def check_perm(perm, user, tenantName=None, serviceAlias=None):
if isinstance(user, AnonymousUser):
raise PermissionDenied('this resource need login status',
redirect_url='/login')
if tenantName is None:
raise UrlParseError(500, 'tenantName is None')
if not hasattr(user, 'actions'):
user.actions = UserActions()
p = PermActions()
try:
tenant = Tenants.objects.get(tenant_name=tenantName)
identitys = PermRelTenant.objects.filter(
user_id=user.pk, tenant_id=tenant.pk).values_list("identity",
flat=True)
if not identitys:
raise PermRelTenant.DoesNotExist
tenant_identity = get_highest_identity(identitys)
tenant_actions = p.keys(
'tenant_{0}_actions'.format(tenant_identity))
user.actions.set_actions('tenant', tenant_actions)
if serviceAlias is not None:
service = TenantServiceInfo.objects.get(
tenant_id=tenant.tenant_id, service_alias=serviceAlias)
service_identity = PermRelService.objects.get(
user_id=user.pk, service_id=service.pk).identity
service_actions = p.keys(
'service_{0}_actions'.format(service_identity))
user.actions.set_actions('service', service_actions)
except Tenants.DoesNotExist:
raise UrlParseError(
404, 'no matching tenantName for {0}'.format(tenantName))
except TenantServiceInfo.DoesNotExist:
raise UrlParseError(
404, 'no matching serviceAlias for {0}'.format(serviceAlias))
except PermRelTenant.DoesNotExist:
tenant = Tenants.objects.filter(tenant_name=tenantName)[0]
if not user.is_sys_admin and tenantName != "grdemo":
raise UrlParseError(
403, 'no permissions for user {0} on tenant {1}'.format(
user.nick_name, tenant.tenant_name))
user.actions.set_actions('tenant', p.keys('tenant_viewer_actions'))
except PermRelService.DoesNotExist:
pass
if user.is_sys_admin:
return True
if perm in user.actions:
return True
raise PermissionDenied("you don't have enough permissions")
def check_perm(perm, user, tenantName=None, serviceAlias=None):
if isinstance(user, AnonymousUser):
raise PermissionDenied('this resource need login status', redirect_url='/login')
if tenantName is None:
raise UrlParseError(500, 'tenantName is None')
if not hasattr(user, 'actions'):
user.actions = UserActions()
p = PermActions()
try:
tenant = Tenants.objects.get(tenant_name=tenantName)
identitys = team_services.get_user_perm_identitys_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name)
role_id_list = team_services.get_user_perm_role_id_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name)
if not identitys and not role_id_list:
raise PermRelTenant.DoesNotExist
tenant_actions_tuple = ()
if identitys:
tenant_identity = get_highest_identity(identitys)
tenant_actions = p.keys('tenant_{0}_actions'.format(tenant_identity))
tenant_actions_tuple += tenant_actions
if role_id_list:
for role_id in role_id_list:
perm_tuple = role_perm_repo.get_perm_by_role_id(role_id=role_id)
tenant_actions_tuple += perm_tuple
user.actions.set_actions('tenant', tuple(set(tenant_actions_tuple)))
if serviceAlias is not None:
service = TenantServiceInfo.objects.get(tenant_id=tenant.tenant_id, service_alias=serviceAlias)
user_service_perms_id_list = ServiceRelPerms.objects.filter(
user_id=user.pk, service_id=service.pk).values_list(
"perm_id", flat=True)
perm_codename_list = role_perm_repo.get_perm_list_by_perm_id_list(perm_id_list=user_service_perms_id_list)
user.actions.set_actions('service', perm_codename_list)
except Tenants.DoesNotExist:
raise UrlParseError(404, 'no matching tenantName for {0}'.format(tenantName))
except TenantServiceInfo.DoesNotExist:
raise UrlParseError(404, 'no matching serviceAlias for {0}'.format(serviceAlias))
except PermRelTenant.DoesNotExist:
tenant = Tenants.objects.filter(tenant_name=tenantName)[0]
if not user.is_sys_admin and tenantName != "grdemo":
raise UrlParseError(403, 'no permissions for user {0} on tenant {1}'.format(user.nick_name, tenant.tenant_name))
user.actions.set_actions('tenant', p.keys('tenant_viewer_actions'))
except PermRelService.DoesNotExist:
pass
# if user.is_sys_admin:
# return True
if perm in user.actions:
return True
raise BusinessException(Response(general_message(403, "you don't have enough permissions", "您无权限执行此操作"), status=403))