def validate(): """使用勾子处理接口访问事件""" # response.headers['Access-Control-Allow-Origin'] = '*' """ 钩子函数 ,处理请求路由之前需要做什么的事情 :return: """ """使用勾子处理页面或接口访问事件""" # 让bottle框架支持jquery ajax的RESTful风格的PUT和DELETE等请求 # 获取当前访问的Url路径 path_info = request.environ.get("PATH_INFO") # 过滤不用做任何操作的路由(即过滤不用进行判断是否登录和记录日志的url) if path_info in ['/favicon.ico', '/', '/api/verify/', "/api/visitHandle/"]: return ### 记录客户端提交的参数 ### # 获取当前访问url路径与ip request_log = 'url:' + path_info + ' ip:' + web_helper.get_ip() try: # 添加json方式提交的参数 if request.json: request_log = request_log + ' params(json):' + urllib.parse.unquote( str(request.json)) except: pass try: # 添加GET方式提交的参数 if request.query_string: request_log = request_log + ' params(get):' + urllib.parse.unquote( str(request.query_string)) # 添加POST方式提交的参数 if request.method == 'POST': request_log = request_log + ' params(post):' + urllib.parse.unquote( str(request.params.__dict__)) # 存储到日志文件中 log_helper.info(request_log) except: pass # 处理ajax提交的put、delete等请求转换为对应的请求路由(由于AJAX不支持RESTful风格提交,所以需要在这里处理一下,对提交方式进行转换) if request.method == 'POST' and request.POST.get('_method'): request.environ['REQUEST_METHOD'] = request.POST.get('_method', '') # 过滤不用进行登录权限判断的路由(登录与退出登录不用检查是否已经登录) url_list = ["/apiPost/login/", "/apiPost/logout/"] if path_info in url_list: pass else: # 已经登录成功的用户session肯定有值,没有值的就是未登录 session = web_helper.get_session() # 获取用户id manager_id = session.get('id', 0) login_name = session.get('login_name', 0) # 判断用户是否登录 if not manager_id or not login_name: web_helper.return_raise( web_helper.return_msg(-404, "您的登录已失效,请重新登录"))
def validate(): """使用勾子处理接口访问事件""" r = request # 获取当前访问的Url路径 path_info = request.environ.get("PATH_INFO") # 过滤不用做任何操作的路由(即过滤不用进行判断是否登录和记录日志的url) if path_info in ['/favicon.ico', '/', '/api/verify/' ] or path_info.find('/upload/') > -1: return ### 记录客户端提交的参数 ### # 获取当前访问url路径与ip request_log = 'url:' + path_info + ' ip:' + web_helper.get_ip() try: # 添加json方式提交的参数 if request.json: request_log = request_log + ' params(json):' + urllib.parse.unquote( str(request.json)) except: pass try: # 添加GET方式提交的参数 if request.query_string: request_log = request_log + ' params(get):' + urllib.parse.unquote( str(request.query_string)) # 添加POST方式提交的参数 if request.method == 'POST': request_log = request_log + ' params(post):' + urllib.parse.unquote( str(request.params.__dict__)) # 存储到日志文件中 log_helper.info(request_log) except: pass # 处理ajax提交的put、delete等请求转换为对应的请求路由(由于AJAX不支持RESTful风格提交,所以需要在这里处理一下,对提交方式进行转换) if request.method == 'POST' and request.POST.get('_method'): request.environ['REQUEST_METHOD'] = request.POST.get('_method', '') # 过滤不用进行登录权限判断的路由(登录与退出登录不用检查是否已经登录) url_list = [ "/api/login/", "/api/logout/", "/api/about/", "/api/contact_us/", "/api/product_class/", "/api/product/" ] if path_info in url_list or (request.method == 'GET' and path_info.find('/api/product/') > -1): pass else: # 已经登录成功的用户session肯定有值,没有值的就是未登录 session = web_helper.get_session() # 获取用户id manager_id = session.get('id', 0) login_name = session.get('login_name', 0) # 判断用户是否登录 if not manager_id or not login_name: web_helper.return_raise( web_helper.return_msg(-404, "您的登录已失效,请重新登录"))
def callback(): # 排序字段 sidx = web_helper.get_query('sidx', '', False) # 排序方式 sord = web_helper.get_query('sord', '', False) # 初始化输出格式 data = {'rows': []} # 排序sql order_by = 'sort asc' if sidx: order_by = sidx + ' ' + sord if not order_by: order_by = ' id desc ' # 获取数据 sql_data = 'select * from product_class order by %(orderby)s ' % { 'orderby': order_by } result = db_helper.read(sql_data) if result: data['rows'] = result if data: return web_helper.return_raise( json.dumps(data, cls=json_helper.CJsonEncoder)) else: return web_helper.return_msg(-1, '没有数据', '')
def callback(): # 页面索引 page_number = convert_helper.to_int_default( web_helper.get_query('page', '', False), 1) # 页面显示记录数量 page_size = convert_helper.to_int_default( web_helper.get_query('rows', '', False), 10) # page_size = 2 # 排序字段 sidx = web_helper.get_query('sidx', '', False) # 排序方式 sord = web_helper.get_query('sord', '', False) # 初始化输出格式 data = { 'records': 0, # 总记录数 'total': 0, # 总页数 'page': 1, # 页数 'rows': [] } # 获取记录总数 sql_count = 'select count(1) as records from product_class' result = db_helper.read(sql_count) if not result or result[0]['records'] == 0: return data data['records'] = result[0].get('records', 0) # 计算总页数 if data['records'] % page_size == 0: page_total = data['records'] // page_size else: page_total = data['records'] // page_size + 1 data['total'] = page_total data['page'] = page_number # 排序sql order_by = 'sort asc' if sidx: order_by = sidx + ' ' + sord if not order_by: order_by = ' id desc ' # 分页sql record_number = (page_number - 1) * page_size paging = ' limit ' + str(page_size) + ' offset ' + str(record_number) # 获取数据 sql_data = 'select * from product_class order by %(orderby)s %(paging)s' % { 'orderby': order_by, 'paging': paging } result = db_helper.read(sql_data) if result: data['rows'] = result if data: return web_helper.return_raise( json.dumps(data, cls=json_helper.CJsonEncoder)) else: return web_helper.return_msg(-1, '没有数据', '')
def get_record(): # 初始化输出格式 data = { 'records': 0, # 总记录数 'total': 0, # 总页数 'page': 1, # 页数 'rows': [] } sql = '''select * from searchrecord limit 500 offset 0 ''' result = db_helper.read(sql) if result: data['rows'] = result if data: return web_helper.return_raise( json.dumps(data, cls=json_helper.CJsonEncoder)) else: return web_helper.return_msg(-1, '没有数据', '')
def callback(): """ 获取列表数据 """ # 产品分类id product_class_id = convert_helper.to_int0( web_helper.get_query('product_class_id', '产品分类id', is_check_null=False)) # 类型 type = web_helper.get_query('type', '类型', is_check_null=False) # 页面索引 page_number = convert_helper.to_int1( web_helper.get_query('page', '', is_check_null=False)) # 页面显示记录数量 page_size = convert_helper.to_int0( web_helper.get_query('rows', '', is_check_null=False)) # 排序字段 sidx = web_helper.get_query('sidx', '', is_check_null=False) # 顺序还是倒序排序 sord = web_helper.get_query('sord', '', is_check_null=False) # 设置查询条件 wheres = [] if product_class_id > 0: wheres.append('product_class_id=' + str(product_class_id)) # 判断是否是前台提交获取数据 if type != 'backstage': wheres.append('is_enable=1') # 初始化排序字段 orderby = None ### 设置排序 ### if sidx: orderby = sidx + ' ' + sord # 实例化product表操作类ProductLogic _product_logic = product_logic.ProductLogic() result = _product_logic.get_list( '*,(select name from product_class where id=product_class_id) as product_class_name', wheres, page_number, page_size, orderby) if result: return web_helper.return_raise( json.dumps(result, cls=json_helper.CJsonEncoder)) else: return web_helper.return_msg(-1, "查询失败")
def check_user_power(): """检查当前用户是否有访问当前接口的权限""" # 读取session session = web_helper.get_session() # session不存在则表示登录失效了 if not session: web_helper.return_raise(web_helper.return_msg(-404, "您的登录已失效,请重新登录")) # 获取当前页面原始路由 rule = request.route.rule # 获取当前访问接口方式(get/post/put/delete) method = request.method.lower() # 获取当前访问的url地址 url = string_helper.filter_str(request.url, '<|>|%|\'') # 初始化日志相关变量 _manager_operation_log_logic = manager_operation_log_logic.ManagerOperationLogLogic() ip = web_helper.get_ip() manager_id = session.get('id') manager_name = session.get('name') # 设置访问日志信息 if method == 'get': method_name = '访问' else: method_name = '进行' # 获取来路url http_referer = request.environ.get('HTTP_REFERER') if http_referer: # 提取页面url地址 index = http_referer.find('?') if index == -1: web_name = http_referer[http_referer.find('/', 8) + 1:] else: web_name = http_referer[http_referer.find('/', 8) + 1: index] else: web_name = '' # 组合当前接口访问的缓存key值 key = web_name + method + '(' + rule + ')' # 从菜单权限缓存中读取对应的菜单实体 _menu_info_logic = menu_info_logic.MenuInfoLogic() model = _menu_info_logic.get_model_for_url(key) if not model: # 添加访问失败日志 _manager_operation_log_logic.add_operation_log(manager_id, manager_name, ip, '用户访问[%s]接口地址时,检测没有操作权限' % (url)) web_helper.return_raise(web_helper.return_msg(-1, "您没有访问权限1" + key)) # 初始化菜单名称 menu_name = model.get('name') if model.get('parent_id') > 0: # 读取父级菜单实体 parent_model = _menu_info_logic.get_model_for_cache(model.get('parent_id')) if parent_model: menu_name = parent_model.get('name').replace('列表', '').replace('管理', '') + menu_name # 从session中获取当前用户登录时所存储的职位id positions = positions_logic.PositionsLogic() page_power = positions.get_page_power(session.get('positions_id')) # 从菜单实体中提取菜单id,与职位权限进行比较,判断当前用户是否拥有访问该接口的权限 if page_power.find(',' + str(model.get('id', -1)) + ',') == -1: # 添加访问失败日志 _manager_operation_log_logic.add_operation_log(manager_id, manager_name, ip, '用户%s[%s]操作检测没有权限' % (method_name, menu_name)) web_helper.return_raise(web_helper.return_msg(-1, "您没有访问权限2")) if not (method == 'get' and model.get('name') in ('添加', '编辑')): # 添加访问日志 _manager_operation_log_logic.add_operation_log(manager_id, manager_name, ip, '用户%s[%s]操作' % (method_name, menu_name))
def callback(): """ 获取列表数据 """ # 页面索引 page_number = convert_helper.to_int1(web_helper.get_query('page', '', False)) # 页面显示记录数量 page_size = convert_helper.to_int0(web_helper.get_query('rows', '', False)) # 排序字段 sidx = web_helper.get_query('sidx', '', False) # 顺序还是倒序排序 sord = web_helper.get_query('sord', '', False) # 初始化排序字段 order_by = 'sort asc' if sidx: order_by = sidx + ' ' + sord ############################################################# # 初始化输出格式(前端使用jqgrid列表,需要指定输出格式) data = { 'records': 0, 'total': 0, 'page': 1, 'rows': [], } ############################################################# # 执行sql,获取指定条件的记录总数量 sql = 'select count(1) as records from product_class' result = db_helper.read(sql) # 如果查询失败或不存在指定条件记录,则直接返回初始值 if not result or result[0]['records'] == 0: return data # 保存总记录数量 data['records'] = result[0].get('records', 0) ############################################################# ### 设置分页索引与页面大小 ### # 设置分页大小 if page_size is None or page_size <= 0: page_size = 10 # 计算总页数 if data['records'] % page_size == 0: page_total = data['records'] // page_size else: page_total = data['records'] // page_size + 1 # 记录总页面数量 data['total'] = page_total # 判断提交的页码是否超出范围 if page_number < 1 or page_number > page_total: page_number = page_total # 记录当前页面索引值 data['page'] = page_number # 计算当前页面要显示的记录起始位置 record_number = (page_number - 1) * page_size # 设置查询分页条件 paging = ' limit ' + str(page_size) + ' offset ' + str(record_number) ### 设置排序 ### if not order_by: order_by = 'id desc' ############################################################# # 组合sql查询语句 sql = "select * from product_class order by %(orderby)s %(paging)s" % \ {'orderby': order_by, 'paging': paging} # 读取记录 result = db_helper.read(sql) if result: # 存储记录 data['rows'] = result if data: # 直接输出json return web_helper.return_raise(json.dumps(data, cls=json_helper.CJsonEncoder)) else: return web_helper.return_msg(-1, "查询失败")
def callback(): """ 获取列表数据 """ # 设置查询条件 wheres = '' # 产品分类id product_class_id = convert_helper.to_int0(web_helper.get_query('product_class_id', '产品分类id', is_check_null=False)) if product_class_id > 0: wheres = 'where product_class_id=' + str(product_class_id) # 页面索引 page_number = convert_helper.to_int1(web_helper.get_query('page', '', is_check_null=False)) # 页面显示记录数量 page_size = convert_helper.to_int0(web_helper.get_query('rows', '', is_check_null=False)) # 排序字段 sidx = web_helper.get_query('sidx', '', is_check_null=False) # 顺序还是倒序排序 sord = web_helper.get_query('sord', '', is_check_null=False) # 初始化排序字段 order_by = 'id desc' if sidx: order_by = sidx + ' ' + sord # 类型 type = web_helper.get_query('type', '类型', is_check_null=False) # 判断是否是前台提交获取数据 if type != 'backstage': # 判断是否已经存在查询条件了,是的话在原查询条件后面拼接 if wheres: wheres = wheres + ' and is_enable=1' else: wheres = 'where is_enable=1' ############################################################# # 初始化输出格式(前端使用jqgrid列表,需要指定输出格式) data = { 'records': 0, 'total': 0, 'page': 1, 'rows': [], } ############################################################# # 执行sql,获取指定条件的记录总数量 sql = 'select count(1) as records from product %(wheres)s' % {'wheres': wheres} result = db_helper.read(sql) # 如果查询失败或不存在指定条件记录,则直接返回初始值 if not result or result[0]['records'] == 0: return data # 保存总记录数量 data['records'] = result[0].get('records', 0) ############################################################# ### 设置分页索引与页面大小 ### # 设置分页大小 if page_size is None or page_size <= 0: page_size = 10 # 计算总页数 if data['records'] % page_size == 0: page_total = data['records'] // page_size else: page_total = data['records'] // page_size + 1 # 记录总页面数量 data['total'] = page_total # 判断提交的页码是否超出范围 if page_number < 1 or page_number > page_total: page_number = page_total # 记录当前页面索引值 data['page'] = page_number # 计算当前页面要显示的记录起始位置 record_number = (page_number - 1) * page_size # 设置查询分页条件 paging = ' limit ' + str(page_size) + ' offset ' + str(record_number) ### 设置排序 ### if not order_by: order_by = 'id desc' ############################################################# # 组合sql查询语句 sql = "select * from product %(wheres)s order by %(orderby)s %(paging)s" % \ {'wheres': wheres, 'orderby': order_by, 'paging': paging} # 读取记录 result = db_helper.read(sql) if result: # 存储记录 data['rows'] = result if data: # 直接输出json return web_helper.return_raise(json.dumps(data, cls=json_helper.CJsonEncoder)) else: return web_helper.return_msg(-1, "查询失败")