Exemplo n.º 1
0
    def loginWithoutPwd(self):
        obj = json.loads(self.request.body)
        if not checkKeys(obj, ['username']):
            self.write(ERR_PARA.message)
            return

        user = MeUser(self.appName, obj)
        userHelper = ClassHelper('develop', 'User')
        userInfo = userHelper.get(self.appInfo['user'])
        # library授权
        if userInfo['type'] == 2:
            if user['bundleId']:
                log.info("Library User[%s] Auth. bundleId[%s]", user['username'], user['bundleId']);
            elif user['package']:
                log.info("Library User[%s] Auth. package[%s]", user['username'], user['package']);
            log.info('auth app[%s]', self.appInfo['appName']);
        # 普通授权失败
        elif user['bundleId'] != None:
            if (not self.appInfo.has_key('bundleId')) or self.appInfo['bundleId'] != user['bundleId']:
                log.err('[%s] bundleId[%s] not match. LoginWithoutPwd Error.', self.appInfo['appName'],
                        user['bundleId'])
                self.write(ERR_UNAUTHORIZED.message)
                return
            log.info('auth app[%s]', self.appInfo['appName']);
        elif user['package']:
            if (not self.appInfo.has_key('package')) or self.appInfo['package'] != user['package']:
                log.err('[%s] package[%s] not match. LoginWithoutPwd Error.', self.appInfo['appName'], user['package'])
                self.write(ERR_UNAUTHORIZED.message)
                return
            log.info('auth app[%s]', self.appInfo['appName']);
        else:
            log.err("loginWithoutPwd Error: Invalid. %s", self.request.body)
            self.write(ERR_UNAUTHORIZED.message)
            return

        # 检查数量限制
        # userHelper = ClassHelper(self.appDb, "User")
        # userUpper = self.appInfo['userUpper']
        # # userUpper=0表示无数量限制
        # if userUpper>0:
        # 	if userHelper.count() > userUpper:
        # 		log.err('[%s] over user count limit', self.appInfo['appName']);
        # 		self.write(ERR_USER_PERMISSION.message)

        try:
            user.loginWithoutPwd()
            log.info('LoginWithoutPwd: %s', user['username'])
            self.set_secure_cookie("u", user['username'])
            user['authen'] = userInfo['authen'];
            self.write(json.dumps(user, cls=MeEncoder))

            # 登录日志
            loginLog = MeObject(self.appName, 'LoginLog')
            loginLog['username'] = user['username']
            if hasattr(self, 'client_ip'):
                loginLog['ip'] = self.client_ip;
            loginLog.save()
        except Exception, e:
            log.err("LoginWithoutPwd Error: %s Error:%s", self.request.body, str(e))
            self.write(str(e))
 def delete(self, className, objectId):
     if not objectId:
         self.write(ERR_PARA.message)
         return
     if BaseConfig.deleteClass.count(className) <= 0:
         self.write(ERR_USER_PERMISSION.message)
         return
     try:
         ObjectId(objectId)
     except Exception:
         self.write(ERR_OBJECTID_MIS.message)
         return
     classHelper = ClassHelper(className)
     obj = classHelper.find_one({"_id": objectId})
     if not obj:
         self.write(ERR_OBJECTID_MIS.message)
         return
     mo = MeObject(className, obj, False)
     mo.overLoadGet = False
     acl = MeACL(mo['acl'])
     if not acl.deleteAccess(self.user):
         self.write(ERR_USER_PERMISSION.message)
         return
     else:
         classHelper.delete(objectId)
         self.write(ERR_SUCCESS.message)
Exemplo n.º 3
0
 def getJson(self, className, query):
     classHelper = ClassHelper(className)
     result = classHelper.find_one(query)
     mo = MeObject(className, result, False)
     mo.overLoadGet = False
     acl = MeACL(mo['acl'])
     if not acl.readAccess(self.user):
         return None
     return mo
Exemplo n.º 4
0
 def getList(self, className, query):
     classHelper = ClassHelper(className)
     result = classHelper.find(query)
     objects = []
     for obj in result:
         mo = MeObject(className, obj, False)
         mo.overLoadGet = False
         acl = MeACL(mo['acl'])
         if not acl.readAccess(self.user):
             continue
         objects.append(mo)
     if len(objects) == 0:
         return None
     return objects
    def get(self, className, objectId=None):
        # if className == "User":
        #     self.write(ERR_CLASS_PERMISSION.message)
        #     return
        if objectId:
            try:
                ObjectId(objectId)
            except Exception:
                self.write(ERR_OBJECTID_MIS.message)
                return
            obj = MeObject(className)
            if not obj.get(objectId):
                self.write(ERR_OBJECTID_MIS.message)
            else:
                mo = obj.get(objectId)
                # self.filter_field(mo)
                self.write(json.dumps(mo, cls=MeEncoder))
        else:
            classHelper = ClassHelper(className)
            query = {}
            objs = None
            if self.request.arguments.has_key('aggregate'):
                query = eval(self.get_argument('aggregate'))
                objs = classHelper.aggregate(query)
            else:
                if self.request.arguments.has_key('where'):
                    query = eval(self.get_argument('where'))
                    try:
                        if query.has_key('_id'):
                            ObjectId(query['_id'])
                        if query.has_key('$or'):
                            for item in query['$or']:
                                if "_id" in item:
                                    item["_id"] = ObjectId(item["_id"])
                    except Exception:
                        self.write(ERR_OBJECTID_MIS.message)
                        return
                if self.request.arguments.has_key('keys'):
                    keys = eval(self.get_argument('keys'))
                else:
                    keys = None

                try:
                    sort = json.loads(self.get_argument('sort', '{}'))
                    idSort = sort.get('_id', -1)
                    sort = sort or None

                except Exception, e:
                    self.write(ERR_INVALID.message)
                    print e
                    return

                skip = 0
                limit = 20
                try:
                    if self.request.arguments.has_key('skip'):
                        skip = int(self.get_argument('skip'))
                    if self.request.arguments.has_key('limit'):
                        limit = int(self.get_argument('limit'))
                except Exception:
                    self.write(ERR_INVALID.message)
                    return
                if limit > 100:
                    self.write(ERR_INVALID.message)
                    return
                objs = classHelper.find(query, keys, sort, limit, skip)

            objects = []
            for obj in objs:
                mo = MeObject(className, obj, False)
                mo.overLoadGet = False
                acl = MeACL(mo['acl'])
                # if not acl.readAccess(self.user):
                #     continue
                # self.filter_field(mo)
                objects.append(mo)
            self.write(json.dumps(objects, cls=MeEncoder))
 except Exception, e:
     log.err("JSON Error:%s , error:%s", self.request.body, str(e))
     self.write(ERR_INVALID.message)
     return
 print 'className:' + className
 if type(obj) == list:
     objectIdError = False
     for index in range(len(obj) - 1):
         try:
             for key, value in obj[index].items():
                 if value.has_key('_sid'):
                     ObjectId(value['_sid'])
                 value = self.sentiveCheck(key, value)
                 value = self.blacklistCheck(className, value)
                 if value:
                     meobj = MeObject(key, value)
                     meobj.save()
                 else:
                     self.write(ERR_BLACK_PERMISSION.message)
         except bson.errors.InvalidId:
             objectIdError = True
             break
         except Exception, e:
             log.err("Error:%s , error:%s", self.request.body, str(e))
     if objectIdError:
         self.write(ERR_OBJECTID_MIS.message)
         return
     mainObj = obj[len(obj) - 1]
     try:
         if mainObj.has_key('_sid'):
             ObjectId(mainObj['_sid'])
Exemplo n.º 7
0
    def get(self, className, objectId=None):
        admin = False
        if self.get_current_user() in BaseConfig.adminUser:
            admin = True
        if not admin:
            if className in BaseConfig.accessNoClass:
                self.write(ERR_CLASS_PERMISSION.message)
                return
            if className not in BaseConfig.projectClass:
                #不存在的class
                self.write(ERR_PATH_PERMISSION.message)
                return
        verify = self.verify_cookie(className)
        if not verify:
            self.write(ERR_UNAUTHORIZED.message)
            return
        if objectId:
            try:
                ObjectId(objectId)
            except Exception:
                self.write(ERR_OBJECTID_MIS.message)
                return
            obj = MeObject(className)
            if not obj.get(objectId):
                self.write(ERR_OBJECTID_MIS.message)
            else:
                mo = obj.get(objectId)
                self.filter_field(mo)
                self.write(json.dumps(mo, cls=MeEncoder))
        else:
            classHelper = ClassHelper(className)
            query = {}
            objs = None
            if self.request.arguments.has_key('aggregate'):
                query = eval(self.get_argument('aggregate'))
                objs = classHelper.aggregate(query)
            else:
                if self.request.arguments.has_key('where'):
                    query = eval(self.get_argument('where'))
                    try:
                        if query.has_key('_id'):
                            ObjectId(query['_id'])
                        if query.has_key('$or'):
                            for item in query['$or']:
                                if "_id" in item:
                                    item["_id"] = ObjectId(item["_id"])
                    except Exception:
                        self.write(ERR_OBJECTID_MIS.message)
                        return
                if self.request.arguments.has_key('keys'):
                    keys = eval(self.get_argument('keys'))
                else:
                    keys = None

                try:
                    sort = json.loads(self.get_argument('sort', '{}'))
                    idSort = sort.get('_id', -1)
                    sort = sort or None

                except Exception, e:
                    self.write(ERR_INVALID.message)
                    print e
                    return

                try:
                    if self.request.arguments.has_key('startId'):
                        startId = self.get_argument('startId')
                        if idSort == -1:
                            query["_id"] = {"$lt": ObjectId(startId)}
                        elif idSort == 1:
                            query["_id"] = {"$gt": ObjectId(startId)}
                    if self.request.arguments.has_key('limit'):
                        limit = int(self.get_argument('limit'))
                    else:
                        limit = 20
                except Exception:
                    self.write(ERR_INVALID.message)
                    return

                skip = 0
                try:
                    if self.request.arguments.has_key('skip'):
                        skip = int(self.get_argument('skip'))
                except Exception:
                    self.write(ERR_INVALID.message)
                    return

                if limit > 100:
                    self.write(ERR_INVALID.message)
                    return

                objs = classHelper.find(query, keys, sort, limit, skip)

            objects = []
            for obj in objs:
                mo = MeObject(className, obj, False)
                mo.overLoadGet = False
                if self.get_current_user() and not admin:
                    acl = MeACL(mo['acl'])
                    if not acl.readAccess(self.user):
                        continue
                self.filter_field(mo)
                objects.append(mo)
            self.write(json.dumps(objects, cls=MeEncoder))
Exemplo n.º 8
0
 def __init__(self, obj=None):
     MeObject.__init__(self, 'File', obj)