def check_remove_content_for_select(ability, user, action, record: DataRecord,
available_columns: list):
if record.get('visible') == POST_VISIBLE.CONTENT_IF_LOGIN:
if not user:
available_columns.remove('content')
elif record.get('visible') == POST_VISIBLE.ADMIN_ONLY:
pass
return True
def check_is_me(ability, user, action, record: DataRecord,
available_columns: list):
# 拒绝其他人写入自己的个人资料
if user:
if record.get('id') != user.id:
available_columns.clear()
return True
def check_is_admin(ability, user, action, record: DataRecord, available_columns: list):
# 阻止superuser写入superuser或更高权限用户组
if user:
if record.get('group') in (USER_GROUP.SUPERUSER, USER_GROUP.ADMIN):
# 只允许写这两列
available_columns[:] = filter(lambda x: x in {'credit', 'repute'}, available_columns)
return True
def check_is_users_post(ability, user, action, record: DataRecord, available_columns: list):
if user:
if record.get('user_id') != user.id:
available_columns.clear()
return True
def check_remove_content_for_select(ability, user, action, record: DataRecord, available_columns: list):
if user:
if record.get('state') == POST_VISIBLE.CONTENT_IF_LOGIN:
available_columns.remove('content')
return True
def check_is_users_post(ability, user, action, record: DataRecord,
available_columns: Set):
if user:
if record.get('user_id') != get_bytes_from_blob(user.id):
available_columns.clear()
return True