forked from oyd/Adunatio
parent
bf5942905f
commit
bfaab9fc77
@ -0,0 +1,60 @@ |
||||
def parse_permission(string): |
||||
""" |
||||
Parsing permission string |
||||
permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all companies *}/item_id{for all items *} |
||||
example string: |
||||
read::collectors::union1id/* ->read union1 all collectors |
||||
read::collectors::union1id/collector1 ->read union1 collector1 |
||||
*::users::union2/* -> read, write, update, delete all users for union2 |
||||
*::users::union2/user1 -> read, write, update, delete for users1 in union2 |
||||
*::*::union2/* -> all permissions for union2 |
||||
*::*::*/* -> all permissions like a admin |
||||
:param string: |
||||
:return: dict |
||||
""" |
||||
permission_type, module, extras = string.split("::") |
||||
union_id, item_id = extras.split('/') |
||||
read = False |
||||
write = False |
||||
update = False |
||||
delete = False |
||||
if permission_type == '*': |
||||
read = True |
||||
write = True |
||||
update = True |
||||
delete = True |
||||
if permission_type == 'read': |
||||
read = True |
||||
if permission_type == 'write': |
||||
write = True |
||||
if permission_type == 'update': |
||||
update = True |
||||
if permission_type == 'delete': |
||||
delete = True |
||||
|
||||
return { |
||||
"delete":delete, |
||||
"write":write, |
||||
"read":read, |
||||
"update":update, |
||||
"module":module, |
||||
"union":union_id, |
||||
"item_id":item_id |
||||
} |
||||
|
||||
|
||||
def control_permission(group, module, perm_type, itemid, unionid): |
||||
for right_string in group.rights: |
||||
right = parse_permission(right_string.strip()) |
||||
print(right, right_string, group, perm_type) |
||||
if right.get('module') in ["*", module]: |
||||
return True |
||||
elif right.get('union') in ['*', unionid]: |
||||
return True |
||||
elif right.get(perm_type): |
||||
return True |
||||
elif right.get('item_id') in ['*',itemid]: |
||||
return True |
||||
elif right.get('module') in ["*",module] and right.get('union') in ['*', unionid] and right.get(perm_type) and right.get('item_id') in ['*',itemid]: |
||||
return True |
||||
return False |
@ -1,4 +1,5 @@ |
||||
mongoengine |
||||
flask-mongoengine |
||||
flask |
||||
pycryptodome |
||||
pycryptodome |
||||
flask_jwt_extended |
Loading…
Reference in new issue