def parse_permission(string): """ Parsing permission string permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all companies *}/item_id{for all items *} example string: read::collectors::union1id/* ->read union1 all collectors read::collectors::union1id/collector1 ->read union1 collector1 *::users::union2/* -> read, write, update, delete all users for union2 *::users::union2/user1 -> read, write, update, delete for users1 in union2 *::*::union2/* -> all permissions for union2 *::*::*/* -> all permissions like a admin :param string: :return: dict """ permission_type, module, extras = string.split("::") union_id, item_id = extras.split('/') read = False write = False update = False delete = False if permission_type == '*': read = True write = True update = True delete = True if permission_type == 'read': read = True if permission_type == 'write': write = True if permission_type == 'update': update = True if permission_type == 'delete': delete = True return { "delete":delete, "write":write, "read":read, "update":update, "module":module, "union":union_id, "item_id":item_id } def control_permission(group, module, perm_type, itemid, unionid): for right_string in group.rights: right = parse_permission(right_string.strip()) print(right, right_string, group, perm_type) if right.get('module') in ["*", module]: return True elif right.get('union') in ['*', unionid]: return True elif right.get(perm_type): return True elif right.get('item_id') in ['*',itemid]: return True elif right.get('module') in ["*",module] and right.get('union') in ['*', unionid] and right.get(perm_type) and right.get('item_id') in ['*',itemid]: return True return False