def provides(self): needs = [RoleNeed('auth'), UserNeed(self.pk)] if self.is_sa: needs.append(RoleNeed('admin')) return needs
def test_contains(): p1 = Permission(RoleNeed('boss'), RoleNeed('lackey')) p2 = Permission(RoleNeed('lackey')) assert p2.issubset(p1) assert p2 in p1
def test_permission_or(): p1 = Permission(RoleNeed('boss'), RoleNeed('lackey')) p2 = Permission(RoleNeed('lackey'), RoleNeed('underling')) p3 = p1 | p2 p4 = p1.difference(p2) assert p3.needs == p4.needs
def test_permission_and(): p1 = Permission(RoleNeed('boss')) p2 = Permission(RoleNeed('lackey')) p3 = p1 & p2 p4 = p1.union(p2) assert p3.needs == p4.needs
def provides(self): needs = [RoleNeed('authenticated'), UserNeed(self.id)] if self.is_moderator: needs.append(RoleNeed('moderator')) if self.is_admin: needs.append(RoleNeed('admin')) return needs
def permissionHandler(sender, identity): #先给登录用户赋予通用权限 identity.provides.add(RoleNeed('loginUser')) #不同的用户赋予不同的权限 if identity.name == 'admin': print '赋予adminRole权限给' + identity.name identity.provides.add(RoleNeed('adminRole')) if identity.name != 'admin': print '赋予sayHi权限给' + identity.name identity.provides.add(ActionNeed('sayHi')) else: pass
from flask import Flask, Response, redirect, url_for, request, session, abort from flaskext.principal import Identity, Principal, RoleNeed, UserNeed, \ Permission, identity_changed, identity_loaded app = Flask(__name__) # config app.config.update(DEBUG=True, SECRET_KEY='secret_xxx') # flask-principal principals = Principal() normal_role = RoleNeed('normal') normal_permission = Permission(normal_role) principals._init_app(app) # silly user model class User(object): def __init__(self, id): self.id = id self.name = "user" + str(id) self.password = self.name + "_secret" def __repr__(self): return "%d/%s/%s" % (self.id, self.name, self.password) # create some users with ids 1 to 20 users = [User(id) for id in range(1, 21)]
from flaskext.principal import Permission, RoleNeed,\ UserNeed # define permissions admin = Permission(RoleNeed('admin')) moderator = Permission(RoleNeed('moderator')) auth = Permission(RoleNeed('authenticated')) # this is assigned when you want to block a permission to all # never assign this role to anyone ! null = Permission(RoleNeed('null')) class Permissions(object): def __init__(self, obj): self.obj = obj def __getattr__(self, name): return getattr(self.obj, name)
# coding: utf-8 from flaskext.principal import RoleNeed, Permission sa = Permission(RoleNeed('admin')) normal = Permission(RoleNeed('auth')) # this is assigned when you want to block a permission to all # never assign this role to anyone ! null = Permission(RoleNeed('null'))
import datetime from flask import Flask, Response, session, request, redirect, url_for from flaskext.principal import Principal, Permission, RoleNeed, ActionNeed, PermissionDenied, identity_changed, identity_loaded, Identity app = Flask(__name__) #配置app参数 app.config.update( #使用session必须要配置secret key SECRET_KEY=os.urandom(32).encode('hex')) #集成principal支持 principal = Principal(app) #配置某种操作的权限 sayHiPermission = Permission(ActionNeed('sayHi')) #配置登录用户权限,只要用户登录了就授予该权限 loginPermission = Permission(RoleNeed('loginUser')) #配置某角色权限 adminRolePermission = Permission(RoleNeed('adminRole')) #设置无权限处理器 @app.errorhandler(PermissionDenied) def permissionDenied(error): print '该操作(' + request.url + ')需要的访问权限为:' + str(error.args[0].needs) #先记录来源地址 session['redirected_from'] = request.url #如果用户已登录则显示无权限页面 if session.get('identity.name'): return '访问被拒绝!<br/>该问该页面(' + request.url + ')需要的权限是' + str( error.args[0].needs) + ',目前用户拥有的权限是' + str( session.get('identity').provides)
#! /usr/bin/env python #coding=utf-8 from flaskext.principal import RoleNeed, Permission admin_permission = Permission(RoleNeed('admin')) moderator_permission = Permission(RoleNeed('moderator')) auth_permission = Permission(RoleNeed('authenticated')) # this is assigned when you want to block a permission to all # never assign this role to anyone ! null_permission = Permission(RoleNeed('null'))
def permission(*roles): perm = Permission(RoleNeed('none')) for x in roles: perm = perm.union(x) return perm
perm = perm.union(x) return perm class Permissions(dict): def __getattr__(self, attr): try: return self[attr] except: return super(self, dict).attr def __setattr__(self, attr, value): self[attr] = value permissions = Permissions() permissions.read = Permission(RoleNeed('read')) permissions.insert = Permission(RoleNeed('insert')) permissions.modify = Permission(RoleNeed('modify')) permissions.delete = Permission(RoleNeed('delete')) permissions.full_access = permission(permissions.delete, permissions.insert, permissions.modify, permissions.read) @identity_loaded.connect def set_owned_by(sender, identity): permissions.owned_by = Permission(UserNeed(identity.user)) permissions.modify_own_content = permission(permissions.owned_by, permissions.full_access)
from .app import app from flask import Flask, Response from flaskext.principal import Principal, Permission, RoleNeed principals = Principal(app) admin_permission = Permission(RoleNeed('admin')) ####################################################################### ####################################################################### from flask import current_app from flaskext.principal import Identity, identity_changed def login_view(req): username = req.form.get('username') identity_changed.send(current_app._get_current_object(), identity=Identity(username)) ####################################################################### ####################################################################### from flaskext import principal identity_loaded = principal.identity_loaded #from flaskext.principal import indentity_loaded ## from pprint import pprint ## pprint(dir(principal)) ## #pprint(principal)
def _on_principal_init(sender, identity): if identity.name == 'ali': identity.provides.add(RoleNeed('admin'))
from flask import Flask, Response from flaskext.principal import Principal, Permission, Denial, RoleNeed, \ PermissionDenied, identity_changed, Identity, identity_loaded def _on_principal_init(sender, identity): if identity.name == 'ali': identity.provides.add(RoleNeed('admin')) class ReraiseException(Exception): """For checking reraising""" admin_permission = Permission(RoleNeed('admin')) anon_permission = Permission() admin_or_editor = Permission(RoleNeed('admin'), RoleNeed('editor')) editor_permission = Permission(RoleNeed('editor')) admin_denied = Denial(RoleNeed('admin')) def mkapp(): app = Flask(__name__) app.secret_key = 'notverysecret' app.debug = True p = Principal(app)