判断是否登录:
def authenticated(method): '''''' @functools.wraps(method) def wrapper(self, *args, **kwargs): '''''' if not self.current_user: raise HTTPError(403) return method(self, *args, **kwargs) return wrapper
判断是否有操作权限
def with_permission(permission): '''''' def _decorator(method): '''''' @functools.wraps(method) def wrapper(self, *args, **kwargs): '''''' user = self.current_user # 这里判断用户是否存在(登录) if not user: self.set_status(404) return if permission in user.permission_list: # 判断用户是否有足够的权限 method(self, *args, **kwargs) else: data = {"error": "need permission:%s" % permission} self.write_json(data, status=403) return wrapper return _decorator
此处可将两个装饰起结合用。也可用判断权限的装饰起,因为后者已经判断是否登录了
用法:
@ decorator.authenticated @ with_permission(permission.dashboard_manage) def delete(self, dashboard_id): '''''' dashboard = bil.get_dashboard(dashboard_id) if not dashboard: self.write_json('bad arguments', status=403) return dashboard.delete() self.write_json(dashboard.to_dict())