def delete(self, className, objectId):
if not objectId:
self.write(ERR_PARA.message)
return
if BaseConfig.deleteClass.count(className) <= 0:
self.write(ERR_USER_PERMISSION.message)
return
try:
ObjectId(objectId)
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
classHelper = ClassHelper(className)
obj = classHelper.find_one({"_id": objectId})
if not obj:
self.write(ERR_OBJECTID_MIS.message)
return
mo = MeObject(className, obj, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
if not acl.deleteAccess(self.user):
self.write(ERR_USER_PERMISSION.message)
return
else:
try:
classHelper.delete(objectId)
self.write(ERR_SUCCESS.message)
except Exception, e:
log.err("ClassHandler-->delete error, %s", e)
self.write(ERR_DB_OPERATION.message)
def getJson(self, className, query):
classHelper = ClassHelper(className)
result = classHelper.find_one(query)
mo = MeObject(className, result, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
if not acl.readAccess(self.user):
return None
return mo
def getList(self, className, query):
classHelper = ClassHelper(className)
result = classHelper.find(query)
objects = []
for obj in result:
mo = MeObject(className, obj, False)
mo.overLoadGet = False
acl = MeACL(mo['acl'])
if not acl.readAccess(self.user):
continue
objects.append(mo)
if len(objects) == 0:
return None
return objects
def get(self, className, objectId=None):
log.debug('className : %s', className)
start_on = time.time()
admin = False
if self.get_current_user() in BaseConfig.adminUser:
admin = True
'''TODO: 权限校验
if not admin:
if className in BaseConfig.accessNoClass:
self.write(ERR_CLASS_PERMISSION.message)
return
if className not in BaseConfig.projectClass:
# 不存在的class
self.write(ERR_PATH_PERMISSION.message)
return
'''
verify = self.verify_cookie(className)
if not verify:
self.write(ERR_UNAUTHORIZED.message)
return
if objectId:
try:
ObjectId(objectId)
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
obj = MeObject(className)
if not obj.get(objectId):
self.write(ERR_OBJECTID_MIS.message)
else:
mo = obj.get(objectId)
self.filter_field(mo)
self.write(json.dumps(mo, cls=MeEncoder))
else:
classHelper = ClassHelper(className)
query = {}
objs = None
if self.request.arguments.has_key('aggregate'):
query = eval(self.get_argument('aggregate'))
objs = classHelper.aggregate(query)
else:
if self.request.arguments.has_key('where'):
query = eval(unquote(self.get_argument('where')))
try:
if query.has_key('_id'):
ObjectId(query['_id'])
if query.has_key('$or'):
for item in query['$or']:
if "_id" in item:
item["_id"] = ObjectId(item["_id"])
except Exception:
self.write(ERR_OBJECTID_MIS.message)
return
if self.request.arguments.has_key('keys'):
keys = eval(self.get_argument('keys'))
else:
keys = None
try:
sort = json.loads(self.get_argument('sort', '{}'))
idSort = sort.get('_id', -1)
sort = sort or None
except Exception, e:
self.write(ERR_INVALID.message)
print e
return
cache_next_page = False
try:
if self.request.arguments.has_key('startId'):
startId = self.get_argument('startId')
if idSort == -1:
query["_id"] = {"$lt": ObjectId(startId)}
elif idSort == 1:
query["_id"] = {"$gt": ObjectId(startId)}
if self.request.arguments.has_key('limit'):
limit = int(self.get_argument('limit'))
cache_next_page = True
else:
limit = 20
except Exception:
self.write(ERR_INVALID.message)
return
skip = 0
try:
if self.request.arguments.has_key('skip'):
skip = int(self.get_argument('skip'))
except Exception:
self.write(ERR_INVALID.message)
return
if limit > 100:
self.write(ERR_INVALID.message)
return
objs = classHelper.find(query, keys, sort, limit, skip, cache_next_page=cache_next_page)
objects = []
for obj in objs:
mo = MeObject(className, obj, False)
mo.overLoadGet = False
if self.get_current_user() and not admin:
acl = MeACL(mo['acl'])
if not acl.readAccess(self.user):
continue
self.filter_field(mo)
objects.append(mo)
self.write(json.dumps(objects, cls=MeEncoder))
end_on = time.time()
log.debug('get request - className:%s , use time:%f', className, end_on - start_on)