def right_create(
appname, projectname, perm_module, perm_opname, perm_action='list',
perm_type="module", perm_lc='all'):
'''
create api to add right.
Parameters:
{
'perm_type': 'module',
'perm_name': 'aospreset-aosrecommendshare-list',
'perm_container': 'aospreset',
'perm_lc': 'zh-cn'
}
'''
perm_name = '%s-%s-%s' % (perm_opname, perm_module, perm_action)
right_cond = {
'perm_name': perm_name, 'app_name': projectname, "lc": perm_lc}
if Right.find_one_right(appname, right_cond):
return json_response_error(PARAM_ERROR, msg="the right exist")
if not App.find_one_app(appname, {"name": perm_opname}):
return json_response_error(PARAM_ERROR, msg="the app label not exist")
if not Module.find_one_module(appname, {"module_name": perm_module}):
return json_response_error(
PARAM_ERROR, msg="the app module not exist")
right_instance = Right.new(
appname, projectname, perm_module, perm_opname, perm_action,
perm_type, perm_lc)
Right.save(appname, right_instance)
return json_response_ok()
def right_mod(appname, rid, data):
'''
this api is used to modify one right
Request URL: /auth/user/{uid}
HTTP Method:POST
Parameters:
{
"group_name":"xxx",
"perm_list":[1,2,3,4]
}
Return :
{
"status":0
"data":{}
"msg":"modify successfully"
}
'''
cond = {"_id": rid}
if not App.find_one_app(appname, {"name": data["app_label"]}):
return json_response_error(PARAM_ERROR, msg="the app label not exist")
if not Module.find_one_module(appname, {"module_name": data["module"]}):
return json_response_error(PARAM_ERROR, msg="the app module not exist")
perm_name = '%s-%s-%s' % (
data["app_label"], data["module"], data["action"])
data["perm_name"] = perm_name
Right.update_right(appname, cond, data)
return json_response_ok()
def get_right_display_data(appname, projectname):
sort = [("_id", 1)]
fields = {"app_label": 1, "_id": 0}
model_cond = {"app_name": projectname, "perm_type": "module"}
menu = {"items": []}
app_list = Right.find_right(appname, model_cond, fields, True)
f = lambda x, y: x if y["app_label"] in [i["app_label"] for i in x] \
else x + [y]
app_list = reduce(f, [[], ] + app_list)
for app_item in app_list:
app_fields = {"_id": 1, "module": 1}
app_info = App.find_one_app(
appname, {"name": app_item["app_label"]}, None)
app_dict = {"title": "", "items": []}
app_dict["title"] = app_info["app_value"]
module_cond = {
"app_name": projectname, "app_label": app_item["app_label"],
"perm_type": "module"}
module_cursor = Right.find_right(
appname, module_cond, app_fields, True)
f = lambda x, y: x if y["module"] in [i["module"] for i in x] \
else x + [y]
module_list = reduce(f, [[], ] + module_cursor)
for module_item in module_list:
action_fields = {"_id": 1, "action": 1}
action_cond = {
"app_name": projectname, "app_label": app_item["app_label"],
"perm_type": "module", 'module': module_item["module"]}
action_cursor = Right.find_right(
appname, action_cond, action_fields).sort(sort)
module_dict = Module.find_one_module(
appname, {"module_name": module_item["module"]}, None)
action_dict = {"model": module_item["module"], "items": []}
action_dict["model"] = module_dict["module_value"]
for menu_item in action_cursor:
role_dict = {"display_value": "", "value": ""}
role_dict["value"] = menu_item.get("_id")
role_dict["display_value"] = menu_item.get("action")
action_dict["items"].append(role_dict)
app_dict["items"].append(action_dict)
menu["items"].append(app_dict)
# get feature display data
feature_cond = {"app_name": projectname, "perm_type": "feature"}
feature_fields = {"perm_name": 1, "_id": 1}
feature = {"items": [], "title": "Feature"}
feature_list = Right.find_right(
appname, feature_cond, feature_fields, True)
if feature_list:
for feature_item in feature_list:
feature_dict = {"display_value": "", "value": ""}
feature_dict["value"] = feature_item.get("_id")
feature_dict["display_value"] = feature_item.get("perm_name")
feature["items"].append(feature_dict)
menu.setdefault("feature", feature)
return menu
def right_list(appname):
sort = [("_id", 1)]
right_cursor = Right.find_right(appname, cond={}, fields=None)
if sort is not None:
right_cursor = right_cursor.sort(sort)
total = Right.find_right(appname, {}).count()
rights = []
for item in right_cursor:
item["id"] = item.pop("_id")
rights.append(item)
data = {}
data.setdefault("items", rights)
data.setdefault("total", total)
return json_response_ok(data)
def get_check_uids(
appname, projectname, applabel, module,
action="checked", perm_lc="all"):
# get perm id
perm_name = '%s-%s-%s' % (applabel, module, action)
right_cond = {
'perm_name': perm_name, 'app_name': projectname, "lc": perm_lc}
perm = Right.find_one(appname, right_cond)
if not perm:
_LOGGER.error("the right:%s not exist" % perm_name)
#get user who has this right
check_ids = []
perm_id = perm["_id"]
perm_key = "permission_list.%s" % projectname
group_cond = {perm_key: perm_id}
groups_info = Group.find(appname, group_cond)
group_ids = [i["_id"] for i in groups_info]
for gid in group_ids:
group_info = user_info(appname, gid)
user_ids = [i["id"] for i in group_info]
check_ids += user_ids
user_cond = {perm_key: perm_id}
users_info = User.find(appname, user_cond)
user_ids = [i["_id"] for i in users_info]
check_ids += user_ids
check_ids = list(set(check_ids))
return check_ids
def group_right_mod(appname, projectname, gid, data):
'''
this api is used to modify one group
Request URL: /auth/user/{gid}
HTTP Method:POST
Parameters:
{
"perm_list":[1,2,3,4]
}
Return :
{
"status":0
"data":{}
}
'''
# check if group id in db
cond = {"_id": gid}
fields = {"_id": 0}
group_info = Group.find_one_group(appname, cond, fields)
if not group_info:
return json_response_error(PARAM_ERROR, msg="the group not exist")
right_list = [int(rid) for rid in data["perm_list"]]
right_list = list(set(right_list))
# check if right id in db
for rid in right_list:
if not Right.find_one_right(appname, {"_id": rid}):
return json_response_error(
PARAM_ERROR, msg="the right id:%s not exist" % rid)
# update group right info
group_info["permission_list"][projectname] = right_list
Group.update_group(appname, cond, group_info)
return json_response_ok({}, msg="update group right success")
def check_session(appname, module, opname, action, lc, uid):
'''
check user right
'''
rightids = []
perm_names = ['%s-%s-%s' % (opname, module, action), ]
for perm_name in perm_names:
perm = Right.find_one_right(appname, {'perm_name': perm_name})
if perm:
if perm['_id'] not in rightids:
rightids.append(perm['_id'])
usr = User.find_one_user({'_id': uid})
usrights = usr['permission_list']
if not usr:
return json_response_error(AUTH_ERROR)
if usr['is_superuser']:
return json_response_ok()
usrgroup = usr['group_id']
for group in usrgroup:
group_info = Group.find_one_group({'_id': group})
usrights.extend(group_info['permission_list'])
for rightid in rightids:
if rightid in usrights:
return json_response_ok()
return json_response_error(AUTH_ERROR)
def right_delete(appname, pids):
'''
delete right
'''
pidlist = pids.split(',')
ids = Right.del_right(appname, pidlist)
if not ids:
return json_response_ok()
else:
return json_response_error(PARAM_ERROR, msg="ids:%s is invalid" % ids)
def get_perms_by_ids(appname, projectname, pids, perm_type="module"):
'''
an internal function for getting permissions by id array
'''
permissions = []
for pid in pids:
perm_cond = {
"app_name": projectname, "_id": pid, "perm_type": perm_type}
perm = Right.find_one_right(appname, perm_cond, None)
if perm:
permissions.append(perm)
return permissions
def user_right_mod(appname, projectname, uid, data):
"""
this api is used to modify one group
Request URL: /auth/user/{gid}
HTTP Method:POST
Parameters:
{
"perm_list":[1,2,3,4]
"disable_list":[1,2,3,4]
}
Return :
{
"status":0
"data":{}
}
"""
# check if user id in db
cond = {"_id": uid}
fields = {"_id": 0}
user_info = User.find_one_user(appname, cond, fields)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user not exist")
# check if right id in db
right_list = [int(rid) for rid in data["perm_list"]]
right_list = list(set(right_list))
for rid in right_list:
if not Right.find_one_right(appname, {"_id": rid}):
return json_response_error(PARAM_ERROR, msg="the right id:%s not exist" % rid)
group_perm_ids = []
gids = user_info.get("group_id")
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
perm_ids = group_info.get("permission_list")
group_perm_ids += perm_ids.get(projectname, [])
if group_perm_ids:
group_perm_ids = list(set(group_perm_ids))
# update user right info
user_right_list = []
for rid in right_list:
if rid not in group_perm_ids:
user_right_list.append(rid)
user_info["permission_list"][projectname] = user_right_list
User.update_user(appname, cond, user_info)
return json_response_ok({}, msg="update user right success")
def init_navigate_list(appname, uid):
'''
return values like below:
[
{
"display_value":"环信",
"value":"square_console"
}
]
'''
assert uid
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
app_names = []
if user_info.get("is_superuser"):
app_names = Right.find_right(
appname, {}, {"app_name": 1}, toarray=True)
else:
user_right_info = user_info.get("permission_list")
# get user privately-owned right
for app_name in user_right_info:
if user_right_info.get(app_name):
app_names.append(app_name)
# get user publicly-owned right
gids = user_info.get("group_id")
if gids:
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
group_right_info = group_info.get("permission_list")
for app_name in group_right_info:
if group_right_info.get(app_name):
app_names.append(app_name)
else:
_LOGGER.error("group id:%s error", gid)
navigates = []
if app_names:
app_names = list(set(app_names))
for app_name in app_names:
app_dict = {}
app_display = NAV_DICT.get(app_name)
app_dict.setdefault("display_value", app_display)
app_dict.setdefault("value", app_name)
navigates.append(app_dict)
return navigates
def get_perms_by_uid(appname, projectname, uid, perm_type="module"):
right_ids = []
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
perm_cond = {"app_name": projectname, "perm_type": perm_type}
if user_info.get("is_superuser"):
return Right.find_right(appname, perm_cond, {"_id": 1}, toarray=True)
else:
user_right_info = user_info.get("permission_list")
right_ids = user_right_info.get(projectname, [])
gids = user_info.get("group_id")
if gids:
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
group_right_info = group_info.get("permission_list")
right_ids += group_right_info.get(projectname, [])
if right_ids:
right_ids = list(set(right_ids))
return get_perms_by_ids(appname, projectname, right_ids, perm_type)
def right_get(appname, rid):
'''
this api is used to view one right
Request URL: /auth/right/{rid}
HTTP Method:GET
Return:
Parameters: None
{
"status":0
"data":{
"item":[
{
"id":"2",
"role":"admin",
"last_login":"******"
}
}
'''
right_info = Right.find_one_right(appname, {'_id': rid}, None)
if right_info:
return json_response_ok(right_info)
else:
return json_response_error(PARAM_ERROR, msg="not app:%s" % rid)
