forked from oyd/Adunatio
parent
bf5942905f
commit
bfaab9fc77
@ -0,0 +1,60 @@ |
|||||||
|
def parse_permission(string): |
||||||
|
""" |
||||||
|
Parsing permission string |
||||||
|
permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all companies *}/item_id{for all items *} |
||||||
|
example string: |
||||||
|
read::collectors::union1id/* ->read union1 all collectors |
||||||
|
read::collectors::union1id/collector1 ->read union1 collector1 |
||||||
|
*::users::union2/* -> read, write, update, delete all users for union2 |
||||||
|
*::users::union2/user1 -> read, write, update, delete for users1 in union2 |
||||||
|
*::*::union2/* -> all permissions for union2 |
||||||
|
*::*::*/* -> all permissions like a admin |
||||||
|
:param string: |
||||||
|
:return: dict |
||||||
|
""" |
||||||
|
permission_type, module, extras = string.split("::") |
||||||
|
union_id, item_id = extras.split('/') |
||||||
|
read = False |
||||||
|
write = False |
||||||
|
update = False |
||||||
|
delete = False |
||||||
|
if permission_type == '*': |
||||||
|
read = True |
||||||
|
write = True |
||||||
|
update = True |
||||||
|
delete = True |
||||||
|
if permission_type == 'read': |
||||||
|
read = True |
||||||
|
if permission_type == 'write': |
||||||
|
write = True |
||||||
|
if permission_type == 'update': |
||||||
|
update = True |
||||||
|
if permission_type == 'delete': |
||||||
|
delete = True |
||||||
|
|
||||||
|
return { |
||||||
|
"delete":delete, |
||||||
|
"write":write, |
||||||
|
"read":read, |
||||||
|
"update":update, |
||||||
|
"module":module, |
||||||
|
"union":union_id, |
||||||
|
"item_id":item_id |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
def control_permission(group, module, perm_type, itemid, unionid): |
||||||
|
for right_string in group.rights: |
||||||
|
right = parse_permission(right_string.strip()) |
||||||
|
print(right, right_string, group, perm_type) |
||||||
|
if right.get('module') in ["*", module]: |
||||||
|
return True |
||||||
|
elif right.get('union') in ['*', unionid]: |
||||||
|
return True |
||||||
|
elif right.get(perm_type): |
||||||
|
return True |
||||||
|
elif right.get('item_id') in ['*',itemid]: |
||||||
|
return True |
||||||
|
elif right.get('module') in ["*",module] and right.get('union') in ['*', unionid] and right.get(perm_type) and right.get('item_id') in ['*',itemid]: |
||||||
|
return True |
||||||
|
return False |
@ -1,4 +1,5 @@ |
|||||||
mongoengine |
mongoengine |
||||||
flask-mongoengine |
flask-mongoengine |
||||||
flask |
flask |
||||||
pycryptodome |
pycryptodome |
||||||
|
flask_jwt_extended |
Loading…
Reference in new issue