def updateApp(req): """ 修改应用 :param req: :return: """ cr = webapi.SuccCallReturn() try: id = webapi.GET(req, 'id') app_id = webapi.GET(req, 'app_id') name = webapi.GET(req, 'name') comment = webapi.GET(req, 'comment') status = webapi.GET(req, 'status') app_id = app_id.strip() name = name.strip() status = status.strip() if not app_id or not name or not name: return webapi.FailCallReturn( ErrorDefs.ParameterIllegal).httpResponse() callback = webapi.GET(req, 'callback') cr.setCallBackJsonp(callback) creator_id = webapi.sessionValue(req, 'user_id') creator = core.AdminUser.objects.get(id=(int(creator_id))) app = core.Application.objects.get(id=int(id)) #应用标识不能更新 # if app_id: # appforid = core.Application.objects.filter(app_id = app_id) # if appforid: # return webapi.FailCallReturn(ErrorDefs.AppExisted).httpResponse() # app.app_id = app_id[:40] if name: app.name = name[:40] if comment: app.comment = comment[:200] if status: app.status = int(status) app.creator = creator #app.create_time = datetime.datetime.now() app.save() log = service.common.logging.createLog( cloudfish.base.AdminUserActionType.UpdateApplicate, request=req) log.result = 0 log.target = app.name log.detail = str(req.META['REMOTE_ADDR']) log.save() except: traceback.print_exc() cr = webapi.FailCallReturn( ErrorDefs.InternalException).setCallBackJsonp(callback) return cr.httpResponse()
def updateNotice(r): """ 更新系统通知消息 """ cr = webapi.SuccCallReturn() callback = None try: notice_id = webapi.GET(r, 'id') title = webapi.GET(r, 'title') content = webapi.GET(r, 'content') alert = webapi.GET(r, 'alert', 0) end_alert_time = webapi.GET(r, 'end_alert_time', None) alert = int(alert) if alert: alert = True else: alert = False if end_alert_time: end_alert_time = lemon.utils.misc.mk_datetime(end_alert_time) callback = webapi.GET(r, 'callback') cr.setCallBackJsonp(callback) if not notice_id: return webapi.FailCallReturn( errors.ErrorDefs.ParameterIllegal).httpResponse() user_id = webapi.sessionValue(r, 'user_id') admin = core.AdminUser.objects.get(id=int(user_id)) notice = core.Notice.objects.get(id=int(notice_id)) notice.issuer = admin if title != None: notice.title = title[:255] if content != None: notice.content = content[:2000] notice.modify_time = datetime.datetime.now() notice.alert = alert notice.end_alert_time = end_alert_time notice.save() cr.result = notice.id log = service.common.logging.createLog( lemon.basetype.LogActionType.L313, notice.title, request=r) log.save() except: traceback.print_exc() cr = webapi.FailCallReturn( errors.ErrorDefs.InternalException).setCallBackJsonp(callback) return cr.httpResponse()
def process_request(self, req): """ session 检查 - 超时或用户身份为鉴定,提示用户登录 webapi权限调用检查 - 业务用户与管理员api调用控制 - 不同权限用户的api调用控制 :param request: :return: """ if model.django.project.settings.DEBUG: print 'PATH:', req.path print 'GET:', req.GET print 'POST:', req.POST print 'USER_ID:', webapi.sessionValue(req, 'user_id') print 'USER_ROLE:', webapi.sessionValue(req, 'user_role') print 'USER_TYPE:', webapi.sessionValue(req, 'user_type') real_ip = req.META.get('HTTP_X_REAL_IP') if real_ip: req.META['REMOTE_ADDR'] = real_ip prefix = '/webapi/' # if req.path[-1]!='/': # req.path +='/' # return # if req.path.find('/api/fileserver/') != -1: return if req.path.find('/static/') != -1: return #此处必须判别 当前登录的用户类型 admin/user, if req.path.find(prefix) != -1: IGNAL_LIST = ('/login', '/logout', '/getSignImage', '/', '/getIdentity') match = False for path in IGNAL_LIST: if req.path.find(path) != -1: match = True break if match: return user_id = webapi.sessionValue(req, 'user_id') # user_role = webapi.sessionValue(req,'user_id') # user_type = webapi.sessionValue(req,'user_type') # user or admin_user if not user_id: return webapi.FailCallReturn( errors.ErrorDefs.SessionExpired).httpResponse() else: user_type = webapi.sessionValue(req, 'user_type') # if req.path.find('/webapi/ras/')!=-1 and user_type!=basetype.LoginUserType.USER: # print 'error: cross user privillages access! (current user is not USER)' # return webapi.FailCallReturn(errors.ErrorDefs.PermissionDenied) # if req.path.find('/webapi/admin/')!=-1 and user_type!=basetype.LoginUserType.ADMIN: # print 'error: cross user privillages access! (current user is not ADMIN)' # return webapi.FailCallReturn(errors.ErrorDefs.PermissionDenied) # todo # 启用身份状态识别,导致 文件下载 错误: user_id 不存在 ???? # 可能是 /ras时注销了用户会话?? if 1: user_id = webapi.sessionValue(req, 'user_id') if not user_id: # if req.path=='/admin/': return render_to_response('adminLogin.html') # else: # return render_to_response('adminIndex.html') return
def createApp(req): """ 添加应用 @params: @return: {status,errcode,result} """ cr = webapi.SuccCallReturn() callback = None try: app_id = webapi.GET(req, 'app_id') name = webapi.GET(req, 'name') comment = webapi.GET(req, 'comment') status = webapi.GET(req, 'status') app_id = app_id.strip() name = name.strip() status = status.strip() if not app_id or not name: return webapi.FailCallReturn( ErrorDefs.ParameterIllegal).httpResponse() callback = webapi.GET(req, 'callback') cr.setCallBackJsonp(callback) creator_id = webapi.sessionValue(req, 'user_id') creator = core.AdminUser.objects.get(id=(int(creator_id))) app = core.Application() if app_id: appforid = core.Application.objects.filter(app_id=app_id) if appforid: return webapi.FailCallReturn( ErrorDefs.AppExisted).httpResponse() app.app_id = app_id[:40] if name: app.name = name[:40] if comment: app.comment = comment[:200] if status: app.status = int(status) app.creator = creator app.create_time = datetime.datetime.now() app.access_token = lemon.utils.misc.genUUID() app.secret_key = lemon.utils.misc.random_password() app.save() result = app.id cr.assign(result) log = service.common.logging.createLog( cloudfish.base.AdminUserActionType.CreateApplicate, request=req) log.result = 0 log.target = app.name log.detail = str(req.META['REMOTE_ADDR']) log.save() except: traceback.print_exc() cr = webapi.FailCallReturn( ErrorDefs.InternalException).setCallBackJsonp(callback) return cr.httpResponse()
def ras(req): # print 'ras',req.path user_type = webapi.sessionValue(req, 'user_type', 0) if user_type and user_type != lemon.basetype.LoginUserType.USER: del req.session['user_id'] return render_to_response('index.html')