You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Adunatio/internal_lib/permission_parser.py

75 lines
2.4 KiB

from flask_login import current_user
def parse_permission(string):
"""
Parsing permission string
permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all unions *}/item_id{for all items *}
example string:
read::payments::union1id/* ->read union1 all payments
read::payments::union1id/user1 ->read union1 user1
*::users::union2/* -> read, write, update, delete all users for union2
*::users::union2/user1 -> read, write, update, delete for users1 in union2
*::*::union2/* -> all permissions for union2
*::*::*/* -> all permissions like a admin
:param string:
:return: dict
"""
permission_type, module, extras = string.split("::")
union_id, item_id = extras.split('/')
read = False
write = False
update = False
delete = False
if permission_type == '*':
read = True
write = True
update = True
delete = True
if permission_type == 'read':
read = True
if permission_type == 'write':
write = True
if permission_type == 'update':
update = True
if permission_type == 'delete':
delete = True
return {
"delete": delete,
"write": write,
"read": read,
"update": update,
"module": module,
"union": union_id,
"item_id": item_id
}
def is_admin(group):
for right_string in group.rights:
right = parse_permission(right_string.strip())
if right.get('union') == "*":
return True
return False
def control_permission(group, module, perm_type, itemid, unionid):
has_perm = False
from flask import current_app
for right_string in group.rights:
right = parse_permission(right_string.strip())
if module == "union" and perm_type == "write" and right.get("union") != "*":
has_perm = False
current_app.logger.info("short shut")
elif right.get('module') in ["*", module] and right.get('union') in ['*', unionid] and right.get(
perm_type) and right.get('item_id') in ['*', itemid]:
current_app.logger.info("long shut")
has_perm = True
return has_perm
def has_permission(module, obj, reqtype, oid):
if control_permission(current_user.group, module, reqtype, oid, obj.company):
return True
return False