def delete_role(role_id, modifier_id): query = UserRole.all() query.filter("role_id =", role_id) if query.count() > 0 : raise CoreError("The role %s is set to user, can not be deleted." % role_id) role = Role.get_by_key(int(role_id)) delete_roleoperations(role_id=role_id) role.delete(modifier_id)
def has_permission(user_id, operation_key, oqlparams=None): b = False cachekey = '%d:%s:%r' % (user_id, operation_key, oqlparams) perm = cache.get(CACHESPACE_PERMISSION, cachekey) if perm != None: return perm query = stdModel.all() query.model(UserRole.get_modelname(), "a") query.model(Role.get_modelname(), "b", join="inner", on="a.role_id=b.uid") query.model(RoleOperation.get_modelname(), "c", join="inner", on="c.role_id=b.uid") query.model(Operation.get_modelname(), "d", join="inner", on="c.operation_key=d.operation_key") query.what("a.user_id", alias="user_id") query.what("b.uid", alias="role_id") query.what("d.operation_key", alias="operation_key") query.what("d.handler_classes", alias="handler_classes") query.what("d.resource_oql", alias="resource_oql") query.what("a.user_id", alias="user_id") query.filter("a.user_id =", user_id) if operation_key is not None: query.filter("d.operation_key =", operation_key) std = query.get() if std != None: if std.resource_oql != None: operation = get_operation(operation_key=operation_key) params = operation.get_resource_oql_paramnames() if len(params) != len(oqlparams): raise UnauthorizedError() query = stdModel.all() if oqlparams != None and len(oqlparams) > 0 : query = query.sql(std.resource_oql, sql_vars=oqlparams) else: query = query.sql(std.resource_oql) if query.count() > 0: b = True else: b = True cache.put(CACHESPACE_PERMISSION, cachekey, b) return b
def delete_userrole(user_id, role_id, modifier_id): userrole = UserRole(user_id=user_id, role_id=role_id) if userrole is not None: userrole.delete(modifier_id)
def create_userrole(user_id, role_id, modifier_id): userrole = UserRole(user_id=user_id, role_id=role_id) userrole.create(modifier_id)