def has_permission(access_token, local_permission_list):
"""
verify if user has permisson
@param access_token: user's access_token, get form cookie
@param local_permission_list: function permission list
@return ok: Boolean, has permission or not
@return info: String , info return to user
@return is_admin: Boolean
"""
ok = False
info = "No permission"
is_admin = False
permission_list = []
user_info = db_utils.get_info_by_token(access_token)
for a in user_info['permissions'].split(','):
permission_list.append(a)
# '0' represent administrator
if '0' in permission_list:
ok = True
info = ""
is_admin = True
if set(permission_list) & set(local_permission_list) != set([]):
ok = True
info = ""
return ok, info, is_admin
def delete(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [
self.handler_permission, self.delete_permission
]
ok, info, is_admin = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task_id = self.get_argument('task_id')
task_data = db_task.get(task_id)
if not task_data:
ok = True
info = 'No such a task'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if not is_admin:
executor = db_utils.get_info_by_token(self.token)['username']
task_creator = task_data['creator']
if executor != task_creator:
ok = False
info = "Can not delete data create by other people"
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if db_task.delete(task_id):
ok = True
info = 'Delete task successful'
else:
ok = False
info = 'Delete task failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def is_expired(access_token):
"""
verify if user has action time
@param access_token: user's access_token, get form cookie
@return Boolean, expired or not
"""
info = db_utils.get_info_by_token(access_token)
expire_time = info['expire_time']
if utils.cur_timestamp() > expire_time:
return True
else:
action_time = utils.cur_timestamp()
session_data = {
'username': info['username'],
'action_time': action_time,
'expire_time': action_time + config.expire_second
}
db_session.update(session_data)
return False