[Update] Middleware 写法升级到新版本, Task login require

c7d1ba19 · ibuler · 07a70311 · c7d1ba19 · c7d1ba19 · c7d1ba19
Commit c7d1ba19 authored Jan 08, 2018 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 18 deletions

middleware.py apps/jumpserver/middleware.py +30 -10

hands.py apps/ops/hands.py +2 -1

views.py apps/ops/views.py +8 -7

No files found.
--- a/apps/jumpserver/middleware.py
+++ b/apps/jumpserver/middleware.py
@@ -4,24 +4,44 @@ import os
 import re
 import pytz
 from django.utils import timezone
-from django.utils.deprecation import MiddlewareMixin
 from django.shortcuts import HttpResponse


-DEMO_MODE = os.environ.get("DEMO_MODE", "")
-SAFE_URL = r'^/users/login|^/api/terminal/v1/.*|/api/terminal/.*|/api/users/v1/auth/|/api/users/v1/profile/'
+class TimezoneMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response

-
-class TimezoneMiddleware(MiddlewareMixin):
-    def process_request(self, request):
+    def __call__(self, request):
        tzname = request.META.get('TZ')
        if tzname:
            timezone.activate(pytz.timezone(tzname))
        else:
            timezone.deactivate()
+        response = self.get_response(request)
+        return response
+
+
+class DemoMiddleware:
+    DEMO_MODE_ENABLED = os.environ.get("DEMO_MODE", "") in ("1", "ok", "True")
+    SAFE_URL_PATTERN = re.compile(
+        r'^/users/login|'
+        r'^/api/terminal/v1/.*|'
+        r'^/api/terminal/.*|'
+        r'^/api/users/v1/auth/|'
+        r'^/api/users/v1/profile/'
+    )
+    SAFE_METHOD = ("GET", "HEAD")

+    def __init__(self, get_response):
+        self.get_response = get_response

-class DemoMiddleware(MiddlewareMixin):
-    def process_request(self, request):
-        if DEMO_MODE and request.method not in ["GET", "HEAD"] and not re.match(SAFE_URL, request.path):
-                return HttpResponse("Demo mode, only get request accept", status=403)
+        if self.DEMO_MODE_ENABLED:
+            print("Demo mode enabled, reject unsafe method and url")
+
+    def __call__(self, request):
+        if self.DEMO_MODE_ENABLED and request.method not in self.SAFE_METHOD \
+                and not self.SAFE_URL_PATTERN.match(request.path):
+            return HttpResponse("Demo mode, only safe request accepted", status=403)
+        else:
+            response = self.get_response(request)
+            return response
--- a/apps/ops/hands.py
+++ b/apps/ops/hands.py
 # ~*~ coding: utf-8 ~*~

 from users.permissions import IsSuperUser
-
+from users.utils import AdminUserRequiredMixin
\ No newline at end of file
--- a/apps/ops/views.py
+++ b/apps/ops/views.py
@@ -6,9 +6,10 @@ from django.views.generic import ListView, DetailView

 from common.mixins import DatetimeSearchMixin
 from .models import Task, AdHoc, AdHocRunHistory
+from .hands import AdminUserRequiredMixin


-class TaskListView(DatetimeSearchMixin, ListView):
+class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
    model = Task
    ordering = ('-date_created',)
@@ -42,7 +43,7 @@ class TaskListView(DatetimeSearchMixin, ListView):
        return super().get_context_data(**kwargs)


-class TaskDetailView(DetailView):
+class TaskDetailView(AdminUserRequiredMixin, DetailView):
    model = Task
    template_name = 'ops/task_detail.html'

@@ -55,7 +56,7 @@ class TaskDetailView(DetailView):
        return super().get_context_data(**kwargs)


-class TaskAdhocView(DetailView):
+class TaskAdhocView(AdminUserRequiredMixin, DetailView):
    model = Task
    template_name = 'ops/task_adhoc.html'

@@ -68,7 +69,7 @@ class TaskAdhocView(DetailView):
        return super().get_context_data(**kwargs)


-class TaskHistoryView(DetailView):
+class TaskHistoryView(AdminUserRequiredMixin, DetailView):
    model = Task
    template_name = 'ops/task_history.html'

@@ -81,7 +82,7 @@ class TaskHistoryView(DetailView):
        return super().get_context_data(**kwargs)


-class AdHocDetailView(DetailView):
+class AdHocDetailView(AdminUserRequiredMixin, DetailView):
    model = AdHoc
    template_name = 'ops/adhoc_detail.html'

@@ -94,7 +95,7 @@ class AdHocDetailView(DetailView):
        return super().get_context_data(**kwargs)


-class AdHocHistoryView(DetailView):
+class AdHocHistoryView(AdminUserRequiredMixin, DetailView):
    model = AdHoc
    template_name = 'ops/adhoc_history.html'

@@ -107,7 +108,7 @@ class AdHocHistoryView(DetailView):
        return super().get_context_data(**kwargs)


-class AdHocHistoryDetailView(DetailView):
+class AdHocHistoryDetailView(AdminUserRequiredMixin, DetailView):
    model = AdHocRunHistory
    template_name = 'ops/adhoc_history_detail.html'