def process_request(self, request):
path = request_api.get_path(request)
if AuthMiddleware.__not_check_login(path):
return
# 如果用户没登录,就先重定向到登录页
if request_api.is_login(request) is False:
# 如果是GET请求,则重定向
if request.method == 'GET':
return redirect('/login/')
else:
return HttpResponse(json.dumps(dict(Result.error('请先登录!'))))
# 检查用户是否拥有执行当前action的权限
action = request_api.get_action(request)
if AuthMiddleware.__not_check_auth(path, action):
return
# 如过action为空,表示不需要检查权限
if action is None:
return
if is_action_allowed(request, action) is False:
return HttpResponse(json.dumps(dict(Result.error('权限不足,请联系管理员添加权限!'))))
def login(self, request):
param = request_api.get_param(request)
account = param.get('account', '')
password = param.get('password', '')
user = validate_and_get_user(account, password)
# 如果校验通过
if user is not None:
request_api.set_user(request, user)
return Result.success('登录成功!')
else:
return Result.error('账号不存在或密码错误!')
def process_exception(self, request, exception):
traceback.print_exc()
logger.error(str(exception))
result = Result.error(msg=str(exception))
return HttpResponse(json.dumps(dict(result)))
