def on_identity_loaded(sender, identity):
#该方法将用户与角色等关联起来
#即将登录的用户与授权信息绑定
for role, users in userRoleMap.items():
if identity.name in users:
for action in rolePermissionMap.get(role):
identity.provides.add(ActionNeed(action))
#授予用户以登录权限
identity.provides.add(TypeNeed('auth'))
def script_info_cli_list(request):
"""Get ScriptInfo object for testing CLI list command."""
action_open = ActionNeed('open')
action_edit = ParameterizedActionNeed('edit', None)
app_ = app(request)
ext = InvenioAccess(app_)
ext.register_action(action_open)
ext.register_action(action_edit)
return ScriptInfo(create_app=lambda info: app_)
def _get_needs_for_roles(self, user):
needs = []
needs_for_roles = self.__model__.objects.filter(
entities__in=user.roles, deployment=user.deployment)
for need in needs_for_roles:
if need.items:
needs.extend([ItemNeed(need.action, item, 'object')
for item in need.items])
else:
needs.append(ActionNeed(need.action))
return needs
def _get_needs_for_user(self, user):
needs = []
needs_for_user = self.__model__.objects.filter(
entities=user, deployment=user.deployment)
for need in needs_for_user:
if need.items:
items = filter(lambda i: type(i) != dict, list(need.items))
needs.extend(
[ItemNeed(need.action, item, 'object') for item in items])
else:
needs.append(ActionNeed(need.action))
return needs
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
# Assuming the User model has a list of roles, update the
# identity with the roles that the user provides
if hasattr(current_user, 'action_permissions'):
for action_permission in current_user.action_permissions:
identity.provides.add(ActionNeed(action_permission))
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(identity.user, 'id'):
identity.provides.add(UserNeed(identity.user.id))
# Assuming the User model has a list of roles, update the
# identity with the roles that the user provides
# for role in getattr(identity.user, 'roles', []):
# identity.provides.add(RoleNeed(role[0]))
current_role = getattr(identity.user, 'current_role', None)
if current_role:
identity.provides = set()
identity.provides.add(RoleNeed(identity.user.current_role))
user_rights = getattr(identity.user, 'rights', None)
if isinstance(user_rights, dict):
for right in user_rights.get(current_role, []):
identity.provides.add(ActionNeed(right))
from app import GisApp, db
from flask.ext.principal import Principal, Permission, ActionNeed, identity_loaded, UserNeed, identity_changed, Identity, AnonymousIdentity
principals = Principal(GisApp)
permissions = {}
action_permissions = GisApp.config.get('ACTION_PERMISSIONS')
for action_permission in action_permissions:
permissions[action_permission] = Permission(ActionNeed(action_permission))
locals().update(permissions)
FlaskCLI(app)
Babel(app)
Mail(app)
Menu(app)
InvenioDB(app)
InvenioAccounts(app)
app.register_blueprint(blueprint)
InvenioAdmin(app,
permission_factory=lambda x: x,
view_class_factory=lambda x: x)
access = InvenioAccess(app)
action_read = ActionNeed('read')
access.register_action(action_read)
action_read_permission = DynamicPermission(action_read)
@app.route('/action_read')
@action_read_permission.require()
def action_read():
pass
action_upload_content = ActionNeed('add_content')
access.register_action(action_upload_content)
upload_content_permission = DynamicPermission(action_upload_content)
# -*- coding: utf-8 -*-
from flask import abort
from flask.ext.principal import Permission, ActionNeed, RoleNeed, ItemNeed
# View
view_events = Permission(ActionNeed('view_events'), RoleNeed('admin'))
view_participants = Permission(ActionNeed('view_participants'),
RoleNeed('admin'))
view_messages = Permission(ActionNeed('view_messages'), RoleNeed('admin'))
view_quality_assurance = Permission(ActionNeed('view_quality_assurance'),
RoleNeed('admin'))
view_process_analysis = Permission(ActionNeed('view_process_analysis'),
RoleNeed('admin'))
view_result_analysis = Permission(ActionNeed('view_result_analysis'),
RoleNeed('admin'))
# Add
add_submission = Permission(ActionNeed('add_submission'), RoleNeed('admin'))
# Edit
edit_forms = Permission(ActionNeed('edit_forms'), RoleNeed('admin'))
edit_locations = Permission(ActionNeed('edit_locations'), RoleNeed('admin'))
edit_submission = Permission(ActionNeed('edit_submission'), RoleNeed('admin'))
edit_both_submissions = Permission(ActionNeed('edit_both_submissions'),
RoleNeed('admin'))
edit_submission_quarantine_status = Permission(
ActionNeed('edit_submission_quarantine_status'), RoleNeed('admin'))
edit_submission_verification_status = Permission(
ActionNeed('edit_submission_verification_status'), RoleNeed('admin'))
edit_participant = Permission(ActionNeed('edit_participant'),
RoleNeed('admin'))
from flask import abort
from flask.ext.principal import Permission, ActionNeed, RoleNeed, ItemNeed
# View
view_events = Permission(ActionNeed('view_events'), RoleNeed('admin'))
view_messages = Permission(ActionNeed('view_messages'), RoleNeed('admin'))
view_analyses = Permission(ActionNeed('view_analyses'), RoleNeed('admin'))
# Add
add_submission = Permission(ActionNeed('add_submission'), RoleNeed('admin'))
# Edit
edit_forms = Permission(ActionNeed('edit_forms'), RoleNeed('admin'))
edit_locations = Permission(ActionNeed('edit_locations'), RoleNeed('admin'))
edit_submission = Permission(ActionNeed('edit_submission'), RoleNeed('admin'))
edit_participant = Permission(ActionNeed('edit_participant'),
RoleNeed('admin'))
edit_location = Permission(ActionNeed('edit_location'), RoleNeed('admin'))
# Import
import_participants = Permission(ActionNeed('import_participants'),
RoleNeed('admin'))
import_locations = Permission(ActionNeed('import_locations'),
RoleNeed('admin'))
# Export
export_participants = Permission(ActionNeed('export_participants'),
RoleNeed('admin'))
export_messages = Permission(ActionNeed('export_messages'), RoleNeed('admin'))
export_submissions = Permission(ActionNeed('export_submissions'),
RoleNeed('admin'))
_roles = dict()
_permissions = dict()
with app.app_context():
user_roles = db.session.query(rbUserProfile).all()
if user_roles:
for role in user_roles:
if role.code:
_roles[role.code] = Permission(RoleNeed(role.code))
# _roles[role.code].name = role.name
for right in getattr(role, 'rights', []):
if right.code and right.code not in _permissions:
_permissions[right.code] = Permission(
ActionNeed(right.code))
# _permissions[right.code].name = right.name
# roles = Bunch(**_roles)
# permissions = Bunch(**_permissions)
def roles_require(*role_codes):
http_exception = 403
def factory(func):
@wraps(func)
def decorator(*args, **kwargs):
if current_user.is_admin():
return func(*args, **kwargs)
checked_roles = list()
for role_code in role_codes:
from invenio_access.permissions import DynamicPermission
# Create Flask application
app = Flask(__name__)
app.secret_key = 'ExampleApp'
FlaskCLI(app)
Babel(app)
Mail(app)
Menu(app)
InvenioDB(app)
InvenioAccounts(app)
app.register_blueprint(blueprint)
access = InvenioAccess(app)
action_open = ActionNeed('open')
access.register_action(action_open)
action_read = ActionNeed('read')
access.register_action(action_read)
@app.route("/")
def index():
"""Basic test view."""
identity = g.identity
actions = {}
for action in access.actions:
actions[action.value] = DynamicPermission(action).allows(identity)
if current_user.is_anonymous:
#用户
userMap = {}
#用户角色对应关系
userRoleMap = {}
#角色权限对应关系
rolePermissionMap = {}
#web应用
app = Flask(__name__)
#配置secret才能使用session
app.config.update(
#随机32位足够复杂的secret key
SECRET_KEY=os.urandom(32).encode('hex'))
#装载认证扩展
principals = Principal(app)
##########权限配置##########
update_script_permission = Permission(ActionNeed('update_script'))
update_app_permission = Permission(ActionNeed('update_app'))
vindicate_game_permission = Permission(ActionNeed('vindicate_game'))
view_console_permission = Permission(ActionNeed('view_console'))
view_agent_permission = Permission(ActionNeed('view_agent'))
switch_sync_config_permission = Permission(ActionNeed('switch_sync_config'))
backup_database_permission = Permission(ActionNeed('backup_database'))
#游戏服启停操作
manage_game_app_permission = Permission(ActionNeed('manage_game_app'))
#其他应用启停操作
manage_app_permission = Permission(ActionNeed('manage_app'))
#已登录权限,所有已登录用户都应该授予该权限
auth_permission = Permission(TypeNeed('auth'))
#国际化
babel = Babel(app)
#master