|
|
|
from flask_login import current_user
|
|
|
|
|
|
|
|
|
|
|
|
def parse_permission(string):
|
|
|
|
"""
|
|
|
|
Parsing permission string
|
|
|
|
permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all unions *}/item_id{for all items *}
|
|
|
|
example string:
|
|
|
|
read::payments::union1id/* ->read union1 all payments
|
|
|
|
read::payments::union1id/user1 ->read union1 user1
|
|
|
|
*::users::union2/* -> read, write, update, delete all users for union2
|
|
|
|
*::users::union2/user1 -> read, write, update, delete for users1 in union2
|
|
|
|
*::*::union2/* -> all permissions for union2
|
|
|
|
*::*::*/* -> all permissions like a admin
|
|
|
|
:param string:
|
|
|
|
:return: dict
|
|
|
|
"""
|
|
|
|
permission_type, module, extras = string.split("::")
|
|
|
|
union_id, item_id = extras.split('/')
|
|
|
|
read = False
|
|
|
|
write = False
|
|
|
|
update = False
|
|
|
|
delete = False
|
|
|
|
if permission_type == '*':
|
|
|
|
read = True
|
|
|
|
write = True
|
|
|
|
update = True
|
|
|
|
delete = True
|
|
|
|
if permission_type == 'read':
|
|
|
|
read = True
|
|
|
|
if permission_type == 'write':
|
|
|
|
write = True
|
|
|
|
if permission_type == 'update':
|
|
|
|
update = True
|
|
|
|
if permission_type == 'delete':
|
|
|
|
delete = True
|
|
|
|
|
|
|
|
return {
|
|
|
|
"delete": delete,
|
|
|
|
"write": write,
|
|
|
|
"read": read,
|
|
|
|
"update": update,
|
|
|
|
"module": module,
|
|
|
|
"union": union_id,
|
|
|
|
"item_id": item_id
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
def control_permission(group, module, perm_type, itemid, unionid):
|
|
|
|
for right_string in group.rights:
|
|
|
|
right = parse_permission(right_string.strip())
|
|
|
|
print(right, right_string, group, perm_type)
|
|
|
|
if right.get('module') in ["*", module]:
|
|
|
|
return True
|
|
|
|
elif right.get('union') in ['*', unionid]:
|
|
|
|
return True
|
|
|
|
elif right.get(perm_type):
|
|
|
|
return True
|
|
|
|
elif right.get('item_id') in ['*', itemid]:
|
|
|
|
return True
|
|
|
|
elif right.get('module') in ["*", module] and right.get('union') in ['*', unionid] and right.get(
|
|
|
|
perm_type) and right.get('item_id') in ['*', itemid]:
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
def read_permission(module, qs):
|
|
|
|
union_list = []
|
|
|
|
for right_string in current_user.group.rights:
|
|
|
|
right = parse_permission(right_string)
|
|
|
|
if right.get('module') in [module, '*']:
|
|
|
|
if right.get('read'):
|
|
|
|
if right.get('union') != "*":
|
|
|
|
union_list.append(right.get('union'))
|
|
|
|
|
|
|
|
if len(union_list) > 0:
|
|
|
|
if module == 'union':
|
|
|
|
qs.filter(id__in=union_list, deleted=False)
|
|
|
|
else:
|
|
|
|
qs.filter(union__in=union_list, deleted=False)
|
|
|
|
return qs
|
|
|
|
|
|
|
|
|
|
|
|
def has_permission(module, obj, reqtype, oid):
|
|
|
|
if control_permission(current_user.group, module, reqtype, oid, obj.company):
|
|
|
|
return True
|
|
|
|
return False
|