拥有执行当前action的权限 action = request_api.get_action(request) if AuthMiddleware.__not_check_auth(path, action): return # 如过action为空,表示不需要检查权限 if action is None: return if is_action_allowed(request, action) is False: return HttpResponse(json.dumps(dict(Result.error('权限不足,请联系管理员添加权限!'))))
def login(self, request): param = request_api.get_param(request) account = param.get('account', '') password = param.get('password', '') user = validate_and_get_user(account, password) # 如果校验通过 if user is not None: request_api.set_user(request, user) return Result.success('登录成功!') else: return Result.error('账号不存在或密码错误!')
def process_exception(self, request, exception): traceback.print_exc() logger.error(str(exception)) result = Result.error(msg=str(exception)) return HttpResponse(json.dumps(dict(result)))