mitri4
/
skill-back
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1328 Commits
5 Branches
0 Tags
165 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 89da4fba63
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '89da4fba63'
${ noResults }
skill-back/access/middleware.py

61 lines
2.2 KiB
Raw Blame History

from django.http import HttpResponseForbidden
from django.http import QueryDict
from rest_framework.parsers import MultiPartParser
from access.models.other import UserActivity
import json
class CheckPerm(object):
@staticmethod
def process_request(request):
if len(request.path) > 6 and \
('/admin' == request.path[:6]
or '/analy' == request.path[:6]):
# or "/api/v" == request.path[:6]):
if not request.user.is_authenticated():
return HttpResponseForbidden()
if not (request.user.in_role == "M" or request.user.in_role == "S"
or request.user.in_role == "A" or request.user.is_admin):
return HttpResponseForbidden()
class RequestToApi(object):
@staticmethod
def process_request(request):
ct = request.META.get('CONTENT_TYPE')
if len(request.path) > 4 and '/api' == request.path[:4]:
if request.method == 'POST' and request and not 'multipart/form-data' in ct:
data = json.loads(request.body.decode('utf-8'))
q_data = QueryDict('', mutable=True)
for value in data:
q_data.update({value: data[value]})
request.JSON = q_data
if request.method == 'POST' or request.method == 'DELETE' or request.method == 'PUT':
# TODO или выпилить или в зависимость от settings
setattr(request, '_dont_enforce_csrf_checks', True)
class UpdateActivity(object):
@staticmethod
def process_request(request):
if not request.user.is_anonymous:
user_activity = UserActivity.objects.get(owner=request.user)
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
if x_forwarded_for:
ip = x_forwarded_for.split(',')[0]
else:
ip = request.META.get('REMOTE_ADDR')
if user_activity.ip_list is None:
user_activity.ip_list = []
if not ip is None:
new_list = list(user_activity.ip_list)
new_list.append(ip)
user_activity.ip_list = list(set(new_list))
user_activity.save()