def register(self, app, *args, **kwargs): if not self._login_manager or self.app != app: self._login_manager = LoginManager() self._login_manager.user_callback = self.user_loader self._login_manager.init_app(app) self._login_manager.login_view = app.config.get('AUTH_LOGIN_VIEW', 'urls.index') self._login_manager.login_message = u'您需要登录授权才能访问' self.app = app if not self._principal: self._principal = Principal(app) identity_loaded.connect(self.identity_loaded) super(UserManager, self).register(app, *args, **kwargs)
def mkapp(): app = Flask(__name__) app.secret_key = 'notverysecret' app.debug = True p = Principal(app) @p.session_loader def user_by_uid(uid): if uid in identity_users: return Identity(uid, user=identity_users[uid]) @p.http_basic_loader @p.form_loader(['/login']) def user_by_credential(username, password): if username in identity_users and username == password: return Identity(username, user=identity_users[username]) identity_loaded.connect(_on_principal_init) @app.route('/') def index(): with admin_permission.required(): pass return Response('hello') @app.route('/a') @admin_permission.required() def a(): return Response('hello') @app.route('/b') @anon_permission.required() def b(): return Response('hello') @app.route('/c') def c(): with anon_permission.required(): raise ReraiseException @app.route('/d') @anon_permission.required() def d(): raise ReraiseException @app.route('/e') def e(): i = mkadmin() identity_changed.send(app, identity=i) with admin_permission.required(): return Response('hello') @app.route('/f') def f(): i = mkadmin() identity_changed.send(app, identity=i) with admin_or_editor.required(): return Response('hello') @app.route('/g') @admin_permission.required() @editor_permission.required() def g_(): return Response('hello') @app.route('/h') def h(): i = Identity('james', user=identity_users['james']) identity_changed.send(app, identity=i) with admin_permission.required(): with editor_permission.required(): pass @app.route('/j') def j(): i = Identity('james', user=identity_users['james']) identity_changed.send(app, identity=i) with admin_permission.required(403): with editor_permission.required(403): pass @app.route('/k') @admin_permission.required(403) def k(): return Response('hello') @app.route('/l') def l(): s = [] if not admin_or_editor: s.append("not admin") i = Identity('ali', user=identity_users['ali']) identity_changed.send(app, identity=i) if admin_or_editor: s.append("now admin") return Response('\n'.join(s)) @app.route("/m") def m(): with admin_denied.required(): pass return Response("OK") @app.route("/n") def n(): i = mkadmin() identity_changed.send(app, identity=i) with admin_denied.required(): pass return Response("OK") @app.route("/o") def o(): admin_or_editor.test() return Response("OK") @app.route("/p") def p_(): admin_or_editor.test(404) return Response("OK") @app.route("/login", methods=['GET', 'POST']) def login(): return Response(g.identity.uid) @app.route("/logout") def logout(): p.set_identity() return Response("OK") return app
#Controle de permissões def _on_principal_init(sender, identity): identity.user = current_user if hasattr(current_user, 'id'): identity.provides.add(UserNeed(current_user.id)) if hasattr(current_user, 'roles'): for role in current_user.roles: identity.provides.add(RoleNeed(role.name)) identity.provides.add(EditarAgenteNucleoNeed(unicode(current_user.id_nucleo))) identity_loaded.connect(_on_principal_init) @agente.route('/') @agente.route('/<int:page>', methods = ['GET', 'POST']) @login_required def index(page = 1): agentes = Agente.query.join(Nucleo, Agente.id_nucleo==Nucleo.id).add_columns(Agente.id, Agente.nome, Nucleo.descricao, Agente.coordenador_nucleo, Agente.coordenador_pastoral, Agente.email, Agente.celular, Nucleo.id.label("id_nucleo")).filter(or_(Nucleo.id==g.user.id_nucleo, g.user.coordenador_pastoral==True, g.user.coordenador_nucleo==True), and_(Agente.active==True)).order_by(Nucleo.descricao, Agente.nome).paginate(page, DATA_PER_PAGE, False) return render_template('agente/listar.html', menu='agente', cur_page=page, agentes=agentes)
def _init_principal(self, app): from cloudapp.identity import on_load_identity from flask.ext.principal import Principal, identity_loaded principal = Principal(app) identity_loaded.connect(on_load_identity) self.principal = principal