def _authenticate(self): method = self.request.method token_instance = Token() if method == "POST": the_post = Post() the_header = Headers() user_id = the_post.get_user_id(self) user_id = user_id if user_id else the_header.get_user_id(self) token = the_post.get_token(self) token = token if token else the_header.get_token(self) token_from_db = token_instance.get(user_id) if token_from_db and token_from_db.token == token: result = func(self) else: return self.write( OHHOOperation.dict2json(Result.result_not_login())) elif method == "GET": the_get = Get() the_header = Headers() user_id = the_get.get_user_id(self) user_id = user_id if user_id else the_header.get_user_id(self) token = the_get.get_token(self) token = token if token else the_header.get_token(self) token_from_db = token_instance.get(user_id) if token_from_db and token_from_db.token == token: result = func(self) else: return self.write( OHHOOperation.dict2json(Result.result_not_login())) else: result = func(self) return result
def _permission(self): username = self.current_user if not username: return self.write( OHHOOperation.dict2json(Result.result_not_login())) else: class_name = self.__class__.__name__ if class_name.endswith("AddHandler"): the_type = "AddHandler" elif class_name.endswith("ListHandler"): the_type = "ListHandler" elif class_name.endswith("DetailHandler"): the_type = "DetailHandler" elif class_name.endswith("DeleteHandler"): the_type = "DeleteHandler" else: the_type = "" if the_type: the_type_length = len(the_type) name = class_name[:-the_type_length] permission_instance = OHHOPermission() page = permission_instance.get_or_create_page_from_permission( name) flag = True permission = permission_instance.get_the_page_permission_from_permission( username, page) OHHOLog.print_log(username) OHHOLog.print_log(page.id) OHHOLog.print_log(permission) print(permission) if the_type == "AddHandler": if permission["insert"]: pass else: flag = False elif the_type == "ListHandler": if permission["select"]: pass else: flag = False elif the_type == "DetailHandler": if permission["update"]: pass else: flag = False elif the_type == "DeleteHandler": if permission["delete"]: pass else: flag = False else: flag = False if not flag: result = Result.result_no_permission() return self.redirect("/backstage/no/permission/?code=" + str(result.get("code", 0)) + "&data=" + str(result.get("detail", ""))) result = func(self) return result