def add(cls, parent_id, child_id):
RoleRelation.get_by(parent_id=parent_id, child_id=child_id) and abort(
400, "It's already existed")
if parent_id in cls.recursive_child_ids(child_id):
return abort(400, "Circulation inheritance!!!")
RoleRelationCache.clean(parent_id)
RoleRelationCache.clean(child_id)
return RoleRelation.create(parent_id=parent_id, child_id=child_id)
def delete(cls, _id):
existed = RoleRelation.get_by_id(_id) or abort(
400, "RoleRelation <{0}> does not exist".format(_id))
child_ids = cls.recursive_child_ids(existed.child_id)
for child_id in child_ids:
role_rebuild.apply_async(args=(child_id, ), queue=ACL_QUEUE)
RoleRelationCache.clean(existed.parent_id)
RoleRelationCache.clean(existed.child_id)
existed.soft_delete()
def has_permission(cls, rid, resource_name, resource_type, app_id, perm):
resource_type = ResourceType.get_by(app_id=app_id,
name=resource_type,
first=True,
to_dict=False)
resource_type or abort(
404, "ResourceType <{0}> is not found".format(resource_type))
type_id = resource_type.id
resource = Resource.get_by(name=resource_name,
resource_type_id=type_id,
first=True,
to_dict=False)
resource = resource or abort(
403, "Resource <{0}> is not in ACL".format(resource_name))
parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)
group_ids = cls.get_group_ids(resource.id)
for parent_id in parent_ids:
id2perms = RoleRelationCache.get_resources(parent_id)
perms = id2perms['id2perms'].get(resource.id, [])
if perms and {perm}.issubset(set(perms)):
return True
for group_id in group_ids:
perms = id2perms['group2perms'].get(group_id, [])
if perms and {perm}.issubset(set(perms)):
return True
return False
def delete2(cls, parent_id, child_id):
existed = RoleRelation.get_by(parent_id=parent_id,
child_id=child_id,
first=True,
to_dict=False)
existed or abort(
400, "RoleRelation < {0} -> {1} > does not exist".format(
parent_id, child_id))
child_ids = cls.recursive_child_ids(existed.child_id)
for child_id in child_ids:
role_rebuild.apply_async(args=(child_id, ), queue=ACL_QUEUE)
RoleRelationCache.clean(existed.parent_id)
RoleRelationCache.clean(existed.child_id)
existed.soft_delete()
def delete_role(cls, rid):
role = Role.get_by_id(rid) or abort(
404, "Role <{0}> does not exist".format(rid))
for i in RoleRelation.get_by(parent_id=rid, to_dict=False):
i.soft_delete()
for i in RoleRelation.get_by(child_id=rid, to_dict=False):
i.soft_delete()
for i in RolePermission.get_by(rid=rid, to_dict=False):
i.soft_delete()
role_rebuild.apply_async(args=(list(
RoleRelationCRUD.recursive_child_ids(rid)), ),
queue=ACL_QUEUE)
RoleCache.clean(rid)
RoleRelationCache.clean(rid)
role.soft_delete()
def get_permissions(cls, rid, resource_name):
resource = Resource.get_by(name=resource_name,
first=True,
to_dict=False)
resource = resource or abort(
403, "Resource <{0}> is not in ACL".format(resource_name))
parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)
group_ids = cls.get_group_ids(resource.id)
perms = []
for parent_id in parent_ids:
id2perms = RoleRelationCache.get_resources(parent_id)
perms += id2perms['id2perms'].get(parent_id, [])
for group_id in group_ids:
perms += id2perms['group2perms'].get(group_id, [])
return set(perms)
def role_rebuild(rids):
rids = rids if isinstance(rids, list) else [rids]
for rid in rids:
RoleRelationCache.rebuild(rid)
current_app.logger.info("Role {0} rebuild..........".format(rids))
def _get_children(_id):
all_child_ids.add(_id)
child_ids = RoleRelationCache.get_child_ids(_id)
for child_id in child_ids:
_get_children(child_id)
def _get_parent(_id):
all_parent_ids.add(_id)
parent_ids = RoleRelationCache.get_parent_ids(_id)
for parent_id in parent_ids:
_get_parent(parent_id)