def check_certification_in_or_die(certifications, accept_certifications): # 无权限直接抛拒绝访问异常 if not certifications: raise APIException(ResultEnum.ACCESS_FORBIDDEN) # 通不过验证也抛出拒绝访问异常 if not check_allowed(certifications, accept_certifications): raise APIException(ResultEnum.ACCESS_FORBIDDEN)
def validator(data, _schema, _classname): try: validate(data, _schema) except ValueError as e: logger.warning("%s ValueError: %s" % (_classname, e.args)) raise APIException(ResultEnum.INVALID_PARAMETER, data=e.args) except (SchemaError, ValidationError) as se: logger.warning("%s SchemaError: %s" % (_classname, se.message)) raise APIException(ResultEnum.INVALID_PARAMETER, data=se.message) return data['data']
def disable_permission(permission_id): permission_data = g.json_data if permission_data.get('id') != permission_id: raise APIException(ResultEnum.PERMISSION_INVALID_ID) permission = AuthPermission.get_or_404(permission_id) try: permission.toggle_disable() return HttpHelper.normal_handler(permission) except Exception as e: logger.error(e) raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def disable_role(role_id): role_data = g.json_data if role_data.get('id') != role_id: raise APIException(ResultEnum.ROLE_INVALID_ID) role = AuthRole.get_by_status(role_id) try: role.toggle_disable() return HttpHelper.normal_handler(role) except Exception as e: logger.error(e) raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def wrapper(*args, **kwargs): if not request.data: raise APIException(ResultEnum.JSON_SCHEMA_VALIDATION_ERROR) current_json_data = jsonpickle.decode(request.data) if not validator_schema or not current_json_data: raise APIException(ResultEnum.JSON_SCHEMA_VALIDATION_ERROR) # 把验证通过的json数据,挂载到flask的全局变量g上,以便其他后续访问 g.json_data = BaseValidator.validator(current_json_data, validator_schema, None) # 超级管理员或者通过权限认证的用户,可以访问 return f(*args, **kwargs)
def edit_role(role_id): role_data = g.json_data if role_data.get('id') != role_id: raise APIException(ResultEnum.ROLE_INVALID_ID) role = AuthRole.get_by_status_or_404(role_id) if 'code' in role_data: role_by_code = AuthRole.get_by_code(role_data.get('code')) if role.id != role_by_code.id: raise APIException(ResultEnum.ROLE_CODE_EXIST) try: role.update(**role_data) return HttpHelper.normal_handler(role) except Exception as e: logger.error(e) raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def bind_role_permissions(role_id): json_data = g.json_data if role_id != json_data.get('role_id'): raise APIException(ResultEnum.ROLE_INVALID_ID) permission_ids = json_data.get('permissions') if not permission_ids: raise APIException(ResultEnum.INVALID_PARAMETER) try: role = AuthRole.get_by_status_or_404(role_id) role.refresh_permissions(permission_ids) return HttpHelper.normal_handler() except Exception as e: logger.error(e) return HttpHelper.error_handler(ResultEnum.UNKNOWN_ERROR, e.args)
def bind_user_roles(user_id): json_data = g.json_data if user_id != json_data.get('user_id'): raise APIException(ResultEnum.USER_INVALID_ID) role_ids = json_data.get('roles') if not role_ids: raise APIException(ResultEnum.INVALID_PARAMETER) try: user = User.get_by_status_or_404(user_id) user.refresh_roles(role_ids) return HttpHelper.normal_handler() except Exception as e: logger.error(e) return HttpHelper.error_handler(ResultEnum.UNKNOWN_ERROR)
def edit_permission(permission_id): permission_data = g.json_data if permission_data.get('id') != permission_id: raise APIException(ResultEnum.PERMISSION_INVALID_ID) permission = AuthPermission.get_by_status_or_404(permission_id) if 'code' in permission_data: permission_by_code = AuthPermission.get_by_code(permission_data.get('code')) if permission.id != permission_by_code.id: raise APIException(ResultEnum.PERMISSION_CODE_EXISTS) try: permission.update(**permission_data) return HttpHelper.normal_handler(permission) except Exception as e: logger.error(e) raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def get_current_jwt_user(): """ 校验当前用户是否进行Jwt登录 :return: 当前jwt登录用户信息 """ current_user = None try: current_user = get_jwt_identity() except Exception as e: logger.error(e) finally: if not current_user: raise APIException(ResultEnum.TOKEN_VALIDATE_ERROR) return current_user
def add_role(): role_data = g.json_data if 'name' not in role_data or 'code' not in role_data: raise APIException(ResultEnum.INVALID_PARAMETER) role_code = role_data.get('code') role_name = role_data.get('name') role = AuthRole.get_by_code(role_code) if role: raise APIException(ResultEnum.ROLE_CODE_EXIST) role = AuthRole(code=role_code, name=role_name) try: if 'id' in role_data: del role_data['id'] role.save(**role_data) return HttpHelper.normal_handler(role) except Exception as e: logger.error(e) raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def change_password(user_id): usr = User.get_by_status_or_404(user_id) password = g.json_data.get('password', None) if not password: raise APIException(ResultEnum.USER_OR_PASS_EMPTY_ERROR) usr.password = generate_password_hash(password) try: usr.update() return HttpHelper.normal_handler(usr) except Exception as e: logger.error(e) return HttpHelper.error_handler(ResultEnum.UNKNOWN_ERROR)
def add_permission(): permission_data = g.json_data # Permission code cannot be empty code = permission_data.get('code', None) if not code: raise APIException(ResultEnum.PERMISSION_EMPTY_CODE) # Always existing permission with same code permission = AuthPermission.get_by_code(code) if permission: raise APIException(ResultEnum.PERMISSION_CODE_EXISTS) permission = AuthPermission() try: if 'id' in permission_data: del permission_data['id'] permission.save(**permission_data) return HttpHelper.normal_handler(permission) except Exception as e: logger.error(e) raise APIException(ResultEnum.UNKNOWN_ERROR, e.args)
def __register_by_email(account, password): try: client_type = ClientTypeEnum.USER_EMAIL.code user = User(account=account, password=generate_password_hash(password), client_type=client_type) user.save() return user except Exception as e: logger.error(e) if isinstance(e, APIException): ret = e.result_enum else: ret = ResultEnum.USER_REGISTER_ERROR raise APIException(ret)
def upload(): if 'avatar' not in request.files: raise APIException(ResultEnum.FILE_UPLOAD_METHOD_ERROR) file = request.files['avatar'] org_name = file.filename # 调用Flask-uploads进行存储 # 1、目标路径不存在自动创建 # 2、重名自动加自增的数字后缀 # 3、根据配置的允许后缀或者拒绝后缀进行过滤 filename = avatar.save(file) url = avatar.url(filename) # 入库 current_user = get_jwt_identity() _avatar = SysFile(file_name=filename, org_name=org_name, operator_id=current_user.get('id'), file_url=url) _avatar.save() return HttpHelper.normal_handler(_avatar)
def file_upload(): """ 文件上传,支持单文件和多文件 1、 单文件上传,body中必须以file指定文件 2、 多文件上传,body中必须以files指定文件列表 :return: 成功、错误 json文件 """ # 如果是通过file关键字进行的文件上传,即使多个也只处理最后一个 if 'file' in request.files: file = request.files.get('file') if file: succ, data = process_single_file(file) if succ: return HttpHelper.normal_handler(data) else: return HttpHelper.error_handler(data) else: errors = {} success = {} files = request.files.getlist('files') # 不是file,也不是files参数,抛异常退出 if not files: raise APIException(ResultEnum.FILE_UPLOAD_METHOD_ERROR) for file in files: succ, data = process_single_file(file) if succ: success[file.filename] = data else: errors[file.filename] = data.msg data = {'success': success, 'errors': errors} return HttpHelper.normal_handler(data)
def save(self, **kwargs): user = User.query.filter_by(account=self.account).first() if user: raise APIException(ResultEnum.USER_ALREADY_EXIST_ERROR, data=user) return super(User, self).save(**kwargs)
def first_or_404(self, description=None): rv = self.first() if not rv: raise APIException(ResultEnum.NOT_FOUND_ERROR) return rv
def get_or_404(self, ident, description=None): rv = self.get(ident) if not rv: raise APIException(ResultEnum.NOT_FOUND_ERROR) return rv