コード例 #1
0
ファイル: ajax.py プロジェクト: rookies/webmpd
	def check_permission(self, cookie_env, name):
		if usermanager.get_permission(cookie_env, name):
			return None
		return self.get_error(201, "Action not allowed! You need permission '%s'!" % name)
コード例 #2
0
ファイル: index.py プロジェクト: rookies/webmpd
	def handle_request(self, qs, environ=None):
		## Get cookie_env:
		if environ is None:
			cookie_env = os.getenv("HTTP_COOKIE")
		else:
			if "HTTP_COOKIE" in environ:
				cookie_env = environ["HTTP_COOKIE"]
			else:
				cookie_env = ""
		
		if not "page" in qs:
			if not usermanager.get_permission(cookie_env, "access"):
				return {
					"status": 302,
					"headers": {
						"Location": "index.py?page=login"
					},
					"content": ""
				}
			tpl = self.env.get_template("index_default.html")
			return {
				"status": 200,
				"headers": {
					"Content-Type": "text/html"
				},
				"content": tpl.render(
					loggedin=usermanager.is_loggedin(cookie_env),
					username=usermanager.get_username(cookie_env)
				)
			}
		elif qs["page"][0] == "login":
			if usermanager.is_loggedin(cookie_env):
				return {
					"status": 302,
					"headers": {
						"Location": "index.py"
					},
					"content": ""
				}
			else:
				tpl = self.env.get_template("login.html")
				if "error" in qs:
					err = True
				else:
					err = False
				return {
					"status": 200,
					"headers": {
						"Content-Type": "text/html"
					},
					"content": tpl.render(
						error=err
					)
				}
		elif qs["page"][0] == "loginaction":
			## Read POST data:
			if environ is None:
				data = sys.stdin.read()
			else:
				data = environ['wsgi.input'].read()
			data = dict(urllib.parse.parse_qs(data))
			if (not "password" in data and not b"password" in data) or (not "username" in data and not b"username" in data):
				## No username or no password given:
				return {
					"status": 302,
					"headers": {
						"Location": "index.py?page=login&error"
					},
					"content": ""
				}
			else:
				## Everything seems okay, prepare login data:
				if "username" in data:
					username = data["username"][0].strip()
					password = data["password"][0].strip()
				else:
					username = data[b"username"][0].strip().decode("utf-8")
					password = data[b"password"][0].strip().decode("utf-8")
				## ... and login:
				status = usermanager.login(username, password)
				if isinstance(status, dict):
					ret = {
						"status": 302,
						"headers": {
							"Location": "index.py"
						},
						"content": ""
					}
					for key, val in status.items():
						ret["headers"][key] = val
					return ret
				else:
					return {
						"status": 302,
						"headers": {
							"Location": "index.py?page=login&error"
						},
						"content": ""
					}
		elif qs["page"][0] == "logout":
			status = usermanager.logout(cookie_env)
			ret = {
				"status": 302,
				"headers": {
					"Location": "index.py"
				},
				"content": ""
			}
			if isinstance(status, dict):
				for key, val in status.items():
					ret["headers"][key] = val
			return ret