def _check_group_exist_and_permission(session: Session, user: UserDB, role_id: int) -> (RoleDB, AppError): role = get_role_by_id(session, role_id) if role is None: return None, NotFound() if not has_permission_manage_role(role, user): return None, PermissionError() return role, None
async def my_roles(user_id: int, manager: UserDB = Depends(get_user), session: Session = Depends(get_session)): has_permission, user_ids = has_permission_manage_user_ids( session, manager, [user_id]) if not has_permission and not user_id == manager.id: return error_response(PermissionError()) role_list = get_role_by_user_id(session, user_id) data = [RoleSerializer.from_orm(role).dict() for role in role_list] return success_response(data)
async def read_op_user_(op_user_id: int, manager: UserDB = Depends(get_user), session: Session = Depends(get_session)): op_user = get_user_by_id(session, op_user_id) if op_user is None: return error_response(NotFound("没找到该用户~")) if not has_permission_manage_user(manager, op_user): return error_response(PermissionError()) return success_response(to_UserDetailSerializer(op_user))
async def manage_reset_password(op_user_id_list: List[int] = Body(...), manager: UserDB = Depends(get_user), session: Session = Depends(get_session)): op_user_line = get_users_by_id_list(session, op_user_id_list) for op_user in op_user_line: if not has_permission_manage_user(manager, op_user): return error_response(PermissionError()) op_user.generate_password_hash('123456789') session.commit() return success_response({'count': len(op_user_line)})
def get_user_id(token: Optional[str] = Cookie( "", alias='user-token', title="用户token", description="推荐通过登录的方式来获得登录凭证(存在cookies中),之后这里就不需要填了" "如果想换一个用户(比如换成没权限的用户),可以通过游览器删除token"), authorization: Optional[str] = Header( "", alias='Authorization')) -> int: user_id, ok = decode_token(token or authorization) if not ok: raise PermissionError() return user_id
def common_user_search_with_permission_check( manager: UserDB, query: Query, session: Session, params: CommonlyUsedUserSearch ) -> Tuple[Union[Query, None], Union[AppError, None]]: from apps.a_common.permission import has_permission_manage_role if params.role_id is None: return None, InvalidParamError('请选择角色') if has_permission_manage_role( get_role_by_id(session=session, i=params.role_id), manager): query = query.filter(User2RoleDB.role_id == params.role_id) else: return None, PermissionError('您没有查看这个组的权限') return common_user_search(query, params), None
async def update_op_user_(op_user_id: int, user_data: ManagerUpdateUserSerializer, manager: UserDB = Depends(get_user), session: Session = Depends(get_session)): op_user = get_user_by_id(session, op_user_id) if not has_permission_manage_user(manager, op_user): return error_response(PermissionError()) op_user.sex = user_data.sex op_user.phone = user_data.phone op_user.address = user_data.address op_user.nation = user_data.nation op_user.birthday = user_data.birthday op_user.name = user_data.name session.commit() return success_response(to_UserDetailSerializer(op_user))
async def add_user_to_role(role_id: int, user_ids: List[int] = Body(...), manager: UserDB = Depends(get_user), session: Session = Depends(get_session)): role, err = _check_group_exist_and_permission(session, manager, role_id) if err is not None: return error_response(err) has_permission, user_ids = has_permission_manage_user_ids( session, manager, user_ids) if not has_permission: return error_response(PermissionError()) session.add_all( tuple(User2RoleDB(user_id=i, role_id=role_id) for i in user_ids)) update_user_identity(session, user_ids, UserIdentity.ADMIN) session.commit() return success_response()
async def del_user_to_role(role_id: int, user_ids: List[int], manager: UserDB = Depends(get_user), session: Session = Depends(get_session)): role, err = _check_group_exist_and_permission(session, manager, role_id) if err is not None: return error_response(err) has_permission, user_ids = has_permission_manage_user_ids( session, manager, user_ids) if not has_permission: return error_response(PermissionError()) session.query(User2RoleDB).filter( User2RoleDB.role_id == role_id, User2RoleDB.user_id.in_(user_ids)).delete(False) cancel_user_as_admin_if_no_role(session, user_ids) session.commit() return success_response()
async def wrapper(*args, **kwargs): user = _find_user(*args, **kwargs) if user is None or not user.is_superuser: raise PermissionError() return await func(*args, **kwargs)
async def wrapper(*args, **kwargs): user = _find_user(*args, **kwargs) if not has_permission(user, permission_name): raise PermissionError() return await func(*args, **kwargs)