from flask_login import current_user def parse_permission(string): """ Parsing permission string permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all unions *}/item_id{for all items *} example string: read::payments::union1id/* ->read union1 all payments read::payments::union1id/user1 ->read union1 user1 *::users::union2/* -> read, write, update, delete all users for union2 *::users::union2/user1 -> read, write, update, delete for users1 in union2 *::*::union2/* -> all permissions for union2 *::*::*/* -> all permissions like a admin :param string: :return: dict """ permission_type, module, extras = string.split("::") union_id, item_id = extras.split('/') read = False write = False update = False delete = False if permission_type == '*': read = True write = True update = True delete = True if permission_type == 'read': read = True if permission_type == 'write': write = True if permission_type == 'update': update = True if permission_type == 'delete': delete = True return { "delete": delete, "write": write, "read": read, "update": update, "module": module, "union": union_id, "item_id": item_id } def is_admin(group): for right_string in group.rights: right = parse_permission(right_string.strip()) if right.get('union') == "*": return True return False def control_permission(group, module, perm_type, itemid, unionid): has_perm = False from flask import current_app for right_string in group.rights: right = parse_permission(right_string.strip()) if module == "union" and perm_type == "write" and right.get("union") != "*": has_perm = False current_app.logger.info("short shut") elif right.get('module') in ["*", module] and right.get('union') in ['*', unionid] and right.get( perm_type) and right.get('item_id') in ['*', itemid]: current_app.logger.info("long shut") has_perm = True return has_perm def has_permission(module, obj, reqtype, oid): if control_permission(current_user.group, module, reqtype, oid, obj.company): return True return False