コード例 #1
0
ファイル: role.py プロジェクト: lyleshaw/Program-Practice 
def _check_group_exist_and_permission(session: Session, user: UserDB,
                                      role_id: int) -> (RoleDB, AppError):
    role = get_role_by_id(session, role_id)
    if role is None:
        return None, NotFound()
    if not has_permission_manage_role(role, user):
        return None, PermissionError()
    return role, None
コード例 #2
0
ファイル: role.py プロジェクト: lyleshaw/Program-Practice 
async def my_roles(user_id: int,
                   manager: UserDB = Depends(get_user),
                   session: Session = Depends(get_session)):
    has_permission, user_ids = has_permission_manage_user_ids(
        session, manager, [user_id])
    if not has_permission and not user_id == manager.id:
        return error_response(PermissionError())
    role_list = get_role_by_user_id(session, user_id)
    data = [RoleSerializer.from_orm(role).dict() for role in role_list]
    return success_response(data)
コード例 #3
0
async def read_op_user_(op_user_id: int,
                        manager: UserDB = Depends(get_user),
                        session: Session = Depends(get_session)):
    op_user = get_user_by_id(session, op_user_id)
    if op_user is None:
        return error_response(NotFound("没找到该用户~"))
    if not has_permission_manage_user(manager, op_user):
        return error_response(PermissionError())

    return success_response(to_UserDetailSerializer(op_user))
コード例 #4
0
async def manage_reset_password(op_user_id_list: List[int] = Body(...),
                                manager: UserDB = Depends(get_user),
                                session: Session = Depends(get_session)):
    op_user_line = get_users_by_id_list(session, op_user_id_list)
    for op_user in op_user_line:
        if not has_permission_manage_user(manager, op_user):
            return error_response(PermissionError())
        op_user.generate_password_hash('123456789')
    session.commit()
    return success_response({'count': len(op_user_line)})
コード例 #5
0
ファイル: user.py プロジェクト: lyleshaw/Program-Practice 
def get_user_id(token: Optional[str] = Cookie(
    "",
    alias='user-token',
    title="用户token",
    description="推荐通过登录的方式来获得登录凭证(存在cookies中),之后这里就不需要填了"
    "如果想换一个用户(比如换成没权限的用户),可以通过游览器删除token"),
                authorization: Optional[str] = Header(
                    "", alias='Authorization')) -> int:
    user_id, ok = decode_token(token or authorization)
    if not ok:
        raise PermissionError()
    return user_id
コード例 #6
0
ファイル: user.py プロジェクト: lyleshaw/Program-Practice 
def common_user_search_with_permission_check(
    manager: UserDB, query: Query, session: Session,
    params: CommonlyUsedUserSearch
) -> Tuple[Union[Query, None], Union[AppError, None]]:
    from apps.a_common.permission import has_permission_manage_role

    if params.role_id is None:
        return None, InvalidParamError('请选择角色')

    if has_permission_manage_role(
            get_role_by_id(session=session, i=params.role_id), manager):
        query = query.filter(User2RoleDB.role_id == params.role_id)
    else:
        return None, PermissionError('您没有查看这个组的权限')

    return common_user_search(query, params), None
コード例 #7
0
async def update_op_user_(op_user_id: int,
                          user_data: ManagerUpdateUserSerializer,
                          manager: UserDB = Depends(get_user),
                          session: Session = Depends(get_session)):
    op_user = get_user_by_id(session, op_user_id)
    if not has_permission_manage_user(manager, op_user):
        return error_response(PermissionError())

    op_user.sex = user_data.sex
    op_user.phone = user_data.phone
    op_user.address = user_data.address
    op_user.nation = user_data.nation
    op_user.birthday = user_data.birthday
    op_user.name = user_data.name
    session.commit()
    return success_response(to_UserDetailSerializer(op_user))
コード例 #8
0
ファイル: role.py プロジェクト: lyleshaw/Program-Practice 
async def add_user_to_role(role_id: int,
                           user_ids: List[int] = Body(...),
                           manager: UserDB = Depends(get_user),
                           session: Session = Depends(get_session)):
    role, err = _check_group_exist_and_permission(session, manager, role_id)
    if err is not None:
        return error_response(err)
    has_permission, user_ids = has_permission_manage_user_ids(
        session, manager, user_ids)
    if not has_permission:
        return error_response(PermissionError())

    session.add_all(
        tuple(User2RoleDB(user_id=i, role_id=role_id) for i in user_ids))
    update_user_identity(session, user_ids, UserIdentity.ADMIN)
    session.commit()
    return success_response()
コード例 #9
0
ファイル: role.py プロジェクト: lyleshaw/Program-Practice 
async def del_user_to_role(role_id: int,
                           user_ids: List[int],
                           manager: UserDB = Depends(get_user),
                           session: Session = Depends(get_session)):
    role, err = _check_group_exist_and_permission(session, manager, role_id)
    if err is not None:
        return error_response(err)
    has_permission, user_ids = has_permission_manage_user_ids(
        session, manager, user_ids)
    if not has_permission:
        return error_response(PermissionError())

    session.query(User2RoleDB).filter(
        User2RoleDB.role_id == role_id,
        User2RoleDB.user_id.in_(user_ids)).delete(False)
    cancel_user_as_admin_if_no_role(session, user_ids)
    session.commit()
    return success_response()
コード例 #10
0
 async def wrapper(*args, **kwargs):
     user = _find_user(*args, **kwargs)
     if user is None or not user.is_superuser:
         raise PermissionError()
     
     return await func(*args, **kwargs)
コード例 #11
0
 async def wrapper(*args, **kwargs):
     user = _find_user(*args, **kwargs)
     if not has_permission(user, permission_name):
         raise PermissionError()
     
     return await func(*args, **kwargs)