def provides(self):
needs = [RoleNeed('auth'), UserNeed(self.pk)]
if self.is_sa:
needs.append(RoleNeed('admin'))
return needs
def test_contains():
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
p2 = Permission(RoleNeed('lackey'))
assert p2.issubset(p1)
assert p2 in p1
def test_permission_or():
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
p2 = Permission(RoleNeed('lackey'), RoleNeed('underling'))
p3 = p1 | p2
p4 = p1.difference(p2)
assert p3.needs == p4.needs
def test_permission_and():
p1 = Permission(RoleNeed('boss'))
p2 = Permission(RoleNeed('lackey'))
p3 = p1 & p2
p4 = p1.union(p2)
assert p3.needs == p4.needs
def provides(self):
needs = [RoleNeed('authenticated'), UserNeed(self.id)]
if self.is_moderator:
needs.append(RoleNeed('moderator'))
if self.is_admin:
needs.append(RoleNeed('admin'))
return needs
def permissionHandler(sender, identity):
#先给登录用户赋予通用权限
identity.provides.add(RoleNeed('loginUser'))
#不同的用户赋予不同的权限
if identity.name == 'admin':
print '赋予adminRole权限给' + identity.name
identity.provides.add(RoleNeed('adminRole'))
if identity.name != 'admin':
print '赋予sayHi权限给' + identity.name
identity.provides.add(ActionNeed('sayHi'))
else:
pass
from flask import Flask, Response, redirect, url_for, request, session, abort
from flaskext.principal import Identity, Principal, RoleNeed, UserNeed, \
Permission, identity_changed, identity_loaded
app = Flask(__name__)
# config
app.config.update(DEBUG=True, SECRET_KEY='secret_xxx')
# flask-principal
principals = Principal()
normal_role = RoleNeed('normal')
normal_permission = Permission(normal_role)
principals._init_app(app)
# silly user model
class User(object):
def __init__(self, id):
self.id = id
self.name = "user" + str(id)
self.password = self.name + "_secret"
def __repr__(self):
return "%d/%s/%s" % (self.id, self.name, self.password)
# create some users with ids 1 to 20
users = [User(id) for id in range(1, 21)]
from flaskext.principal import Permission, RoleNeed,\
UserNeed
# define permissions
admin = Permission(RoleNeed('admin'))
moderator = Permission(RoleNeed('moderator'))
auth = Permission(RoleNeed('authenticated'))
# this is assigned when you want to block a permission to all
# never assign this role to anyone !
null = Permission(RoleNeed('null'))
class Permissions(object):
def __init__(self, obj):
self.obj = obj
def __getattr__(self, name):
return getattr(self.obj, name)
# coding: utf-8
from flaskext.principal import RoleNeed, Permission
sa = Permission(RoleNeed('admin'))
normal = Permission(RoleNeed('auth'))
# this is assigned when you want to block a permission to all
# never assign this role to anyone !
null = Permission(RoleNeed('null'))
import datetime
from flask import Flask, Response, session, request, redirect, url_for
from flaskext.principal import Principal, Permission, RoleNeed, ActionNeed, PermissionDenied, identity_changed, identity_loaded, Identity
app = Flask(__name__)
#配置app参数
app.config.update(
#使用session必须要配置secret key
SECRET_KEY=os.urandom(32).encode('hex'))
#集成principal支持
principal = Principal(app)
#配置某种操作的权限
sayHiPermission = Permission(ActionNeed('sayHi'))
#配置登录用户权限,只要用户登录了就授予该权限
loginPermission = Permission(RoleNeed('loginUser'))
#配置某角色权限
adminRolePermission = Permission(RoleNeed('adminRole'))
#设置无权限处理器
@app.errorhandler(PermissionDenied)
def permissionDenied(error):
print '该操作(' + request.url + ')需要的访问权限为:' + str(error.args[0].needs)
#先记录来源地址
session['redirected_from'] = request.url
#如果用户已登录则显示无权限页面
if session.get('identity.name'):
return '访问被拒绝!<br/>该问该页面(' + request.url + ')需要的权限是' + str(
error.args[0].needs) + ',目前用户拥有的权限是' + str(
session.get('identity').provides)
#! /usr/bin/env python
#coding=utf-8
from flaskext.principal import RoleNeed, Permission
admin_permission = Permission(RoleNeed('admin'))
moderator_permission = Permission(RoleNeed('moderator'))
auth_permission = Permission(RoleNeed('authenticated'))
# this is assigned when you want to block a permission to all
# never assign this role to anyone !
null_permission = Permission(RoleNeed('null'))
def permission(*roles):
perm = Permission(RoleNeed('none'))
for x in roles:
perm = perm.union(x)
return perm
perm = perm.union(x)
return perm
class Permissions(dict):
def __getattr__(self, attr):
try:
return self[attr]
except:
return super(self, dict).attr
def __setattr__(self, attr, value):
self[attr] = value
permissions = Permissions()
permissions.read = Permission(RoleNeed('read'))
permissions.insert = Permission(RoleNeed('insert'))
permissions.modify = Permission(RoleNeed('modify'))
permissions.delete = Permission(RoleNeed('delete'))
permissions.full_access = permission(permissions.delete, permissions.insert,
permissions.modify, permissions.read)
@identity_loaded.connect
def set_owned_by(sender, identity):
permissions.owned_by = Permission(UserNeed(identity.user))
permissions.modify_own_content = permission(permissions.owned_by,
permissions.full_access)
from .app import app
from flask import Flask, Response
from flaskext.principal import Principal, Permission, RoleNeed
principals = Principal(app)
admin_permission = Permission(RoleNeed('admin'))
#######################################################################
#######################################################################
from flask import current_app
from flaskext.principal import Identity, identity_changed
def login_view(req):
username = req.form.get('username')
identity_changed.send(current_app._get_current_object(),
identity=Identity(username))
#######################################################################
#######################################################################
from flaskext import principal
identity_loaded = principal.identity_loaded
#from flaskext.principal import indentity_loaded
## from pprint import pprint
## pprint(dir(principal))
## #pprint(principal)
def _on_principal_init(sender, identity):
if identity.name == 'ali':
identity.provides.add(RoleNeed('admin'))
from flask import Flask, Response
from flaskext.principal import Principal, Permission, Denial, RoleNeed, \
PermissionDenied, identity_changed, Identity, identity_loaded
def _on_principal_init(sender, identity):
if identity.name == 'ali':
identity.provides.add(RoleNeed('admin'))
class ReraiseException(Exception):
"""For checking reraising"""
admin_permission = Permission(RoleNeed('admin'))
anon_permission = Permission()
admin_or_editor = Permission(RoleNeed('admin'), RoleNeed('editor'))
editor_permission = Permission(RoleNeed('editor'))
admin_denied = Denial(RoleNeed('admin'))
def mkapp():
app = Flask(__name__)
app.secret_key = 'notverysecret'
app.debug = True
p = Principal(app)
