def test_query_add_func():
ab1 = Ability({}, based_on=ab)
def func1(ability: Ability, user, query: 'SQLQueryInfo', view: "AbstractSQLView"):
query.add_condition('nickname', '=', 'aa')
ab1.add_query_condition('user', func=func1)
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab1, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
ab2 = Ability({}, based_on=ab)
def func2(ability: Ability, user, query: 'SQLQueryInfo'):
query.add_condition('nickname', '=', 'aa')
ab2.add_query_condition('user', func=func2)
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab2, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
def test_query_condition_add2():
"""
测试添加多个条件
"""
ab2 = Ability({}, based_on=ab)
ab2.add_query_condition('user', [
['username', 'like', '1%'],
['nickname', 'like', '1%'],
])
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab2, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['username', SQL_OP.LIKE, '1%'], ['nickname', SQL_OP.LIKE, '1%']]
def test_query_condition_add1():
"""
测试添加单个条件
:return:
"""
ab1 = Ability({}, based_on=ab)
ab1.add_query_condition('user', ['phone', '>=', '123456'])
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
assert sqi.conditions[-1] == ['username', SQL_OP.EQ, 'b']
sqi.check_query_permission_full(None, 'user', ab1, None)
assert sqi.conditions[-1] == ['phone', SQL_OP.GE, '123456']
ab = Ability({
# 测试不带通配的权限
'user': {
'username': (A.QUERY, A.READ),
'nickname': (A.QUERY, A.READ),
'password': (A.QUERY, A.READ),
},
# 测试白名单权限,行为应与 user 完全一致
'account': {
'username': (A.QUERY, A.READ),
'nickname': (A.QUERY, A.READ),
'password': (A.QUERY, A.READ),
'*': [],
},
# 测试数据表的权限
# 测试带通配数据表下列的权限,列权限应高于表权限
'test': A.ALL,
'topic': '*',
'article': {
'title': (A.QUERY, A.READ),
'user': [],
'time': '*',
'*': '*'
},
# 规则测试
'rule_test1': (A.DELETE, ), # columns: a, b, c
'rule_test1_1': (A.DELETE, ), # columns: a, b, c
'rule_test2': [], # columns: a, b, c
})
ab = Ability(
'normal',
{
# 测试不带通配的权限
'user': {
'username': ['query', 'read'],
'nickname': ['query', 'read'],
'password': ['query', 'read'],
},
# 测试白名单权限,行为应与 user 完全一致
'account': {
'username': ['query', 'read'],
'nickname': ['query', 'read'],
'password': ['query', 'read'],
'*': [],
},
# 测试数据表的权限
# 测试带通配数据表下列的权限,列权限应高于表权限
'test': ['query', 'read', 'write', 'create', 'delete'],
'topic': '*',
'article': {
'title': ['query', 'read'],
'user': [],
'time': '*',
'*': '*'
},
# 规则测试
'rule_test1': ['delete'], # columns: a, b, c
'rule_test1_1': ['delete'], # columns: a, b, c
'rule_test2': [], # columns: a, b, c
})
from permissions.roles.visitor import visitor
from slim.base.permission import Ability, A, DataRecord
normal_user = Ability(
{
'user': {
'email': (A.CREATE, ),
'nickname': (A.READ, A.WRITE, A.CREATE),
'state': (A.READ, A.WRITE),
},
'example': A.ALL
},
based_on=visitor)
super_user = Ability('superuser', {
'topic': {
'title': A.ALL,
'board_id': (A.QUERY, A.READ, A.CREATE, A.WRITE),
'content': (A.READ, A.CREATE, A.WRITE),
'awesome': (A.READ, A.WRITE, A.QUERY),
'weight': (A.QUERY, A.READ, A.WRITE),
'sticky_weight': (A.READ, A.WRITE),
'state': A.ALL,
},
'board': {
'name': A.ALL,
'brief': A.ALL,
'desc': A.ALL,
'time': (
A.READ,
A.QUERY,
A.CREATE,
),
'weight': A.ALL,
'color': (A.READ, A.WRITE, A.CREATE),
'state': A.ALL,
'visible': A.ALL,
'category': A.ALL,
'user_id': (A.READ, A.CREATE),
'parent_id': A.ALL
},
'user': {
'key': (A.WRITE, ),
'time': (A.READ, ),
'state': A.ALL,
'email': A.ALL,
'nickname': A.ALL,
'credit': A.ALL,
'group': A.ALL,
'repute': A.ALL
}
},
based_on=normal_user)
visitor = Ability(
None, {
'topic': {
'id': (A.QUERY, A.READ),
'title': (A.READ, ),
'user_id': (A.QUERY, A.READ),
'board_id': (A.QUERY, A.READ),
'time': (A.READ, ),
'state': (A.READ, ),
'edit_time': (A.READ, ),
'edit_count': (A.READ, ),
'last_edit_user_id': (A.READ, ),
'content': (A.READ, ),
'awesome': (A.READ, ),
'sticky_weight': (
A.QUERY,
A.READ,
),
'weight': (A.READ, ),
'update_time': (A.READ, ),
},
'wiki_article': {
'id': (A.QUERY, A.READ),
'state': (A.READ, ),
'visible': (A.READ, ),
'time': (A.READ, ),
'user_id': (A.QUERY, A.READ),
'title': (A.READ, ),
'root_id': (A.QUERY, A.READ),
'parent_id': (A.QUERY, A.READ),
'content': (A.READ, ),
'flag': (
A.QUERY,
A.READ,
),
'is_current': (
A.QUERY,
A.READ,
),
'major_ver': (A.READ, ),
'minor_ver': (A.READ, ),
},
'user': {
'id': (A.QUERY, A.READ),
'nickname': (A.READ, A.CREATE),
'group': (A.READ, ),
'state': (A.READ, ),
'number': (A.READ, ),
'biology': (A.READ, ),
'time': (A.READ, ),
'key_time': (A.READ, ),
'avatar': (A.READ, ),
'type': (A.READ, ),
'url': (A.READ, ),
'location': (A.READ, ),
'email': (A.CREATE, ),
'exp': (A.READ, ),
'credit': (A.READ, ),
'repute': (A.READ, ),
},
'board': {
'id': (A.QUERY, A.READ),
'name': (A.READ, ),
'brief': (A.READ, ),
'desc': (A.READ, ),
'time': (
A.READ,
A.QUERY,
),
'weight': (A.READ, A.QUERY),
'color': (A.READ, ),
'state': (A.READ, ),
'visible': (A.READ, ),
'category': (A.READ, ),
'parent_id': (
A.QUERY,
A.READ,
)
},
'comment': {
'id': (A.QUERY, A.READ),
'related_id': (A.QUERY, A.READ),
'related_type': (A.QUERY, A.READ),
'user_id': (A.QUERY, A.READ),
'reply_to_cmt_id': (A.QUERY, A.READ),
'time': (A.READ, ),
'state': (A.READ, ),
'visible': (A.READ, ),
'content': (A.READ, ),
'post_number': (A.READ, ),
},
'statistic': {
'id': (A.READ, A.QUERY),
'post_type': (A.READ, ),
'click_count': (A.READ, ),
'comment_count': (A.READ, ),
'topic_count': (A.READ, ),
'last_comment_id': (A.READ, ),
'follow_count': (A.READ, ),
},
'statistic24h': {
'id': (A.READ, A.QUERY),
'post_type': (A.READ, ),
'click_count': (A.READ, ),
'comment_count': (A.READ, ),
'topic_count': (A.READ, ),
'last_comment_id': (A.READ, ),
'follow_count': (A.READ, ),
},
'manage_log': {
'id': (A.READ, ),
'user_id': (A.READ, ),
'role': (A.READ, ),
'time': (A.READ, ),
'related_type': (A.READ, ),
'related_id': (A.READ, A.QUERY),
'operation': (A.READ, ),
'value': (A.READ, ),
'note': (A.READ, )
}
})
# deprecated
from slim.base.permission import Ability, A, DataRecord
from permissions.roles.p10_visitor import visitor
inactive_user = Ability(
'inactive_user',
{
'user': {
'nickname': (A.QUERY, A.READ),
'group': (A.READ, ),
'access_time': (A.READ, ),
'last_check_in_time': (A.READ, ),
'check_in_his': (A.READ, ),
# 'key': ['query', 'read']
},
'notif': {
'receiver_id': (A.QUERY, A.READ)
}
},
based_on=visitor)
from slim.base.permission import A, Ability, DataRecord
visitor = Ability(None, {
'test': {
'id': (A.QUERY, A.READ),
'test': (A.READ, ),
},
'pics': A.ALL
})
normal_user = Ability('user', {
'test': {
'id': (A.QUERY, A.READ, A.CREATE, A.DELETE),
'test': (A.READ, A.WRITE, A.CREATE, A.DELETE),
},
},
based_on=visitor)
Topic.create(title='Hello1', content='World')
Topic.create(title='Hello2', content='World')
Topic.create(title='Hello3', content='World')
Topic.create(title='Hello4', content='World')
Article.create(name='Hello', content='World')
Article.create(name='Hello2', content='World2')
Article.create(name='Hello3', content='World3')
app.permission.add(None, Ability({
'topic': {
'|': {A.QUERY},
'title': {A.QUERY, A.READ},
'time': {A.QUERY, A.READ, A.QUERY_EX},
'content': {A.QUERY},
},
'article': {
'|': {A.QUERY, A.DELETE},
'name': {A.QUERY, A.READ},
'content': {A.QUERY},
}
}))
@app.route.view('/topic')
class TopicView(PeeweeView):
model = Topic
@app.route.view('/article')
class ArticleView(PeeweeView):
superuser = Ability('superuser', {
'topic':
merge_post_permissions_of_superuser({
'title':
A.ALL,
'board_id': (A.QUERY, A.READ, A.CREATE, A.WRITE),
'content': (A.READ, A.CREATE, A.WRITE),
'awesome': (A.READ, A.WRITE, A.QUERY),
'weight': (A.QUERY, A.READ, A.WRITE),
'sticky_weight': (A.READ, A.WRITE),
}),
'wiki_article':
merge_post_permissions_of_superuser({
'title': A.ALL,
'ref': A.ALL,
'content': A.ALL,
}),
'board':
merge_post_permissions_of_superuser({
'name': A.ALL,
'brief': A.ALL,
'desc': A.ALL,
'weight': A.ALL,
'color': (A.READ, A.WRITE, A.CREATE),
'category': A.ALL,
'parent_id': A.ALL
}),
'user':
merge_post_permissions_of_superuser({
'key': (A.WRITE, ),
'password': (A.WRITE, ),
'email': A.ALL,
'nickname': A.ALL,
'credit': A.ALL,
'repute': A.ALL
})
},
based_on=normal_user)
from slim.base.permission import A, Ability, DataRecord, Permissions
ab1 = Ability({
'user': {
'username': (A.QUERY, A.READ),
'nickname': (A.QUERY, A.READ),
'password': (A.QUERY, A.READ),
},
'tab1': {A.WRITE, A.QUERY},
'*': {A.WRITE}
})
def test_default():
assert ab1.can_with_columns(
None, A.WRITE, 'user',
['username', 'nickname', 'password', 'salt']) == {'salt'}
assert ab1.can_with_columns(None, A.WRITE, 'tab1',
{'username', 'nickname', 'password'}) == {
'username', 'nickname', 'password'
}
assert ab1.can_with_columns(None, A.QUERY, 'tab1',
{'username', 'nickname', 'password'}) == {
'username', 'nickname', 'password'
}
assert ab1.can_with_columns(None, A.READ, 'tab1',
{'username', 'nickname', 'password'}) == set()
ab2 = Ability({
def test_permission_role_bug():
p = Permissions(None)
p.add(None, Ability({'user': {'key': (A.READ, )}}))
p.add('user', Ability({'user': {'key': (A.READ, A.WRITE)}}))
assert p.request_role(None, 'user') is None
normal_user = Ability('user', {
'user': {
'nickname': (A.QUERY, A.READ),
'group': (A.READ,),
'biology': (A.QUERY, A.READ, A.WRITE),
'avatar': (A.QUERY, A.READ),
'type': (A.QUERY, A.READ, A.WRITE),
'url': (A.QUERY, A.READ, A.WRITE),
'location': (A.QUERY, A.READ, A.WRITE),
# 'key': ['query', 'read']
},
'topic': {
'title': (A.READ, A.CREATE, A.WRITE),
'board_id': (A.QUERY, A.READ, A.CREATE),
'content': (A.READ, A.CREATE, A.WRITE),
},
'comment': {
'related_id': (A.READ, A.CREATE,),
'related_type': (A.READ, A.CREATE,),
'reply_to_cmt_id': (A.READ, A.CREATE,),
'state': (A.READ, A.WRITE,),
'content': (A.READ, A.CREATE,),
},
'upload': {
'id': (A.READ, A.QUERY),
'user_id': (A.READ, A.QUERY),
'state': (A.READ,),
'visible': (A.READ,),
'time': (A.READ,),
'key': (A.READ, A.QUERY),
'size': (A.READ, A.QUERY),
'type_name': (A.READ, A.QUERY),
}
}, based_on=inactive_user)
import pytest
from peewee import Model, BlobField
from playhouse.postgres_ext import ArrayField
from slim import Application, ALL_PERMISSION
from slim.base.permission import Ability
from slim.base.sqlquery import SQLQueryInfo, SQL_OP
from slim.exception import InvalidParams
from slim.support.peewee import PeeweeView
pytestmark = [pytest.mark.asyncio]
app = Application(cookies_secret=b'123456')
app.permission.add(None, Ability({'*': '*'}))
class ATestModel(Model):
name = ArrayField(BlobField)
class Meta:
table_name = 'topic'
@app.route.view('test1')
class ATestView(PeeweeView):
model = ATestModel
ATestView.ability = Ability({'*': '*'})
app._prepare()
from permissions.roles.p40_super_user import superuser
from slim.base.permission import Ability, A, DataRecord
admin = Ability({
'user': {
'group': A.ALL,
}
}, based_on=superuser)
normal_user = Ability('user', {
'user': {
'nickname': (A.QUERY, A.READ),
'group': (A.READ, ),
'biology': (A.QUERY, A.READ, A.WRITE),
'avatar': (A.QUERY, A.READ),
'type': (A.QUERY, A.READ, A.WRITE),
'url': (A.QUERY, A.READ, A.WRITE),
'location': (A.QUERY, A.READ, A.WRITE),
},
'topic': {
'title': (A.READ, A.CREATE, A.WRITE),
'board_id': (A.QUERY, A.READ, A.CREATE),
'content': (A.READ, A.CREATE, A.WRITE),
},
'comment': {
'related_id': (
A.READ,
A.CREATE,
),
'related_type': (
A.READ,
A.CREATE,
),
'reply_to_cmt_id': (
A.READ,
A.CREATE,
),
'state': (
A.READ,
A.WRITE,
),
'content': (
A.READ,
A.CREATE,
),
},
'upload':
merge_post_permissions_of_visitor({
'key': (A.READ, A.QUERY),
'size': (A.READ, ),
'type_name': (A.READ, A.QUERY),
})
},
based_on=inactive_user)
from permissions.roles.p40_super_user import super_user
from slim.base.permission import Ability, A, DataRecord
admin = Ability('admin', {'user': {
'group': A.ALL,
}}, based_on=super_user)
visitor = Ability(None, {
'topic': {
'id': (A.QUERY, A.READ),
'title': (A.READ,),
'user_id': (A.QUERY, A.READ),
'board_id': (A.QUERY, A.READ),
'time': (A.READ,),
'state': (A.READ,),
'edit_time': (A.READ,),
'edit_count': (A.READ,),
'last_edit_user_id': (A.READ,),
'content': (A.READ,),
'awesome': (A.READ,),
'sticky_weight': (A.READ,),
'weight': (A.READ,),
},
'user': {
'id': (A.QUERY, A.READ),
'nickname': (A.READ, A.CREATE),
'group': (A.READ,),
'state': (A.READ,),
'number': (A.READ,),
'biology': (A.READ,),
'time': (A.READ,),
'key_time': (A.READ,),
'avatar': (A.READ,),
'type': (A.READ,),
'url': (A.READ,),
'location': (A.READ,),
'email': (A.CREATE,),
'exp': (A.READ,),
'credit': (A.READ,),
'reputation': (A.READ,),
},
'board': {
'id': (A.QUERY, A.READ),
'name': (A.READ,),
'brief': (A.READ,),
'desc': (A.READ,),
'time': (A.READ, A.QUERY,),
'weight': (A.READ, A.QUERY),
'color': (A.READ,),
'state': (A.READ,),
'visible': (A.READ,),
'category': (A.READ,),
'parent_id': (A.QUERY, A.READ,)
},
'comment': {
'id': (A.QUERY, A.READ),
'related_id': (A.QUERY, A.READ),
'related_type': (A.QUERY, A.READ),
'user_id': (A.QUERY, A.READ),
'reply_to_cmt_id': (A.QUERY, A.READ),
'time': (A.READ,),
'state': (A.READ,),
'visible': (A.READ,),
'content': (A.READ,),
'post_number': (A.READ,),
},
'statistic': {
'id': (A.READ, A.QUERY),
'post_type': (A.READ,),
'click_count': (A.READ,),
'comment_count': (A.READ,),
'topic_count': (A.READ,),
'last_comment_id': (A.READ,),
'follow_count': (A.READ,),
},
'statistic24h': {
'id': (A.READ, A.QUERY),
'post_type': (A.READ,),
'click_count': (A.READ,),
'comment_count': (A.READ,),
'topic_count': (A.READ,),
'last_comment_id': (A.READ,),
'follow_count': (A.READ,),
},
'manage_log': {
'id': (A.READ,),
'user_id': (A.READ,),
'role': (A.READ,),
'time': (A.READ,),
'related_type': (A.READ,),
'related_id': (A.READ, A.QUERY),
'operation': (A.READ,),
'value': (A.READ,),
'note': (A.READ,)
}
})
visitor = Ability(
None,
{
'topic':
merge_post_permissions_of_visitor({
'title': (A.READ, ),
'board_id': (A.QUERY, A.READ),
'edit_count': (A.READ, ),
'edit_time': (A.READ, ),
'last_edit_user_id': (A.READ, ),
'content': (A.READ, ),
'awesome': (A.READ, ),
'sticky_weight': (
A.QUERY,
A.READ,
),
'weight': (A.READ, ),
'update_time': (A.READ, ),
}),
'wiki_article':
merge_post_permissions_of_visitor({
'title': (A.READ, ),
'ref': (
A.QUERY,
A.READ,
),
'content': (A.READ, ),
'flag': (
A.QUERY,
A.READ,
),
}),
'user':
merge_post_permissions_of_visitor({
'email': (A.CREATE, ),
'phone': (A.CREATE, ),
'nickname': (A.READ, A.CREATE),
'biology': (A.READ, ),
'avatar': (A.READ, ),
'type': (A.READ, ),
'url': (A.READ, ),
'location': (A.READ, ),
'group': (A.READ, ),
'is_wiki_editor': (A.READ, ),
'is_board_moderator': (A.READ, ),
'is_forum_master': (A.READ, ),
'access_time': (A.READ, ),
'number': (A.READ, ),
'exp': (A.READ, ),
'credit': (A.READ, ),
'repute': (A.READ, ),
}),
'board':
merge_post_permissions_of_visitor({
'name': (A.READ, ),
'brief': (A.READ, ),
'desc': (A.READ, ),
'weight': (A.READ, A.QUERY),
'color': (A.READ, ),
'category': (A.READ, ),
'parent_id': (
A.QUERY,
A.READ,
),
'can_post_rank': (
A.QUERY,
A.READ,
),
}),
'comment':
merge_post_permissions_of_visitor({
'related_id': (A.QUERY, A.READ),
'related_type': (A.QUERY, A.READ),
'reply_to_cmt_id': (A.QUERY, A.READ),
'content': (A.READ, ),
'post_number': (A.READ, ),
}),
# 以下并非post类型
'post_stats': {
'id': (A.READ, A.QUERY),
'post_type': (A.READ, ),
'last_comment_id': (A.READ, ),
'last_edit_user_id': (A.READ, ),
'last_edit_time': (A.READ, ),
'update_time': (A.READ, ),
'click_count': (A.READ, ),
'edit_count': (A.READ, ),
'comment_count': (A.READ, ),
'topic_count': (A.READ, ),
'follow_count': (A.READ, ),
'bookmark_count': (A.READ, ),
'upvote_count': (A.READ, ),
'downvote_count': (A.READ, ),
'thank_count': (A.READ, ),
'vote_weight': (A.READ, ),
},
'manage_log': {
'id': (A.READ, ),
'user_id': (A.READ, ),
'role': (A.READ, ),
'time': (A.READ, ),
'related_type': (A.READ, ),
'related_id': (A.READ, A.QUERY),
'operation': (A.READ, ),
'value': (A.READ, ),
'note': (A.READ, )
}
})
superuser = Ability(
{
'topic':
merge_post_permissions_of_superuser({
'title':
A.ALL,
'board_id': (A.QUERY, A.READ, A.CREATE, A.WRITE),
'content': (A.READ, A.CREATE, A.WRITE),
'awesome': (A.READ, A.WRITE, A.QUERY),
'weight': (A.QUERY, A.READ, A.WRITE),
'sticky_weight': (A.READ, A.WRITE),
}),
'wiki_article':
merge_post_permissions_of_superuser({
'title': A.ALL,
'ref': A.ALL,
'content': A.ALL,
}),
'board':
merge_post_permissions_of_superuser(
{
'name': A.ALL,
'brief': A.ALL,
'desc': A.ALL,
'weight': A.ALL,
'color': (A.READ, A.WRITE, A.CREATE),
'category': A.ALL,
'parent_id': A.ALL,
'can_post_rank': A.ALL,
}),
'user':
merge_post_permissions_of_superuser(
{
'key': (A.WRITE, ),
'password': (A.WRITE, ),
'email': A.ALL,
'nickname': A.ALL,
'credit': A.ALL,
'repute': A.ALL,
'access_time': (A.READ, ),
'last_check_in_time': (A.READ, ),
'is_wiki_editor': (
A.QUERY,
A.READ,
A.WRITE,
),
'is_board_moderator': (
A.QUERY,
A.READ,
A.WRITE,
),
'is_forum_master': (
A.QUERY,
A.READ,
A.WRITE,
),
})
},
based_on=normal_user)
from permissions.roles.p30_normal_user import normal_user
from permissions.roles.p40_super_user import merge_post_permissions_of_superuser
from slim.base.permission import Ability, A, DataRecord
wiki_editor = Ability(
{
'wiki_article':
merge_post_permissions_of_superuser({
'title': A.ALL,
'ref': A.ALL,
'content': A.ALL,
}),
},
based_on=normal_user)
from slim.base.permission import Ability, A, DataRecord
visitor = Ability({
'example': {
'id': {A.READ, A.QUERY},
'state': {A.READ},
},
'user': {
'id': {A.QUERY, A.READ},
'nickname': {A.READ},
'state': {A.READ},
'time': {A.READ},
}
})
from slim.base.permission import A, Ability, DataRecord, Permissions
from slim.base.sqlquery import SQLQueryInfo, SQL_OP
ab = Ability({
'user': {
'username': {A.QUERY, A.READ},
'nickname': {A.QUERY, A.READ, A.QUERY_EX},
'password': {A.QUERY},
'phone': {A.READ},
}
})
def test_query_filter():
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.parse_then_add_condition('nickname', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'],
['nickname', SQL_OP.EQ, 'b']]
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'c')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.parse_then_add_condition('username', 'like', 'b')
sqi.parse_then_add_condition('nickname', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'],
['nickname', SQL_OP.EQ, 'b']]
from slim.base.permission import Ability, A
from permissions.roles.p10_visitor import visitor
# 除了访问自己的用户信息之外,与visitor平权
banned_user = Ability(
'banned_user',
{
'user': {
'nickname': (A.QUERY, A.READ),
'group': (A.READ, ),
'access_time': (A.READ, ),
'last_check_in_time': (A.READ, ),
'check_in_his': (A.READ, ),
# 'key': ['query', 'read']
}
},
based_on=visitor)
from permissions.roles.visitor import visitor
from slim.base.permission import Ability, A, DataRecord
user = Ability(
{
'user': {
'|': {A.CREATE},
'nickname': {A.READ, A.WRITE},
'state': {A.READ, A.WRITE},
},
'example': A.ALL
},
based_on=visitor)