def update(policy_id, **kw):
# 参数合法性检查. 如果不合法,直接报错.
is_valid_kw(Policy, is_update=True, **kw)
# 获取想要的记录
p = Policy.get('id', policy_id)
# 如果找不到这条记录,报错
if not p:
raise AttributeError("Could not find in policy with [id]=[%s]. So could not update it, either."
% policy_id)
for key_name in kw:
if key_name in p:
p[key_name] = kw[key_name]
now = utc_8_now()
p['update_time'] = now
p.update()
def update(policy_id, **kw):
# 参数合法性检查. 如果不合法,直接报错.
is_valid_kw(Policy, is_update=True, **kw)
# 获取想要的记录
p = Policy.get('id', policy_id)
# 如果找不到这条记录,报错
if not p:
raise AttributeError(
"Could not find in policy with [id]=[%s]. So could not update it, either."
% policy_id)
for key_name in kw:
if key_name in p:
p[key_name] = kw[key_name]
now = utc_8_now()
p['update_time'] = now
p.update()
def check(action: int, resource: Resource):
"""
Function to check the user access for a particular action on resource
:return: bool
"""
logged_in_user = User.get(
filters={'username': UserLogin.check_session().username})[0]
user_roles = Role.get(filters={'id': logged_in_user.roles})
policies = []
for role in user_roles:
policies.extend(role.policies)
user_policies = Policy.get(filters={'id': policies})
resource_policies = [
policy for policy in user_policies
if policy.resource == '*' or policy.resource == resource
]
# check for the denied policy
denied_policy = next(
(policy
for policy in resource_policies if policy.effect == 'deny' and (
policy.action == '*' or policy.action == action)), None)
if denied_policy:
return False
# check for an allowed policy
allowed_policy = next(
(policy
for policy in resource_policies if policy.effect == 'allow' and (
policy.action == '*' or policy.action == action)), None)
if allowed_policy:
return True
return False
