def get_user_info(_id):
user = User()
record = user.find_by_id(_id)
if not record:
return jsonify({
'message': 'record not found',
'code': 104040
}), 404
relation = TeamUser().collection.find_one({'user_id': _id})
team = Team().find_by_id(relation.get('team_id'))
record['team'] = team
record.pop('password')
permissions, roles = user.get_permissions(_id)
hosts = user.get_hosts(_id)
return jsonify({
'message': 'ok',
'code': 0,
'data': {
'user': record,
'roles': roles,
'permissions': permissions,
'hosts': hosts,
}
})
def get_claims():
try:
authorization = request.headers.get('Authorization', None)
if not authorization:
return 0
parts = authorization.split()
if len(parts) < 2 or parts[0] != 'Bearer':
return 0
token = parts[1]
claims = jws.verify(token)
url_rule = str(request.url_rule)
if config.api.get('force_check_binding'):
found = _force_check_menu_apis(url_rule)
if not found:
return -1
if claims is False:
return 0
if claims.get('is_admin'):
return claims
method = request.method.lower()
if url_rule in routes.get('Default'):
return claims
username = claims.get('username')
user_id = claims.get('user_id')
user = User()
if not user_id:
user_info = User.find_one({'username': username})
user_id = str(user_info['_id'])
menus, roles = user.get_permissions(user_id)
if not menus:
return -1
is_allow = -1
for menu in menus:
apis = menu.get('apis')
actions = menu.get('actions')
if not apis:
continue
if url_rule in apis and method in actions:
is_allow = 1
break
return claims if is_allow == 1 else is_allow
except JWTError:
return False
def get_menus():
query = request.args
user_id = login_user.get('user_id')
is_admin = login_user.get('is_admin')
name = query.get('name')
route = query.get('route')
status = query.get('status')
where = {'status': {'$ne': -1}}
if name:
where['name'] = name
if route:
where['route'] = route
if status is not None and int(status) >= 0:
where['status'] = int(status)
# is_admin = False
if not is_admin:
user = User()
permissions = user.get_permissions(user_id, filter=where)
menus = permissions[0]
else:
def add_actions(item):
item['actions'] = ['get', 'post', 'delete', 'put', 'patch']
return item
if query and int(query.get('all')):
where = {'status': {'$ne': -1}}
menus = db.collection('menus').find(where).sort('id', 1)
menus = map(add_actions, menus)
return jsonify({'message': 'ok', 'code': 0, 'data': list(menus)})