class UserRoleController:
def __init__(self, connection):
self.connection = connection
from models.user import User
from models.role import Role
from models.user_role import UserRole
self.user = User(connection)
self.role = Role(connection)
self.user_role = UserRole(connection)
def find_by_user_id(self, user_id):
user_roles = self.user_role.find({'user_id': user_id})
print user_roles
ids = [user_role['role_id'] for user_role in user_roles]
if ADMIN_ROLE_ID in ids:
params = {}
else:
ids = [
user_role['role_id'] for user_role in user_roles
if user_role['is_admin']
]
params = {'ids': ids}
print params
return self.role.find(params)
def find_by_role_id(self, role_id):
user_roles = self.user_role.find({'role_id': role_id})
print user_roles
ids = [row['user_id'] for row in user_roles]
params = {'ids': ids}
print params
return self.user.find(params)
class UserRoleController:
def __init__(self, connection):
self.connection = connection
from models.user import User
from models.role import Role
from models.user_role import UserRole
self.user = User(connection)
self.role = Role(connection)
self.user_role = UserRole(connection)
def find_by_user_id(self, user_id):
user_roles = self.user_role.find({'user_id': user_id})
print user_roles
ids = [ user_role['role_id'] for user_role in user_roles ]
if ADMIN_ROLE_ID in ids:
params = {}
else:
ids = [ user_role['role_id'] for user_role in user_roles if user_role['is_admin'] ]
params = {'ids': ids}
print params
return self.role.find(params)
def find_by_role_id(self, role_id):
user_roles = self.user_role.find({'role_id': role_id})
print user_roles
ids = [row['user_id'] for row in user_roles]
params = {'ids': ids}
print params
return self.user.find(params)
def __init__(self, connection):
self.connection = connection
from models.user import User
from models.role import Role
from models.user_role import UserRole
self.user = User(connection)
self.role = Role(connection)
self.user_role = UserRole(connection)
def __init__(self, connection):
self.connection = connection
from models.invited_user import InvitedUser
self.invited_user = InvitedUser(connection)
from models.user_role import UserRole
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
def __init__(self, connection):
self.connection = connection
from models.role import Role
from models.user_role import UserRole
self.role = Role(connection)
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
from user_role_controller import UserRoleController
self.user_role_controller = UserRoleController(connection)
def check_guardian():
input = request.args.get("guardian_id")
# guardian req: role = patient or guardian
user = User.get_or_none(User.ic_number == input)
if user:
role_list = UserRole.select().where(UserRole.user_id == user.id) # select all existing role(s)
role_id_list = []
for r in role_list:
role_id_list.append(r.role_id)
if 1 in role_id_list or 2 in role_id_list:
response = {
"valid": True,
"name": user.name
}
else:
response = {
"valid": False,
"message": "User does not qualify to be a guardian"
}
else:
response = {
"valid": False,
"message": "User not exist"
}
return jsonify(response)
def __init__(self, connection):
self.connection = connection
from models.invited_user import InvitedUser
self.invited_user = InvitedUser(connection)
from models.user_role import UserRole
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
def role_id(self):
from models.user_role import UserRole
from models.role import Role
role_list = UserRole.select().where(UserRole.user == self)
role_id_list = []
for r in role_list:
role_id_list.append(str(r.role_id))
return role_id_list #["1", "2"]
def __init__(self, connection):
self.connection = connection
from models.user import User
from models.role import Role
from models.user_role import UserRole
self.user = User(connection)
self.role = Role(connection)
self.user_role = UserRole(connection)
def __init__(self, connection):
self.connection = connection
from models.role import Role
from models.user_role import UserRole
self.role = Role(connection)
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
from user_role_controller import UserRoleController
self.user_role_controller = UserRoleController(connection)
class RoleController:
def __init__(self, connection):
self.connection = connection
from models.role import Role
from models.user_role import UserRole
self.role = Role(connection)
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
from user_role_controller import UserRoleController
self.user_role_controller = UserRoleController(connection)
def is_admin(self, user_id):
row = self.user_role.find({
'user_id': user_id,
'role_id': ADMIN_ROLE_ID
})
if len(row) > 0: return True
else: return False
# only the admin can create a role
def create(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
if not self.is_admin(user_id): raise Exception("not permitted")
self.role.create(params)
return True
def update(self, access_token, params):
raise Exception("not supported")
def delete(self, access_token, params):
raise Exception("not supported")
"""
1. find all roles if I'm the admin
2. find only roles where I'm the role admin
"""
def find_all(self, access_token, params=None):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
return self.user_role_controller.find_by_user_id(user_id)
def find_one(self, access_token, params):
raise Exception("not supported")
class RoleController:
def __init__(self, connection):
self.connection = connection
from models.role import Role
from models.user_role import UserRole
self.role = Role(connection)
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
from user_role_controller import UserRoleController
self.user_role_controller = UserRoleController(connection)
def is_admin(self, user_id):
row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
if len(row) > 0: return True
else: return False
# only the admin can create a role
def create(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
if not self.is_admin(user_id): raise Exception("not permitted")
self.role.create(params)
return True
def update(self, access_token, params):
raise Exception("not supported")
def delete(self, access_token, params):
raise Exception("not supported")
"""
1. find all roles if I'm the admin
2. find only roles where I'm the role admin
"""
def find_all(self, access_token, params=None):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
return self.user_role_controller.find_by_user_id(user_id)
def find_one(self, access_token, params):
raise Exception("not supported")
def check_doctor():
input = request.args.get("doctor_ic")
doctor = User.get_or_none(User.ic_number == input)
if doctor:
role_list = UserRole.select().where(UserRole.user_id == doctor.id)
role_id_list = []
for r in role_list:
role_id_list.append(r.role_id)
if 3 in role_id_list:
response = {
"is_doctor": True,
"name": doctor.name
}
else:
response = {
"is_doctor": False
}
else:
response = {
"valid": False,
"message": "User not exist"
}
return jsonify(response)
def check_patient():
input = request.args.get("patient_ic")
patient = User.get_or_none(User.ic_number == input)
if patient:
role_list = UserRole.select().where(UserRole.user_id == patient.id)
role_id_list = []
for r in role_list:
role_id_list.append(r.role_id)
if 1 in role_id_list:
response = {
"is_patient": True,
"name": patient.name
}
else:
response = {
"is_patient": False
}
else:
response = {
"valid": False,
"message": "User not exist"
}
return jsonify(response)
def create():
name = request.json.get('name')
password = request.json.get('password')
email = request.json.get('email')
ic_number = request.json.get('ic_number')
gender = request.json.get('gender')
role = request.json.get('role')
disease = request.json.get('disease')
online_user = get_jwt_identity()
user = User.get_or_none(User.id == online_user['id'])
if "admin" not in user.role:
return jsonify({
"message": "401 Unauthorized (Only admin is allowed)",
"status": "Fail"
})
if (("1" in role) or ("2" in role)) and (("3" in role) or ("4" in role)):
response = {
"message": "Patient/Guardian cannot be Doctor/Admin at the same time.",
"status": "fail"
}
else:
if ("1" in role) or (("1" in role) and ("2" in role)): # if this is patient or patient/guardian
guardian = request.json.get('guardian')
if guardian: #If there is guardian entered
new_guardian = User.get_or_none(User.ic_number == request.json.get('guardian'))
guardian_id = new_guardian
else:
guardian_id = None
if disease: #If there is disease entered
pass
else: #If there is no disease entered for a patient, return error
return jsonify({
"message": "Did not enter disease for patient.",
"status": "fail"
})
new_user = User(name=name, password=password, email=email, ic_number=ic_number, gender=gender, guardian=guardian_id)
if new_user.save():
#handle disease for both patient and patient/guardian
for i in range(len(disease)):
new_user_disease = UserDisease(disease=int(disease[i-1]), user=new_user)
if new_user_disease.save():
pass
else:
response = new_user.error() #method from models.user
if "1" in role and "2" in role:
#handle role for patient/guardian
user_role = UserRole(role=role[0], user=new_user)
user_role2 = UserRole(role=role[1], user=new_user)
if user_role.save() and user_role2.save():
#response after saved user, disease, role
response = {
"message": f"Successfully created a user.",
"status": "success",
"user": {
"id": new_user.id,
"name": new_user.name,
"email": new_user.email,
"ic_number": new_user.ic_number,
"gender": new_user.gender,
"role": new_user.role, #hybrid property
"disease": new_user.disease #hybrid property
}
}
if new_user.guardian: #append guardian if there is one, else append as none
response['user']['guardian'] = new_user.guardian.name
else:
response['user']['guardian'] = None
else:
response = new_user.error() #method from models.user
else:
#handle role for patient
user_role = UserRole(role=role[0], user=new_user)
if user_role.save():
response = {
"message": f"Successfully created a user.",
"status": "success",
"user": {
"id": new_user.id,
"name": new_user.name,
"email": new_user.email,
"ic_number": new_user.ic_number,
"gender": new_user.gender,
"role": new_user.role, #hybrid property
"disease": new_user.disease #hybrid property
}
}
if new_user.guardian: #append guardian if there is one, else append as none
response['user']['guardian'] = new_user.guardian.name
else:
response['user']['guardian'] = None
else:
response = new_user.error() #method from models.user
else:
response = new_user.error() #method from models.user
else: # doctor or admin
if ("3" in role) and ("4" in role):
response = {
"message": "A user cannot be a Doctor and Admin at the same time",
"status": "fail"
}
else:
new_user = User(name=name, password=password, email=email,ic_number=ic_number, gender=gender, guardian=None)
if new_user.save():
user_role = UserRole(role=role[0], user=new_user)
if user_role.save():
response = {
"message": f"Successfully created a user.",
"status": "success",
"user": {
"id": new_user.id,
"name": new_user.name,
"email": new_user.email,
"ic_number": new_user.ic_number,
"gender": new_user.gender,
"role": new_user.role, #hybrid property
}
}
else:
response = new_user.error() #method from models.user
else:
response = new_user.error() #method from models.user
return jsonify(response)
class InvitedUserController:
def __init__(self, connection):
self.connection = connection
from models.invited_user import InvitedUser
self.invited_user = InvitedUser(connection)
from models.user_role import UserRole
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
def is_admin(self, user_id):
row = self.user_role.find({
'user_id': user_id,
'role_id': ADMIN_ROLE_ID
})
if len(row) > 0: return True
else: return False
def is_role_admin(self, user_id, role_id):
rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
if len(rows) > 0 and rows[0]['is_admin']: return True
else: return False
def create(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# allowed if I'm an admin
if self.is_admin(user_id):
self.save(user_id, params)
return True
# allowed if I'm the role admin of the given role
role_id = params['role_id']
if self.is_role_admin(user_id, role_id):
self.save(user_id, params)
return True
raise Exception("not permitted")
def save(self, user_id, params):
invited_users = self.invited_user.find(params)
if len(invited_users) > 0:
print 'already invited'
return True
if not params.get('invited_by'):
params['invited_by'] = user_id
if not params.get('invited_at'):
params['invited_at'] = str(datetime.utcnow())
if not params.get('state'):
params['state'] = self.invited_user.INVITED
if not params.get('is_admin'):
params['is_admin'] = '0'
return self.invited_user.create(params)
def update(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# allowed if I'm an admin
if self.is_admin(user_id):
self.invited_user.update(params)
return True
# allowed if I'm the role admin of the given role
role_id = params['role_id']
if self.is_role_admin(user_id, role_id):
self.invited_user.update(params)
return True
raise Exception("not permitted")
"""
1. return all invited users if I'm the admin
2. return all invited users of a given role if I'm the role admin
"""
def find_all(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# return all invited users if I'm an admin
if self.is_admin(user_id): return self.invited_user.find({})
if not params.get('role_id'):
# return all invited users of roles where I'm the role admin
user_roles = self.user_role.find({'user_id': user_id})
role_ids = [
user_role['role_id'] for user_role in user_roles
if user_role['is_admin']
]
if len(role_ids) > 0:
return self.invited_user.find({'role_ids': role_ids})
else:
# return all invited users of the given role if I'm the role admin
role_id = params['role_id']
if self.is_role_admin(user_id, role_id):
return self.invited_user.find(params)
raise Exception("not permitted")
def edit_by_admin():
ic_number = request.json.get('ic_number')
user = User.get_or_none(User.ic_number == ic_number) #user to be edited
online_user = get_jwt_identity()
current_user = User.get_or_none(User.id == online_user['id']) #user that is editing
if user: #check existence of user
if ("admin" in current_user.role): #check editing user is admin (if not, 401)
#set attributes that is 'sure have'
user.name = request.json.get('name')
user.password = request.json.get('password')
user.email = request.json.get('email')
user.gender = request.json.get('gender')
#handle guardian
if request.json.get('guardian'): #if guardian is inputted
new_guardian = User.get_or_none(User.ic_number == request.json.get('guardian'))
user.guardian = new_guardian.id #update/remain according to input
else: #if no guardian is inputted, delete the guardian
user.guardian = None
if user.save(): # save the fields in user table first
#handle role
role = request.json.get('role')
if role: #if role is inputted
if (("1" in role) or ("2" in role)) and (("3" in role) or ("4" in role)):
return jsonify({
"message": "Patient/Guardian cannot be Doctor/Admin at the same time.",
"status": "fail"
})
elif ("3" in role) and ("4" in role):
return jsonify({
"message": "A user cannot be a Doctor and Admin at the same time",
"status": "fail"
})
elif (("1" in user.role_id) or ("2" in user.role_id)) and (("3" in role) or ("4" in role)):
return jsonify({
"message": "A user cannot switch role from Patient/Guardian to Doctor/Admin",
"status": "fail"
})
elif (("3" in user.role_id) or ("4" in user.role_id)) and (("1" in role) or ("2" in role)):
return jsonify({
"message": "A user cannot switch role from Doctor/Admin to Patient/Guardian",
"status": "fail"
})
else:
if sorted(user.role_id) == sorted(role): #if same, no need change
pass
else:
# Delete obselete role
role_to_delete = []
for i in range(len(user.role_id)):
if user.role_id[i] not in role:
role_to_delete.append(user.role_id[i])
for i in range(len(role_to_delete)):
del_role = UserRole.get_or_none(UserRole.role == role_to_delete[i], UserRole.user == user)
del_role.delete_instance()
# Add new role
for i in range(0,len(role)):
if role[i] not in user.role_id:
new_role = UserRole(user=user, role=role[i])
if new_role.save():
pass
else:
return jsonify({
"message": "Problem occured when saving new role.",
"status": "fail"
})
else: #if no role is inputted, remain
pass #Note: If can prefill role in frontend, should change to warning message "user cannot have no role"
if "1" in user.role_id: #after saving new role(s), this checks the updated version of the user's role(s)
#handle disease
disease = request.json.get('disease')
if disease:
if sorted(user.disease_id) == sorted(disease): #if same, no need change
pass
else:
# Delete obselete disease
disease_to_delete = []
for i in range(len(user.disease_id)):
if user.disease_id[i] not in disease:
disease_to_delete.append(user.disease_id[i])
for i in range(len(disease_to_delete)):
del_disease = UserDisease.get_or_none(UserDisease.disease == disease_to_delete[i], UserDisease.user == user)
del_disease.delete_instance()
# Add new disease
for i in range(len(disease)):
if disease[i] not in user.disease_id:
new_disease = UserDisease(user=user, disease=disease[i])
if new_disease.save():
pass
else:
return jsonify({
"message": "Problem occured when saving new disease.",
"status": "fail"
})
else: #if no disease is inputted, remain
pass #Note: If can prefill disease in frontend, should change to warning message "patient cannot have no disease"
response = {
"message": "Successfully edited user.",
"status": "success"
}
else:
response = user.error()
else:
response = {
"message": "401 Unauthorized",
"status": "fail"
}
else:
response = {
"message": "User not found, please try again",
"status": "fail"
}
return jsonify(response)
class InvitedUserController:
def __init__(self, connection):
self.connection = connection
from models.invited_user import InvitedUser
self.invited_user = InvitedUser(connection)
from models.user_role import UserRole
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
def is_admin(self, user_id):
row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
if len(row) > 0: return True
else: return False
def is_role_admin(self, user_id, role_id):
rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
if len(rows) > 0 and rows[0]['is_admin']: return True
else: return False
def create(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# allowed if I'm an admin
if self.is_admin(user_id):
self.save(user_id, params)
return True
# allowed if I'm the role admin of the given role
role_id = params['role_id']
if self.is_role_admin(user_id, role_id):
self.save(user_id, params)
return True
raise Exception("not permitted")
def save(self, user_id, params):
invited_users = self.invited_user.find(params)
if len(invited_users) > 0:
print 'already invited'
return True
if not params.get('invited_by'):
params['invited_by'] = user_id
if not params.get('invited_at'):
params['invited_at'] = str(datetime.utcnow())
if not params.get('state'):
params['state'] = self.invited_user.INVITED
if not params.get('is_admin'):
params['is_admin'] = '0'
return self.invited_user.create(params)
def update(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# allowed if I'm an admin
if self.is_admin(user_id):
self.invited_user.update(params)
return True
# allowed if I'm the role admin of the given role
role_id = params['role_id']
if self.is_role_admin(user_id, role_id):
self.invited_user.update(params)
return True
raise Exception("not permitted")
"""
1. return all invited users if I'm the admin
2. return all invited users of a given role if I'm the role admin
"""
def find_all(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# return all invited users if I'm an admin
if self.is_admin(user_id): return self.invited_user.find({})
if not params.get('role_id'):
# return all invited users of roles where I'm the role admin
user_roles = self.user_role.find({'user_id': user_id})
role_ids = [ user_role['role_id'] for user_role in user_roles if user_role['is_admin'] ]
if len(role_ids) > 0: return self.invited_user.find({'role_ids': role_ids})
else:
# return all invited users of the given role if I'm the role admin
role_id = params['role_id']
if self.is_role_admin(user_id, role_id): return self.invited_user.find(params)
raise Exception("not permitted")
class UserController:
def __init__(self, connection):
self.connection = connection
from models.user import User
from models.user_role import UserRole
from models.invited_user import InvitedUser
self.user = User(connection)
self.user_role = UserRole(connection)
self.invited_user = InvitedUser(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
def is_admin(self, user_id):
row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
if len(row) > 0: return True
else: return False
def is_role_admin(self, user_id, role_id):
rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
if len(rows) > 0 and rows[0]['is_admin']: return True
else: return False
def is_member(self, user_id, role_id):
rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
if len(rows) > 0: return True
else: return False
def create(self, access_token, params):
# if this is the first user, save it as an admin
users = self.user.find({})
if len(users) == 0:
# set this user to the admin
self.user.create(params)
self.user_role.create({'user_id': params['id'], 'role_id': ADMIN_ROLE_ID})
return True
# add a user to a role if I'm an admin or the role admin of the given role
if params.get('role_id'):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
if self.is_admin(user_id) or self.is_role_admin(user_id, role_id):
self.user_role.create(params)
return True
else:
raise Exception("not permitted")
rows = self.user.find(params)
if len(rows) > 0:
print 'already exists'
return True
# add the user if this user was invited before
invited_users = self.invited_user.find(params)
if len(invited_users) == 1:
invited_user = invited_users[0]
self.user.create(params)
self.user_role.create({'user_id': params['id'], 'role_id': invited_user['role_id'], 'is_admin': invited_user['is_admin']})
self.invited_user.update({'email':params['email'], 'state':self.invited_user.REGISTERED})
return True
else:
raise Exception("not permitted")
"""
1. return requested users if I'm the admin
2. return all users of roles where I'm the role admin
3. return myself if I'm not the role admin of any role
4. return all members of the given role if I'm a member of the given role
"""
def find_all(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# return all users if I'm an admin
if self.is_admin(user_id): return self.user.find(params)
if not params.get('role_id'):
# return all users of roles where I'm the role admin
user_roles = self.user_role.find({'user_id': user_id})
role_ids = [ user_role['role_id'] for user_role in user_roles if user_role['is_admin'] ]
if len(role_ids) > 0: return self.user.find({'role_ids': role_ids})
# if role is not given, return only itself
return self.user.find({'id': user_id})
# return all members of the given role if I'm a member of the given role
if self.is_member(user_id, params['role_id']): return self.user.find(params)
raise Exception("not permitted")
import sys
sys.path.insert(0, r'../..')
from models.connection import connection
from models.user_role import UserRole
user_role = UserRole(connection)
print user_role.find({'user_id':'b2fc88a6-7253-4850-8d5a-07639b1315aa'})
print user_role.find({'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4'})
print user_role.find({'user_id':'c8b5dbbe-edd1-4e78-b03a-63b0d779be85', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a'})
print user_role.create({'user_id':'b2fc88a6-7253-4850-8d5a-07639b1315aa', 'role_id':'ffffffff-ffff-ffff-ffff-ffffffffffff', 'is_admin':False})
print user_role.create({'user_id':'49d8bc68-f57e-11e3-ba1d-005056ba0d15', 'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4', 'is_admin':False})
print user_role.create({'user_id':'49d8bc68-f57e-11e3-ba1d-005056ba0d15', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a', 'is_admin':False})
print user_role.create({'user_id':'c8b5dbbe-edd1-4e78-b03a-63b0d779be85', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a', 'is_admin':False})
print user_role.create({'user_id':'c8b5dbbe-edd1-4e78-b03a-63b0d779be85', 'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4', 'is_admin':False})
print user_role.create({'user_id':'117043220775623860708', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a', 'is_admin':False})
print user_role.create({'user_id':'117043220775623860708', 'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4', 'is_admin':True})
class PermissionController:
def __init__(self, connection):
self.connection = connection
from models.permission import Permission
from models.user_role import UserRole
self.permission = Permission(connection)
self.user_role = UserRole(connection)
from token_controller import TokenController
self.token_controller = TokenController(connection)
from user_role_controller import UserRoleController
self.user_role_controller = UserRoleController(connection)
def is_admin(self, user_id):
row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
if len(row) > 0: return True
else: return False
def is_role_admin(self, user_id, role_id):
rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
if len(rows) > 0 and rows[0]['is_admin']: return True
else: return False
def are_permitted(self, access_token, params_list):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
for params in params_list:
if not self.is_permitted(user_id, params): return False
return True
def is_permitted(self, user_id, params):
params['user_id'] = user_id
params['all'] = True
rows = self.permission.find(params)
print "permitted : %s" % rows
if len(rows) == 0: return False
for row in rows:
if not row.get('condition'): return True
if not params.get('parent'): return False # parent must be given because all permissions have conditions
# now check if the parent permissions include the given 'parent' value
for row in rows:
parent_params = json.loads(row['condition'])
parent_params['user_id'] = user_id
#parent_params['role_id'] = row['role_id']
parent_params['value'] = params['parent']
parent_params['all'] = True
parent_rows = self.permission.find(parent_params)
print "permitted parents : %s" % parent_rows
if len(parent_rows) == 0: return False #### TODO: not sure if all have to be true......
return True
def create(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
if not self.is_admin(user_id): raise Exception("not permitted")
self.permission.create(params)
return True
def update(self, access_token, params):
raise Exception("not supported")
def delete(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
if not self.is_admin(user_id): raise Exception("not permitted")
self.permission.delete(params)
return True
"""
1. find all of my permissions from access_token
2. find all permissions of given user if I'm the admin
3. find all permissions of given role if I'm the admin
4. find member's all permissions if I'm the role admin of the given role
5. find member's all permissions if I'm the role admin of any roles where the given user belongs
6. find member's all permissions if I'm the given user
"""
def find_all(self, access_token, params):
rows = self.token_controller.find(access_token)
user_id = rows[0]['user_id']
# return my permissions
if not params.get('user_id') and not params.get('role_id'):
params['user_id'] = user_id
return self.permission.find(params)
# return requested user/role's permissions if I'm an admin
if self.is_admin(user_id): return self.permission.find(params)
# return requested role's permissions if I'm a role admin
if params.get('role_id'):
if self.is_role_admin(user_id, params['role_id']): return self.permission.find(params)
else: raise Exception("not permitted")
if params.get('user_id'):
# return my permissions when the given user is me
if user_id == params['user_id']: return self.permission.find(params)
# return requested user's permissions if I'm a role admin of any roles the given user belongs
user_roles = self.user_role.find({'user_id': params['user_id']})
if len(user_roles) == 0: raise Exception("not permitted")
for user_role in user_roles:
if self.is_role_admin(user_id, user_role['role_id']): return self.permission.find(params)
raise Exception("not permitted")
def find_one(self, access_token, params):
raise Exception("not supported")
import sys
sys.path.insert(0, r'../..')
from models.connection import connection
from models.user_role import UserRole
user_role = UserRole(connection)
print user_role.find({'user_id': 'b2fc88a6-7253-4850-8d5a-07639b1315aa'})
print user_role.find({'role_id': '3867c370-552f-43b8-bed9-6aa00ffc41b4'})
print user_role.find({
'user_id': 'c8b5dbbe-edd1-4e78-b03a-63b0d779be85',
'role_id': '435a6417-6c1f-4d7c-87dd-e8f6c0effc7a'
})
print user_role.create({
'user_id': 'b2fc88a6-7253-4850-8d5a-07639b1315aa',
'role_id': 'ffffffff-ffff-ffff-ffff-ffffffffffff',
'is_admin': False
})
print user_role.create({
'user_id': '49d8bc68-f57e-11e3-ba1d-005056ba0d15',
'role_id': '3867c370-552f-43b8-bed9-6aa00ffc41b4',
'is_admin': False
})
print user_role.create({
'user_id': '49d8bc68-f57e-11e3-ba1d-005056ba0d15',
'role_id': '435a6417-6c1f-4d7c-87dd-e8f6c0effc7a',
'is_admin': False
})
print user_role.create({
def create_role(name):
role = UserRole()
role.Name = name.lower()
db.session.add(role)
db.session.commit()
