Skip to content

configure all access permissions in APIJSON_MODELS now, and rename ro… #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 28, 2018
Merged

configure all access permissions in APIJSON_MODELS now, and rename ro… #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 17 additions & 12 deletions demo/apps/apijson_demo/settings.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,39 +6,44 @@ moment = 'apijson_demo.models.Moment'
[APIJSON_MODELS]
moment = {
"user_id_field" : "user_id",
"GET" : {
"roles" : ["OWNER"]
},

"GET" : { "roles" : ["OWNER"] },
"POST" : { "roles" : ["OWNER"] },
"PUT" : { "roles" : ["OWNER"] },
"DELETE" : { "roles" : ["OWNER"] },
}
comment = {
"user_id_field" : "user_id",
"GET" : {
"roles" : ["OWNER"]
},
"GET" : { "roles" : ["OWNER"] },
"POST" : { "roles" : ["OWNER"] },
"PUT" : { "roles" : ["OWNER"] },
"DELETE" : { "roles" : ["OWNER"] },
}

[APIJSON_REQUESTS]
moment = {
"moment": {
"POST" :{
"ADD":{"roles": ["OWNER"]},
"ADD":{"@role": "OWNER"},
"DISALLOW" : ["id"],
"NECESSARY" : ["content"],
},
"PUT" :{
"ADD":{"roles": ["OWNER"]},
"NECESSARY" : ["content"],
"ADD":{"@role": "OWNER"},
"NECESSARY" : ["id","content"],
},
}
}

comment = {
"comment": {
"POST" :{
"ADD" :{"roles": ["OWNER"]},
"ADD" :{"@role": "OWNER"},
"DISALLOW" : ["id"],
"NECESSARY" : ["content"]
}
},
"PUT" :{
"ADD":{"@role": "OWNER"},
"NECESSARY" : ["id","content"],
},
}
}
7 changes: 4 additions & 3 deletions uliweb_apijson/apijson/settings.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ OWNER = _('APIJSON OWNER'), 'uliweb.contrib.rbac.trusted', True
user = {
"user_id_field" : "id",
"secret_fields" : ["password"],
"GET" : {
"roles" : ["ADMIN","OWNER"]
}
"GET" : { "roles" : ["ADMIN","OWNER"] },
"POST" : { "roles" : ["ADMIN","OWNER"] },
"PUT" : { "roles" : ["ADMIN","OWNER"] },
"DELETE" : { "roles" : ["ADMIN","OWNER"] },
}
65 changes: 51 additions & 14 deletions uliweb_apijson/apijson/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,7 @@ def _post_one(self,key,tag):
tag = tag or key
modelname = key
params = self.request_data[key]
params_role = params.get("@role")

try:
model = getattr(models,modelname)
Expand All @@ -283,17 +284,33 @@ def _post_one(self,key,tag):
ADD = request_setting_POST.get("ADD")
permission_check_ok = False
if ADD:
roles = ADD.get("roles")
ADD_role = ADD.get("@role")
if ADD_role and not params_role:
params_role = ADD_role

POST = model_setting.get("POST")
if POST:
roles = POST.get("roles")
if params_role:
if not params_role in roles:
return json({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})
roles = [params_role]

if roles:
for r in roles:
if r == "OWNER":
for role in roles:
if role == "OWNER":
if request.user:
permission_check_ok = True
if user_id_field:
params[user_id_field] = request.user.id
else:
#need OWNER, but don't know how to set user id
return json({"code":400,"msg":"no permission"})
if user_id_field:
params[user_id_field] = request.user.id
else:
#need OWNER, but don't know how to set user id
return json({"code":400,"msg":"no permission"})
break
else:
if functions.has_role(request.user,role):
permission_check_ok = True
break
if not permission_check_ok:
return json({"code":400,"msg":"no permission"})

Expand Down Expand Up @@ -347,6 +364,7 @@ def _put_one(self,key,tag):
tag = tag or key
modelname = key
params = self.request_data[key]
params_role = params.get("@role")

try:
model = getattr(models,modelname)
Expand All @@ -359,9 +377,14 @@ def _put_one(self,key,tag):

request_setting_model = request_setting_tag.get(modelname,{})
request_setting_PUT = request_setting_model.get("PUT",{})
ADD = request_setting_PUT.get("ADD")
permission_check_ok = False

ADD = request_setting_PUT.get("ADD")
if ADD:
ADD_role = ADD.get("@role")
if ADD_role and not params_role:
params_role = ADD_role

try:
id_ = params.get("id")
if not id_:
Expand All @@ -371,17 +394,28 @@ def _put_one(self,key,tag):
return json({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))})
obj = model.get(id_)

if ADD:
roles = ADD.get("roles")
PUT = model_setting.get("PUT")
if PUT:
roles = PUT.get("roles")
if params_role:
if not params_role in roles:
return json({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})
roles = [params_role]
if roles:
for r in roles:
if r == "OWNER":
for role in roles:
if role == "OWNER":
if request.user:
if user_id_field:
if getattr(obj,user_id_field)!=request.user.id:
if obj.to_dict().get(user_id_field)==request.user.id:
permission_check_ok = True
break
else:
return json({"code":400,"msg":"need login user"})
else:
if functions.has_role(request.user,role):
permission_check_ok = True
break

if not permission_check_ok:
return json({"code":400,"msg":"no permission"})

Expand Down Expand Up @@ -409,3 +443,6 @@ def _put_one(self,key,tag):
self.rdict["code"] = 400
self.rdict["message"] = "fail"
self.rdict[key] = obj_dict

def delete(self):
return json(self.rdict)