def prepare(self):
if not self.current_user:
self.write_error(401, "请先登录再使用")
raise Finish()
# 获取中转站和员工身份(优先从cookie中获取)
station_id = self.get_secure_cookie("ph_station_id")
filters = list()
if station_id:
filters.append(models.TransferStation.id == station_id)
staff_station = self.session.query(models.Staff, models.TransferStation)\
.join(models.TransferStation, models.TransferStation.id == models.Staff.station_id)\
.filter(*filters,
models.TransferStation.status == 0,
models.Staff.status == 0,
models.Staff.account_id == self.current_user.id,
or_(models.Staff.super_admin_status == 1,
models.Staff.admin_status == 1))\
.first()
# 如果没有中转站或员工身份
if not staff_station:
if self.should_check_identity():
self.clear_current_user()
self.clear_current_station_cookie()
self.write_error(401, "没有有效的管理员身份")
raise Finish()
self.current_staff = staff_station[0] if staff_station else None
self.current_station = staff_station[1] if staff_station else None
def prepare(self):
if not self.current_user:
self.write_error(401, "请先登录再使用")
raise Finish()
# 获取中转站和采购员身份(优先从cookie中获取)
station_id = self.get_secure_cookie("ph_station_id")
filters = list()
if station_id:
filters.append(models.TransferStation.id == station_id)
staff_station = self.session.query(models.Staff, models.TransferStation) \
.join(models.TransferStation, models.TransferStation.id == models.Staff.station_id) \
.filter(*filters,
models.TransferStation.status == 0,
models.Staff.status == 0,
models.Staff.account_id == self.current_user.id,
models.Staff.purchaser_status == 1) \
.first()
if not staff_station:
self.clear_current_user()
self.clear_current_station_cookie()
self.write_error(401, "没有有效的采购员权限")
raise Finish()
self.current_staff = staff_station[0] if staff_station else None
self.current_station = staff_station[1] if staff_station else None
def session_id(self) -> ObjectId:
raw_session_id = self.handler.get_argument("session_id", None)
if raw_session_id is None:
self.handler.set_status(428, "missing param(s) session_id")
raise Finish()
try:
return ObjectId(raw_session_id)
except InvalidId:
self.handler.set_status(
412, "invalid param=session_id,session_id=%s" % raw_session_id)
raise Finish()
def product_id(self) -> ObjectId:
raw_product_id = self.handler.get_argument("product_id", None)
if not raw_product_id:
self.handler.set_status(428, "missing param(s) product_id")
raise Finish()
try:
return ObjectId(raw_product_id)
except InvalidId:
self.handler.set_status(
412, "invalid param=product_id,product_id=%s" % raw_product_id)
raise Finish()
def body(self) -> dict:
try:
return loads(self.handler.request.body.decode("utf-8"))
except:
self.handler.set_status(
412, "invalid body,body=%s" % self.handler.request.body)
raise Finish()
def type(self):
_type = self.handler.get_argument("type", None)
if _type is None:
self.handler.set_status(428, "missing param=type")
raise Finish()
else:
return _type
def locale(self):
locale = self.handler.get_argument("locale", None)
if locale is None:
self.handler.set_status(428, "missing param=locale")
raise Finish()
else:
return locale
def context_id(self, context_id) -> ObjectId:
try:
return ObjectId(context_id)
except:
self.handler.set_status(
412, "invalid param=context_id,context_id=%s" % context_id)
raise Finish()
def meta_data(self) -> str:
try:
return self.body()["meta_data"] if "meta_data" in self.body(
) else None
except:
self.handler.set_status(412, "body [mete_data] direction")
raise Finish()
def write_error(self, msg='error.', status_code=404):
data = dict(
code=status_code,
msg=msg
)
self.write_json(data, status_code)
raise Finish()
def user_id(self, user_id) -> ObjectId:
try:
return ObjectId(user_id)
except:
self.handler.set_status(
412, "invalid param=user_id,user_id=%s" % user_id)
raise Finish()
def validate(data, rules, handler=None):
"""
数据校验主控函数
:param data: 待校验的数据,一般是指从页面POST的dict类型的数据
:param rules: 校验规则列表,每个rule是一个(func, para1, para2, ...)元组,其中,func是校验工具函数。关于para1、para2等参数:
1. 如果是字符串格式,则表示data的属性,将data[para1]数据作为参数传递给func函数
2. 如果不是字符串格式,则直接作为参数传递给func函数
:param handler: Web请求响应对象,指定则发送错误消息并抛出异常结束
:return: 如果校验有误,则返回校验错误,格式为{key: (error_code, message)},其中,key为data的属性。无误,则无返回值。
"""
errs = {}
for rule in rules:
func = rule[0]
kw = {
para: data.get(para)
for para in rule[1:] if isinstance(para, str)
}
args = [para for para in rule[1:] if not isinstance(para, str)]
ret = func(*args, **kw)
if ret:
errs.update(ret)
if errs and handler:
handler.send_error_response(errs)
raise Finish()
return errs or None
def json_success(self, msg=None, **kwargs):
"Return success as a JSON object"
assert "success" not in kwargs and "message" not in kwargs
resp = {"success": True, **kwargs}
if msg is not None:
resp["message"] = msg
raise Finish(json.dumps(resp))
async def _method(*args, **kwargs):
try:
return await coro(*args, **kwargs)
except QueryPipelineInterrupt as itr:
raise Finish(itr.details)
except QueryPipelineException as exc:
raise HTTPError(exc.code, None, exc.details, reason=exc.summary)
def pre_transform_hook(self, options, res):
# raw == 1 is reserved for adding underscore fields
if options.control.raw == 2:
raise Finish(res)
return res
def json_success(self, msg=None, **kwargs):
'Return success as a JSON object'
assert 'success' not in kwargs and 'message' not in kwargs
resp = {'success': True, **kwargs}
if msg is not None:
resp['message'] = msg
raise Finish(json.dumps(resp))
def finish_with_json(self, data):
"""Turn data to JSON format before finish."""
self.set_header('Content-Type', 'application/json')
if O_O.debug:
if self.request.method == 'POST':
info_list = [
f'\033[0;33mOutput: {self.request.method} {self.request.path}'
]
if self.request.query:
query_list = [
f'\033[0;33m{i[0]:15s} {i[1]}'
for i in parse.parse_qsl(self.request.query)
]
info_list.append('\n' + '\n'.join(query_list))
if self.request.body:
try:
info_list.append('\n\033[0;33m' +
self.request.body.decode())
except UnicodeDecodeError:
pass
if data:
info_list.append('\n\033[0;33m' + json.dumps(data))
dump_out(*info_list)
raise Finish(json.dumps(data).encode())
def product_id(self, product_id) -> ObjectId:
try:
return ObjectId(product_id)
except:
self.handler.set_status(
412, "invalid param=product_id,product_id=%s" % product_id)
raise Finish()
def get_json_data(self):
try:
data = json.loads(self.request.body.decode())
return data
except json.decoder.JSONDecodeError as e:
logger.error("JSON parse error: %s" % e)
self.set_status(400)
raise Finish()
def finish_with_json(self, data):
"""Turn data to JSON format before finish."""
self.set_header('Content-Type', 'application/json')
if O_O.debug:
dump_out(f'Output: {self.request.method} {self.request.path}',
str(data['data']))
raise Finish(json.dumps(data).encode())
def rev(self):
raw_rev = self.handler.get_argument("_rev", None)
try:
return ObjectId(raw_rev) if raw_rev is not None else None
except InvalidId:
self.handler.set_status(428,
"invalid param=_rev,_rev=%s" % raw_rev)
raise Finish()
def context_id(self):
raw_context_id = self.handler.get_argument("context_id", None)
if not raw_context_id:
self.handler.set_status(428)
self.handler.finish(
json_encode({
"status": "error",
"message": "missing param(s) context_id"
}))
raise Finish()
try:
return ObjectId(raw_context_id)
except InvalidId:
self.handler.set_status(
412, "invalid param=context_id,context_id=%s" % raw_context_id)
raise Finish()
def user_id(self) -> ObjectId:
raw_user_id = self.handler.get_argument("user_id", None)
try:
return ObjectId(raw_user_id) if raw_user_id is not None else None
except InvalidId:
self.handler.set_status(
428, "invalid param=user_id,user_id=%s" % raw_user_id)
raise Finish()
def _check_post_data(self):
if self.request.method == 'POST':
if hasattr(self, 'required_fields') and len(self.required_fields):
data = self.get_data()
missing_fields = ", ".join(self.required_fields - data.keys())
if missing_fields:
self.write_error(400, f'Error: missing field(s): {missing_fields}')
raise Finish()
def _check_jwt(self):
if self.request.method != 'OPTIONS': # maybe not?
try:
if not self.verify_jwt():
raise Finish()
except ExpiredSignatureError:
self.write_error(401, 'Authorization token is expired')
raise Finish()
except DecodeError:
self.write_error(401, 'Invalid authorization token')
raise Finish()
except Exception as e:
self.write_error(401, 'Failed to read authorization token')
logging.warning('Failed to read authorization token\n', e)
raise Finish()
else:
logging.info(f'OPTIONS headers: {self.request.headers}')
def update_status(self, demand_order, status):
"""更新订货单状态"""
wish_order = models.WishOrder.get_by_id(self.session,
demand_order.wish_order_id)
if not wish_order:
self.send_fail("没有找到对应的意向单")
raise Finish()
if wish_order.status >= 3:
self.send_fail("意向单已截止订货")
raise Finish()
# 不能回到初始状态
if status == 0 and demand_order.status > 0:
self.send_fail("状态无效")
raise Finish()
demand_order.status = status
def pre_transform_hook(self, options, res):
"""
Override this in subclasses.
By default, return query response, if requested.
Might want to persist this behavior by calling super().
"""
if options.control.raw:
raise Finish(res)
return res
def pre_query_hook(self, options, query):
"""
Override this in subclasses.
By default, return raw query, if requested.
Might want to persist this behavior by calling super().
"""
if options.control.rawquery:
raise Finish(query.to_dict())
return query
def post(self, path):
if not self.has_admin_role():
self.write_error(403)
raise Finish()
prop = 'user.threshold'
data = self.get_data()
try:
increment = int(data.get('increment', 0))
except ValueError:
self.write_error(400, f"Error: invalid number")
raise Finish()
set_property(prop, str(int(get_property(prop)) + increment))
invite_next_users()
self.success(status=201)
self.finish()
def created(self) -> datetime:
raw_created = self.body()["created"] if "created" in self.body(
) else None
try:
return dateutil.parser.parse(raw_created)
except:
self.handler.set_status(412,
"invalid created,created=%s" % raw_created)
raise Finish()
