def get_policies(enforcer: casbin.Enforcer, user='', path='', method=''):
if enforcer is None:
enforcer = init_enforcer()
rules = enforcer.get_filtered_policy(0, user, path, method)
# TODO: Make sure the /protocol/* cases are handled properly.
return [{
'user': rule[0],
'path': rule[1],
'method': rule[2]
} for rule in rules]
def get_authorized_user(
req: Request,
enforcer: Enforcer = Depends(get_enforcer),
me: User = Depends(get_current_user),
) -> User:
sub = me.role
obj = req.url.path.removeprefix(settings.root_path)
act = req.method
if enforcer.enforce(sub, obj, act):
return me
raise HTTPException(status_code=403)
def get_enforcer() -> Enforcer:
dir_ = path.dirname(__file__)
return Enforcer(
path.join(dir_, "ac_model.conf"),
path.join(dir_, "ac_policies.csv"),
)
def get_all_roles(enforcer: casbin.Enforcer):
if enforcer is None:
enforcer = init_enforcer()
return enforcer.get_all_roles()
def get_roles(enforcer: casbin.Enforcer, user):
if enforcer is None:
enforcer = init_enforcer()
return enforcer.get_roles_for_user(user)
def delete_policy(enforcer: casbin.Enforcer, user='', path='', method=''):
if enforcer is None:
enforcer = init_enforcer()
return enforcer.remove_filtered_policy(0, user, path, method)
def add_policy(enforcer: casbin.Enforcer, user, path, method):
if enforcer is None:
enforcer = init_enforcer()
return enforcer.add_permission_for_user(user, path, method)
def check_access(enforcer: casbin.Enforcer, user, path, method):
if enforcer is None:
enforcer = init_enforcer()
return enforcer.enforce(user, path, method)
def _create_casbin_enforcer(self, app):
self.enforcer = Enforcer(model=app.config.get('CASBIN_MODEL'),
adapter=app.config.get('CASBIN_POLICY'),
enable_log=True)