From bfaab9fc7763e84d54fb00cd557397cfd00729f5 Mon Sep 17 00:00:00 2001 From: Mustafa Yontar Date: Sun, 31 Jan 2021 00:57:57 +0300 Subject: [PATCH] change group permission field create permission parser add flask jwt requirements --- internal_lib/permission_parser.py | 60 +++++++++++++++++++++++++++++++ models/Group.py | 2 +- requirements.txt | 3 +- 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 internal_lib/permission_parser.py diff --git a/internal_lib/permission_parser.py b/internal_lib/permission_parser.py new file mode 100644 index 0000000..1406f2a --- /dev/null +++ b/internal_lib/permission_parser.py @@ -0,0 +1,60 @@ +def parse_permission(string): + """ + Parsing permission string + permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all companies *}/item_id{for all items *} + example string: + read::collectors::union1id/* ->read union1 all collectors + read::collectors::union1id/collector1 ->read union1 collector1 + *::users::union2/* -> read, write, update, delete all users for union2 + *::users::union2/user1 -> read, write, update, delete for users1 in union2 + *::*::union2/* -> all permissions for union2 + *::*::*/* -> all permissions like a admin + :param string: + :return: dict + """ + permission_type, module, extras = string.split("::") + union_id, item_id = extras.split('/') + read = False + write = False + update = False + delete = False + if permission_type == '*': + read = True + write = True + update = True + delete = True + if permission_type == 'read': + read = True + if permission_type == 'write': + write = True + if permission_type == 'update': + update = True + if permission_type == 'delete': + delete = True + + return { + "delete":delete, + "write":write, + "read":read, + "update":update, + "module":module, + "union":union_id, + "item_id":item_id + } + + +def control_permission(group, module, perm_type, itemid, unionid): + for right_string in group.rights: + right = parse_permission(right_string.strip()) + print(right, right_string, group, perm_type) + if right.get('module') in ["*", module]: + return True + elif right.get('union') in ['*', unionid]: + return True + elif right.get(perm_type): + return True + elif right.get('item_id') in ['*',itemid]: + return True + elif right.get('module') in ["*",module] and right.get('union') in ['*', unionid] and right.get(perm_type) and right.get('item_id') in ['*',itemid]: + return True + return False diff --git a/models/Group.py b/models/Group.py index 44ca034..7c2772d 100644 --- a/models/Group.py +++ b/models/Group.py @@ -6,7 +6,7 @@ from models.Union import Union class Group(Document): union = ReferenceField(Union) name = StringField() - rights = StringField() + rights = ListField(StringField()) class PaymentGroup(Document): diff --git a/requirements.txt b/requirements.txt index 6f8d06d..14f476c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ mongoengine flask-mongoengine flask -pycryptodome \ No newline at end of file +pycryptodome +flask_jwt_extended \ No newline at end of file