def add(name, type_id, app_id): Resource.get_by( name=name, resource_type_id=type_id, app_id=app_id) and abort( 400, "Resource <{0}> is already existed".format(name)) return Resource.create(name=name, resource_type_id=type_id, app_id=app_id)
def update(_id, name): resource = Resource.get_by_id(_id) or abort(404, "Resource <{0}> is not found".format(_id)) other = Resource.get_by(name=name, resource_type_id=resource.resource_type_id, to_dict=False, first=True) if other and other.id != _id: return abort(400, "Resource <{0}> is duplicated".format(name)) return resource.update(name=name)
def has_permission(cls, rid, resource_name, resource_type, app_id, perm): resource_type = ResourceType.get_by(app_id=app_id, name=resource_type, first=True, to_dict=False) resource_type or abort( 404, "ResourceType <{0}> is not found".format(resource_type)) type_id = resource_type.id resource = Resource.get_by(name=resource_name, resource_type_id=type_id, first=True, to_dict=False) resource = resource or abort( 403, "Resource <{0}> is not in ACL".format(resource_name)) parent_ids = RoleRelationCRUD.recursive_parent_ids(rid) group_ids = cls.get_group_ids(resource.id) for parent_id in parent_ids: id2perms = RoleRelationCache.get_resources(parent_id) perms = id2perms['id2perms'].get(resource.id, []) if perms and {perm}.issubset(set(perms)): return True for group_id in group_ids: perms = id2perms['group2perms'].get(group_id, []) if perms and {perm}.issubset(set(perms)): return True return False
def delete(_id): resource = Resource.get_by_id(_id) or abort(404, "Resource <{0}> is not found".format(_id)) resource.soft_delete() for i in RolePermission.get_by(resource_id=_id, to_dict=False): i.soft_delete() role_rebuild.apply_async(args=(i.rid,), queue=ACL_QUEUE)
def delete(cls, rt_id): rt = ResourceType.get_by_id(rt_id) or abort( 404, "ResourceType <{0}> is not found".format(rt_id)) if Resource.get_by(resource_type_id=rt_id): return abort( 400, "At least one instance of this type exists and cannot be deleted" ) cls.update_perms(rt_id, [], rt.app_id) rt.soft_delete()
def _get_resource(self, name, resource_type_name): resource_type = ResourceType.get_by(name=resource_type_name, first=True, to_dict=False) resource_type or abort( 404, "ResourceType <{0}> cannot be found".format(resource_type_name)) return Resource.get_by(resource_type_id=resource_type.id, app_id=self.app_id, name=name, first=True, to_dict=False)
def del_resource(self, name, resource_type_name=None): resource_type = ResourceType.get_by(name=resource_type_name, first=True, to_dict=False) if resource_type: return abort( 400, "ResourceType <{0}> cannot be found".format( resource_type_name)) resource = Resource.get_by(resource_type_id=resource_type.id, app_id=self.app_id, name=name, first=True, to_dict=False) if resource: ResourceCRUD.delete(resource.id)
def get_permissions(cls, rid, resource_name): resource = Resource.get_by(name=resource_name, first=True, to_dict=False) resource = resource or abort( 403, "Resource <{0}> is not in ACL".format(resource_name)) parent_ids = RoleRelationCRUD.recursive_parent_ids(rid) group_ids = cls.get_group_ids(resource.id) perms = [] for parent_id in parent_ids: id2perms = RoleRelationCache.get_resources(parent_id) perms += id2perms['id2perms'].get(parent_id, []) for group_id in group_ids: perms += id2perms['group2perms'].get(group_id, []) return set(perms)
def delete(_id): resource = Resource.get_by_id(_id) or abort(404, "Resource <{0}> is not found".format(_id)) resource.soft_delete()