def loginWithoutPwd(self):
obj = json.loads(self.request.body)
if not checkKeys(obj, ['username']):
self.write(ERR_PARA.message)
return
user = MeUser(self.appName, obj)
userHelper = ClassHelper('develop', 'User')
userInfo = userHelper.get(self.appInfo['user'])
# library授权
if userInfo['type'] == 2:
if user['bundleId']:
log.info("Library User[%s] Auth. bundleId[%s]", user['username'], user['bundleId']);
elif user['package']:
log.info("Library User[%s] Auth. package[%s]", user['username'], user['package']);
log.info('auth app[%s]', self.appInfo['appName']);
# 普通授权失败
elif user['bundleId'] != None:
if (not self.appInfo.has_key('bundleId')) or self.appInfo['bundleId'] != user['bundleId']:
log.err('[%s] bundleId[%s] not match. LoginWithoutPwd Error.', self.appInfo['appName'],
user['bundleId'])
self.write(ERR_UNAUTHORIZED.message)
return
log.info('auth app[%s]', self.appInfo['appName']);
elif user['package']:
if (not self.appInfo.has_key('package')) or self.appInfo['package'] != user['package']:
log.err('[%s] package[%s] not match. LoginWithoutPwd Error.', self.appInfo['appName'], user['package'])
self.write(ERR_UNAUTHORIZED.message)
return
log.info('auth app[%s]', self.appInfo['appName']);
else:
log.err("loginWithoutPwd Error: Invalid. %s", self.request.body)
self.write(ERR_UNAUTHORIZED.message)
return
# 检查数量限制
# userHelper = ClassHelper(self.appDb, "User")
# userUpper = self.appInfo['userUpper']
# # userUpper=0表示无数量限制
# if userUpper>0:
# if userHelper.count() > userUpper:
# log.err('[%s] over user count limit', self.appInfo['appName']);
# self.write(ERR_USER_PERMISSION.message)
try:
user.loginWithoutPwd()
log.info('LoginWithoutPwd: %s', user['username'])
self.set_secure_cookie("u", user['username'])
user['authen'] = userInfo['authen'];
self.write(json.dumps(user, cls=MeEncoder))
# 登录日志
loginLog = MeObject(self.appName, 'LoginLog')
loginLog['username'] = user['username']
if hasattr(self, 'client_ip'):
loginLog['ip'] = self.client_ip;
loginLog.save()
except Exception, e:
log.err("LoginWithoutPwd Error: %s Error:%s", self.request.body, str(e))
self.write(str(e))
def delete(self, className, objectId):
if not objectId:
self.write(ERR_PARA.message)
return
if BaseConfig.deleteClass.count(className) <= 0:
self.write(ERR_USER_PERMISSION.message)
return
try:
ObjectId(objectId)
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
classHelper = ClassHelper(className)
obj = classHelper.find_one({"_id": objectId})
if not obj:
self.write(ERR_OBJECTID_MIS.message)
return
mo = MeObject(className, obj, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
if not acl.deleteAccess(self.user):
self.write(ERR_USER_PERMISSION.message)
return
else:
classHelper.delete(objectId)
self.write(ERR_SUCCESS.message)
def getJson(self, className, query):
classHelper = ClassHelper(className)
result = classHelper.find_one(query)
mo = MeObject(className, result, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
if not acl.readAccess(self.user):
return None
return mo
def getList(self, className, query):
classHelper = ClassHelper(className)
result = classHelper.find(query)
objects = []
for obj in result:
mo = MeObject(className, obj, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
if not acl.readAccess(self.user):
continue
objects.append(mo)
if len(objects) == 0:
return None
return objects
def get(self, className, objectId=None):
# if className == "User":
# self.write(ERR_CLASS_PERMISSION.message)
# return
if objectId:
try:
ObjectId(objectId)
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
obj = MeObject(className)
if not obj.get(objectId):
self.write(ERR_OBJECTID_MIS.message)
else:
mo = obj.get(objectId)
# self.filter_field(mo)
self.write(json.dumps(mo, cls=MeEncoder))
else:
classHelper = ClassHelper(className)
query = {}
objs = None
if self.request.arguments.has_key('aggregate'):
query = eval(self.get_argument('aggregate'))
objs = classHelper.aggregate(query)
else:
if self.request.arguments.has_key('where'):
query = eval(self.get_argument('where'))
try:
if query.has_key('_id'):
ObjectId(query['_id'])
if query.has_key('$or'):
for item in query['$or']:
if "_id" in item:
item["_id"] = ObjectId(item["_id"])
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
if self.request.arguments.has_key('keys'):
keys = eval(self.get_argument('keys'))
else:
keys = None
try:
sort = json.loads(self.get_argument('sort', '{}'))
idSort = sort.get('_id', -1)
sort = sort or None
except Exception, e:
self.write(ERR_INVALID.message)
print e
return
skip = 0
limit = 20
try:
if self.request.arguments.has_key('skip'):
skip = int(self.get_argument('skip'))
if self.request.arguments.has_key('limit'):
limit = int(self.get_argument('limit'))
except Exception:
self.write(ERR_INVALID.message)
return
if limit > 100:
self.write(ERR_INVALID.message)
return
objs = classHelper.find(query, keys, sort, limit, skip)
objects = []
for obj in objs:
mo = MeObject(className, obj, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
# if not acl.readAccess(self.user):
# continue
# self.filter_field(mo)
objects.append(mo)
self.write(json.dumps(objects, cls=MeEncoder))
except Exception, e:
log.err("JSON Error:%s , error:%s", self.request.body, str(e))
self.write(ERR_INVALID.message)
return
print 'className:' + className
if type(obj) == list:
objectIdError = False
for index in range(len(obj) - 1):
try:
for key, value in obj[index].items():
if value.has_key('_sid'):
ObjectId(value['_sid'])
value = self.sentiveCheck(key, value)
value = self.blacklistCheck(className, value)
if value:
meobj = MeObject(key, value)
meobj.save()
else:
self.write(ERR_BLACK_PERMISSION.message)
except bson.errors.InvalidId:
objectIdError = True
break
except Exception, e:
log.err("Error:%s , error:%s", self.request.body, str(e))
if objectIdError:
self.write(ERR_OBJECTID_MIS.message)
return
mainObj = obj[len(obj) - 1]
try:
if mainObj.has_key('_sid'):
ObjectId(mainObj['_sid'])
def get(self, className, objectId=None):
admin = False
if self.get_current_user() in BaseConfig.adminUser:
admin = True
if not admin:
if className in BaseConfig.accessNoClass:
self.write(ERR_CLASS_PERMISSION.message)
return
if className not in BaseConfig.projectClass:
#不存在的class
self.write(ERR_PATH_PERMISSION.message)
return
verify = self.verify_cookie(className)
if not verify:
self.write(ERR_UNAUTHORIZED.message)
return
if objectId:
try:
ObjectId(objectId)
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
obj = MeObject(className)
if not obj.get(objectId):
self.write(ERR_OBJECTID_MIS.message)
else:
mo = obj.get(objectId)
self.filter_field(mo)
self.write(json.dumps(mo, cls=MeEncoder))
else:
classHelper = ClassHelper(className)
query = {}
objs = None
if self.request.arguments.has_key('aggregate'):
query = eval(self.get_argument('aggregate'))
objs = classHelper.aggregate(query)
else:
if self.request.arguments.has_key('where'):
query = eval(self.get_argument('where'))
try:
if query.has_key('_id'):
ObjectId(query['_id'])
if query.has_key('$or'):
for item in query['$or']:
if "_id" in item:
item["_id"] = ObjectId(item["_id"])
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
if self.request.arguments.has_key('keys'):
keys = eval(self.get_argument('keys'))
else:
keys = None
try:
sort = json.loads(self.get_argument('sort', '{}'))
idSort = sort.get('_id', -1)
sort = sort or None
except Exception, e:
self.write(ERR_INVALID.message)
print e
return
try:
if self.request.arguments.has_key('startId'):
startId = self.get_argument('startId')
if idSort == -1:
query["_id"] = {"$lt": ObjectId(startId)}
elif idSort == 1:
query["_id"] = {"$gt": ObjectId(startId)}
if self.request.arguments.has_key('limit'):
limit = int(self.get_argument('limit'))
else:
limit = 20
except Exception:
self.write(ERR_INVALID.message)
return
skip = 0
try:
if self.request.arguments.has_key('skip'):
skip = int(self.get_argument('skip'))
except Exception:
self.write(ERR_INVALID.message)
return
if limit > 100:
self.write(ERR_INVALID.message)
return
objs = classHelper.find(query, keys, sort, limit, skip)
objects = []
for obj in objs:
mo = MeObject(className, obj, False)
mo.overLoadGet = False
if self.get_current_user() and not admin:
acl = MeACL(mo['acl'])
if not acl.readAccess(self.user):
continue
self.filter_field(mo)
objects.append(mo)
self.write(json.dumps(objects, cls=MeEncoder))
def __init__(self, obj=None):
MeObject.__init__(self, 'File', obj)