from flask_login import current_user def parse_permission(string): """ Parsing permission string permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all unions *}/item_id{for all items *} example string: read::payments::union1id/* ->read union1 all payments read::payments::union1id/user1 ->read union1 user1 *::users::union2/* -> read, write, update, delete all users for union2 *::users::union2/user1 -> read, write, update, delete for users1 in union2 *::*::union2/* -> all permissions for union2 *::*::*/* -> all permissions like a admin :param string: :return: dict """ permission_type, module, extras = string.split("::") union_id, item_id = extras.split('/') read = False write = False update = False delete = False if permission_type == '*': read = True write = True update = True delete = True if permission_type == 'read': read = True if permission_type == 'write': write = True if permission_type == 'update': update = True if permission_type == 'delete': delete = True return { "delete": delete, "write": write, "read": read, "update": update, "module": module, "union": union_id, "item_id": item_id } def control_permission(group, module, perm_type, itemid, unionid): for right_string in group.rights: right = parse_permission(right_string.strip()) print(right, right_string, group, perm_type) if right.get('module') in ["*", module]: return True elif right.get('union') in ['*', unionid]: return True elif right.get(perm_type): return True elif right.get('item_id') in ['*', itemid]: return True elif right.get('module') in ["*", module] and right.get('union') in ['*', unionid] and right.get( perm_type) and right.get('item_id') in ['*', itemid]: return True return False def read_permission(module, qs): union_list = [] for right_string in current_user.group.rights: right = parse_permission(right_string) if right.get('module') in [module, '*']: if right.get('read'): if right.get('union') != "*": union_list.append(right.get('union')) if len(union_list) > 0: if module == 'union': qs.filter(id__in=union_list, deleted=False) else: qs.filter(union__in=union_list, deleted=False) return qs def has_permission(module, obj, reqtype, oid): if control_permission(current_user.group, module, reqtype, oid, obj.company): return True return False