Adunatio/internal_lib/permission_parser.py

from flask_login import current_user


def parse_permission(string):
    """
    Parsing permission string
    permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all unions *}/item_id{for all items *}
    example string:
    read::payments::union1id/* ->read union1 all payments
    read::payments::union1id/user1 ->read union1 user1
    *::users::union2/* -> read, write, update, delete all users for union2
    *::users::union2/user1 -> read, write, update, delete for users1 in union2
    *::*::union2/* -> all permissions for union2
    *::*::*/* -> all permissions like a admin
    :param string:
    :return: dict
    """
    permission_type, module, extras = string.split("::")
    union_id, item_id = extras.split('/')
    read = False
    write = False
    update = False
    delete = False
    if permission_type == '*':
        read = True
        write = True
        update = True
        delete = True
    if permission_type == 'read':
        read = True
    if permission_type == 'write':
        write = True
    if permission_type == 'update':
        update = True
    if permission_type == 'delete':
        delete = True

    return {
        "delete": delete,
        "write": write,
        "read": read,
        "update": update,
        "module": module,
        "union": union_id,
        "item_id": item_id
    }


def is_admin(group):
    for right_string in group.rights:
        right = parse_permission(right_string.strip())
        if right.get('union') == "*":
            return True
    return False

def control_permission(group, module, perm_type, itemid, unionid):
    has_perm = False
    from flask import current_app

    for right_string in group.rights:
        right = parse_permission(right_string.strip())
        if module == "union" and perm_type == "write" and right.get("union") != "*":
            has_perm =  False
            current_app.logger.info("short shut")
        elif right.get('module') in ["*", module] and right.get('union') in ['*', unionid] and right.get(
                perm_type) and right.get('item_id') in ['*', itemid]:
            current_app.logger.info("long shut")
            has_perm = True
    return has_perm


def has_permission(module, obj, reqtype, oid):
    if control_permission(current_user.group, module, reqtype, oid, obj.company):
        return True
    return False