base.py
用户权限装饰器
def user_roles(method):
@functools.wraps(method)
def wrapper(self, *args, **kwargs):
roles = self.get_current_user_roles()
flag = False
not_check_url = ["/", "/login", "/logout", "/register"]
# 登陆 URL 过滤
for url in not_check_url:
if self.url_pattern == url:
flag = True
break
# 登陆 session 过滤
if flag == False:
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()