def is_in_auth_scope(group_id, endpoint):
meta = current_app.config['EP_META'].get(endpoint)
allowed = False
if meta:
allowed = AuthModel.get(group_id=group_id,
auth=meta.auth,
module=meta.module)
return True if allowed else False
def update_auth_list():
'''添加多个权限(到某个权限组)'''
validator = AuthsValidator().validate_for_api()
auth_list = [get_ep_name(id) for id in validator.auth_ids.data]
group_id = validator.group_id.data
for auth in auth_list:
one = AuthModel.get(group_id=group_id, auth=auth)
if not one:
meta = find_auth_module(auth)
AuthModel.create(group_id=group_id,
auth=meta.auth,
module=meta.module)
return Success(error_code=1)
def append_auth_list(group_id, auth_ids=[]):
'''
:param group_id: 权限组id
:param auth_ids: 权限id数组
:return:
'''
auth_name_list = [get_ep_name(id) for id in auth_ids]
with db.auto_commit():
for name in auth_name_list:
one = Auth.get(group_id=group_id, name=name)
if not one:
meta = find_auth_module(name)
Auth.create(group_id=group_id,
name=meta.name,
module=meta.module,
commit=False)
def put(self, id):
args = self.reqparse.parse_args()
auth = Auth.get(id)
if auth and (not auth.is_delete) and auth.update(**args):
return 'update %s success' % auth.email, 202
return ' %s not found' % auth.email, 404
def delete(self, id):
auth = Auth.get(id)
if auth and (not auth.is_delete):
auth.remove()
return "Delete success", 204
return "Not Found", 404
def get(self, id):
auth = Auth.get(id)
if auth and (not auth.is_delete):
return marshal(auth, auth_fields), 201
return "Not Found"