def check_certification_in_or_die(certifications, accept_certifications):
# 无权限直接抛拒绝访问异常
if not certifications:
raise APIException(ResultEnum.ACCESS_FORBIDDEN)
# 通不过验证也抛出拒绝访问异常
if not check_allowed(certifications, accept_certifications):
raise APIException(ResultEnum.ACCESS_FORBIDDEN)
def validator(data, _schema, _classname):
try:
validate(data, _schema)
except ValueError as e:
logger.warning("%s ValueError: %s" % (_classname, e.args))
raise APIException(ResultEnum.INVALID_PARAMETER, data=e.args)
except (SchemaError, ValidationError) as se:
logger.warning("%s SchemaError: %s" % (_classname, se.message))
raise APIException(ResultEnum.INVALID_PARAMETER, data=se.message)
return data['data']
def disable_permission(permission_id):
permission_data = g.json_data
if permission_data.get('id') != permission_id:
raise APIException(ResultEnum.PERMISSION_INVALID_ID)
permission = AuthPermission.get_or_404(permission_id)
try:
permission.toggle_disable()
return HttpHelper.normal_handler(permission)
except Exception as e:
logger.error(e)
raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def disable_role(role_id):
role_data = g.json_data
if role_data.get('id') != role_id:
raise APIException(ResultEnum.ROLE_INVALID_ID)
role = AuthRole.get_by_status(role_id)
try:
role.toggle_disable()
return HttpHelper.normal_handler(role)
except Exception as e:
logger.error(e)
raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def wrapper(*args, **kwargs):
if not request.data:
raise APIException(ResultEnum.JSON_SCHEMA_VALIDATION_ERROR)
current_json_data = jsonpickle.decode(request.data)
if not validator_schema or not current_json_data:
raise APIException(ResultEnum.JSON_SCHEMA_VALIDATION_ERROR)
# 把验证通过的json数据,挂载到flask的全局变量g上,以便其他后续访问
g.json_data = BaseValidator.validator(current_json_data,
validator_schema, None)
# 超级管理员或者通过权限认证的用户,可以访问
return f(*args, **kwargs)
def edit_role(role_id):
role_data = g.json_data
if role_data.get('id') != role_id:
raise APIException(ResultEnum.ROLE_INVALID_ID)
role = AuthRole.get_by_status_or_404(role_id)
if 'code' in role_data:
role_by_code = AuthRole.get_by_code(role_data.get('code'))
if role.id != role_by_code.id:
raise APIException(ResultEnum.ROLE_CODE_EXIST)
try:
role.update(**role_data)
return HttpHelper.normal_handler(role)
except Exception as e:
logger.error(e)
raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def bind_role_permissions(role_id):
json_data = g.json_data
if role_id != json_data.get('role_id'):
raise APIException(ResultEnum.ROLE_INVALID_ID)
permission_ids = json_data.get('permissions')
if not permission_ids:
raise APIException(ResultEnum.INVALID_PARAMETER)
try:
role = AuthRole.get_by_status_or_404(role_id)
role.refresh_permissions(permission_ids)
return HttpHelper.normal_handler()
except Exception as e:
logger.error(e)
return HttpHelper.error_handler(ResultEnum.UNKNOWN_ERROR, e.args)
def bind_user_roles(user_id):
json_data = g.json_data
if user_id != json_data.get('user_id'):
raise APIException(ResultEnum.USER_INVALID_ID)
role_ids = json_data.get('roles')
if not role_ids:
raise APIException(ResultEnum.INVALID_PARAMETER)
try:
user = User.get_by_status_or_404(user_id)
user.refresh_roles(role_ids)
return HttpHelper.normal_handler()
except Exception as e:
logger.error(e)
return HttpHelper.error_handler(ResultEnum.UNKNOWN_ERROR)
def edit_permission(permission_id):
permission_data = g.json_data
if permission_data.get('id') != permission_id:
raise APIException(ResultEnum.PERMISSION_INVALID_ID)
permission = AuthPermission.get_by_status_or_404(permission_id)
if 'code' in permission_data:
permission_by_code = AuthPermission.get_by_code(permission_data.get('code'))
if permission.id != permission_by_code.id:
raise APIException(ResultEnum.PERMISSION_CODE_EXISTS)
try:
permission.update(**permission_data)
return HttpHelper.normal_handler(permission)
except Exception as e:
logger.error(e)
raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def get_current_jwt_user():
"""
校验当前用户是否进行Jwt登录
:return: 当前jwt登录用户信息
"""
current_user = None
try:
current_user = get_jwt_identity()
except Exception as e:
logger.error(e)
finally:
if not current_user:
raise APIException(ResultEnum.TOKEN_VALIDATE_ERROR)
return current_user
def add_role():
role_data = g.json_data
if 'name' not in role_data or 'code' not in role_data:
raise APIException(ResultEnum.INVALID_PARAMETER)
role_code = role_data.get('code')
role_name = role_data.get('name')
role = AuthRole.get_by_code(role_code)
if role:
raise APIException(ResultEnum.ROLE_CODE_EXIST)
role = AuthRole(code=role_code, name=role_name)
try:
if 'id' in role_data:
del role_data['id']
role.save(**role_data)
return HttpHelper.normal_handler(role)
except Exception as e:
logger.error(e)
raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def change_password(user_id):
usr = User.get_by_status_or_404(user_id)
password = g.json_data.get('password', None)
if not password:
raise APIException(ResultEnum.USER_OR_PASS_EMPTY_ERROR)
usr.password = generate_password_hash(password)
try:
usr.update()
return HttpHelper.normal_handler(usr)
except Exception as e:
logger.error(e)
return HttpHelper.error_handler(ResultEnum.UNKNOWN_ERROR)
def add_permission():
permission_data = g.json_data
# Permission code cannot be empty
code = permission_data.get('code', None)
if not code:
raise APIException(ResultEnum.PERMISSION_EMPTY_CODE)
# Always existing permission with same code
permission = AuthPermission.get_by_code(code)
if permission:
raise APIException(ResultEnum.PERMISSION_CODE_EXISTS)
permission = AuthPermission()
try:
if 'id' in permission_data:
del permission_data['id']
permission.save(**permission_data)
return HttpHelper.normal_handler(permission)
except Exception as e:
logger.error(e)
raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def __register_by_email(account, password):
try:
client_type = ClientTypeEnum.USER_EMAIL.code
user = User(account=account,
password=generate_password_hash(password),
client_type=client_type)
user.save()
return user
except Exception as e:
logger.error(e)
if isinstance(e, APIException):
ret = e.result_enum
else:
ret = ResultEnum.USER_REGISTER_ERROR
raise APIException(ret)
def upload():
if 'avatar' not in request.files:
raise APIException(ResultEnum.FILE_UPLOAD_METHOD_ERROR)
file = request.files['avatar']
org_name = file.filename
# 调用Flask-uploads进行存储
# 1、目标路径不存在自动创建
# 2、重名自动加自增的数字后缀
# 3、根据配置的允许后缀或者拒绝后缀进行过滤
filename = avatar.save(file)
url = avatar.url(filename)
# 入库
current_user = get_jwt_identity()
_avatar = SysFile(file_name=filename,
org_name=org_name,
operator_id=current_user.get('id'),
file_url=url)
_avatar.save()
return HttpHelper.normal_handler(_avatar)
def file_upload():
"""
文件上传,支持单文件和多文件
1、 单文件上传,body中必须以file指定文件
2、 多文件上传,body中必须以files指定文件列表
:return: 成功、错误 json文件
"""
# 如果是通过file关键字进行的文件上传,即使多个也只处理最后一个
if 'file' in request.files:
file = request.files.get('file')
if file:
succ, data = process_single_file(file)
if succ:
return HttpHelper.normal_handler(data)
else:
return HttpHelper.error_handler(data)
else:
errors = {}
success = {}
files = request.files.getlist('files')
# 不是file,也不是files参数,抛异常退出
if not files:
raise APIException(ResultEnum.FILE_UPLOAD_METHOD_ERROR)
for file in files:
succ, data = process_single_file(file)
if succ:
success[file.filename] = data
else:
errors[file.filename] = data.msg
data = {'success': success, 'errors': errors}
return HttpHelper.normal_handler(data)
def save(self, **kwargs):
user = User.query.filter_by(account=self.account).first()
if user:
raise APIException(ResultEnum.USER_ALREADY_EXIST_ERROR, data=user)
return super(User, self).save(**kwargs)
def first_or_404(self, description=None):
rv = self.first()
if not rv:
raise APIException(ResultEnum.NOT_FOUND_ERROR)
return rv
def get_or_404(self, ident, description=None):
rv = self.get(ident)
if not rv:
raise APIException(ResultEnum.NOT_FOUND_ERROR)
return rv