Esempio n. 1
0
    def get(self, request, *args, **kwargs):
        """Return the list of roles / permissions available to the current user"""
        user = request.user

        roles = {}

        for ruleset in RuleSet.RULESET_CHOICES:

            role, text = ruleset

            permissions = []

            for permission in RuleSet.RULESET_PERMISSIONS:
                if check_user_role(user, role, permission):

                    permissions.append(permission)

            if len(permissions) > 0:
                roles[role] = permissions
            else:
                roles[role] = None  # pragma: no cover

        data = {
            'user': user.pk,
            'username': user.username,
            'roles': roles,
            'is_staff': user.is_staff,
            'is_superuser': user.is_superuser,
        }

        return Response(data)
Esempio n. 2
0
    def get(self, request, *args, **kwargs):

        user = request.user

        roles = {}

        for ruleset in RuleSet.RULESET_CHOICES:

            role, text = ruleset

            permissions = []

            for permission in RuleSet.RULESET_PERMISSIONS:
                if check_user_role(user, role, permission):

                    permissions.append(permission)

            if len(permissions) > 0:
                roles[role] = permissions
            else:
                roles[role] = None

        data = {
            'user': user.pk,
            'username': user.username,
            'roles': roles,
            'is_staff': user.is_staff,
            'is_superuser': user.is_superuser,
        }

        return Response(data)
Esempio n. 3
0
    def update(self, request, *args, **kwargs):
        '''
            修改用户权限点
            :param request.data:
            [
                "users.add_user",
                "users.change_user",
                "users.delete_user"
            ]
        '''
        permissions = []
        user = self.get_object()

        # 设置权限范围不能大于自己所拥有的权限
        # 设置权限对象不能是自己
        if (not user.is_superuser and not \
            set(request.data).issubset(request.user.get_all_permissions())) \
            or user == request.user:
            return Response({'detail': '权限拒绝'},
                            status=status.HTTP_403_FORBIDDEN)

        try:
            for permission_node in request.data:
                permission_node = permission_node.split('.', 1)
                permission = Permission.objects.get(
                    content_type__app_label=permission_node[0],
                    codename=permission_node[1])
                permissions.append(permission)
            user.user_permissions.set(permissions)
        except Exception as e:
            logger.error(e)
            return Response({'detail': str(e)},
                            status=status.HTTP_400_BAD_REQUEST)
        return Response({'detail': '设置权限成功'},
                        status=status.HTTP_204_NO_CONTENT)
Esempio n. 4
0
    def get(self, request, *args, **kwargs):
        token = {"token": ""}
        token["token"] = request.META.get('HTTP_AUTHENTICATION').split("Token ")[1]
        valid_data = VerifyJSONWebTokenSerializer().validate(token)
        user = valid_data['user']
        if not user:
            return APIResponse(http_status=400, status=status.HTTP_400_BAD_REQUEST)
        user_role = repr(user.role)
        if user_role == 'customer_admin':
            roles = ['org_user', 'org_admin']
            users = User.objects.filter(creator__id=user.id)
        elif user_role == 'org_admin':
            roles = ['org_user']
            users = User.objects.filter(role__uid__in=roles)
        else:
            roles = []
            users = []
        permissions = []
        for user in users:
            permissions.append(user.get_permission_list())
        # info = {"data": USER_MANAGE_ROLES}
        info = {"data": permissions}

        pprint.pprint(info['data'])

        return Response({"code": 200, "result": info, "pageSize": 50,
                         "pageNo": 0,
                         "totalPage": 1,
                         "totalCount": len(permissions)})
Esempio n. 5
0
 def update(self, request, *args, **kwargs):
     '''
         :param request.data:
          [
             "users.add_user",
             "users.change_user",
             "users.delete_user"
         ]
     '''
     group = self.get_object()
     permissions = []
     try:
         for permission_node in request.data:
             permission_node = permission_node.split('.', 1)
             permission = Permission.objects.get(
                 content_type__app_label=permission_node[0],
                 codename=permission_node[1])
             permissions.append(permission)
         group.permissions.set(permissions)
     except Exception as e:
         logger.error(e)
         return Response({'detail': str(e)},
                         status=status.HTTP_400_BAD_REQUEST)
     return Response({'detail': '设置权限成功'},
                     status=status.HTTP_204_NO_CONTENT)
Esempio n. 6
0
    def get_permissions(self):
        permissions = []
        if self.action == ['update', 'create', 'destroy']:
            permissions.append(IsActiveAndAdmin)

        return permissions
Esempio n. 7
0
    def has_permission(self, request, view):
        permission = self.get_permissions(view.layer, request.user)
        permissions = []

        if permission['view']:
            permissions.append('get')
            permissions.append('options')
        if permission['add']:
            permissions.append('post')
        if permission['update']:
            permissions.append('put')
            permissions.append('patch')
        if permission['delete']:
            permissions.append('delete')

        if request.method.lower() in permissions:
            return True
        else:
            return False