def permissionsload(context,
main=None,
add=None,
filterinfo=None,
session=None,
elementId=None,
data=None):
permissions = PermissionsCursor(context)
roles = RolesCursor(context)
rolesCustomPerms = rolesCustomPermsCursor(context)
customPerms = customPermsCursor(context)
customPermsTypes = customPermsTypesCursor(context)
cursors = [
roles, permissions, customPermsTypes, customPerms, rolesCustomPerms
]
files = [
'roles', 'permissions', 'customPermsTypes', 'customPerms',
'rolesCustomPerms'
]
for i in range(len(cursors)):
filePath = os.path.join(
os.path.dirname(os.path.dirname(os.path.abspath(__file__))),
files[i] + '.xml')
# raise Exception(filePath)
if add == 'upload':
dataStream = FileOutputStream(filePath)
elif add == 'download':
dataStream = FileInputStream(filePath)
exchange = DataBaseXMLExchange(dataStream, cursors[i])
if add == 'upload':
exchange.downloadXML()
elif add == 'download':
exchange.uploadXML()
dataStream.close()
def cardDelete(context, main=None, add=None, filterinfo=None, session=None, elementId=None, xformsdata=None):
currentRecordId = json.loads(session)['sessioncontext']['related']['gridContext']['currentRecordId']
userRoles=UserrolesCursor(context)
userRoles.setRange("roleid", currentRecordId)
userRoles.deleteAll()
rolesCustomPermissions=rolesCustomPermsCursor(context)
rolesCustomPermissions.setRange("roleid", currentRecordId)
rolesCustomPermissions.deleteAll()
permissions=PermissionsCursor(context)
permissions.setRange("roleid", currentRecordId)
permissions.deleteAll()
role = RolesCursor(context)
role.get(currentRecordId)
role.delete()
def getPermissionsOfTypeAndUser(context, sid, permissionType=None):
u"""
Функция возвращает курсор с разрешениями данного типа,
которые есть у данного пользователя. Работает для permissions (если permissionType - None или tables)
и для customPermissions.
Если разрешений нет, возвращает None
"""
# Насколько знаю, ни в одном решении функция не используется. Курсор с разрешениями пока никому не пригодился
# Возможно, стоит выпилить.
userRoles = UserrolesCursor(context)
userRoles.setRange("userid", sid)
filter_string = ""
if userRoles.tryFindSet():
filter_string = "'" + userRoles.roleid + "'"
while True:
if userRoles.nextInSet():
filter_string += "|'" + userRoles.roleid + "'"
else:
break
if permissionType is None or permissionType == 'tables':
# получаем разрешения из таблицы permissions
permissions = PermissionsCursor(context)
if filter_string == "":
return None
permissions.setFilter("roleid", filter_string)
else:
# получаем разрешения из таблицы customPermissions
permissions = customPermsCursor(context)
rolePermissions = rolesCustomPermsCursor(context)
rolePermissions.setFilter("roleid", filter_string)
filter_string = ""
if rolePermissions.tryFindSet():
filter_string = "'" + rolePermissions.permissionId + "'"
while True:
if rolePermissions.nextInSet():
filter_string += "|'" + rolePermissions.permissionId + "'"
else:
break
if filter_string != "":
permissions.setFilter("name", filter_string)
else:
return None
return permissions
def cardDataSave(context,
main=None,
add=None,
filterinfo=None,
session=None,
elementId=None,
xformsdata=None):
u'''Функция сохранения карточки редактирования содержимого справочника разрешений. '''
permissions = PermissionsCursor(context)
content = json.loads(xformsdata)["schema"]
# for field in permissions.meta().getColumns():
# permissions.__setattr__(field, content[field])
permissions.roleid = content["roleid"]
permissions.grainid = content["grainid"]
permissions.tablename = content["tablename"]
permissions.r = content["r"] == "true"
permissions.i = content["i"] == "true"
permissions.m = content["m"] == "true"
permissions.d = content["d"] == "true"
if add == 'add' and permissions.canInsert() and permissions.canModify():
if not permissions.tryInsert():
permissionsOld = PermissionsCursor(context)
permissionsOld.get(content["roleid"], content["grainid"],
content["tablename"])
permissionsOld.r = content["r"] == "true"
permissionsOld.i = content["i"] == "true"
permissionsOld.m = content["m"] == "true"
permissionsOld.d = content["d"] == "true"
permissionsOld.update()
elif add == 'add' and permissions.canInsert():
permissions.insert()
elif add == 'edit' and permissions.canModify():
permissionsOld = PermissionsCursor(context)
currIdEncoded = json.loads(session)['sessioncontext']['related'][
'gridContext']['currentRecordId']
currId = json.loads(base64.b64decode(currIdEncoded))
permissionsOld.get(*currId)
if permissionsOld.roleid==permissions.roleid and \
permissionsOld.grainid==permissions.grainid and \
permissionsOld.tablename==permissions.tablename:
permissions.recversion = permissionsOld.recversion
permissions.update()
elif permissions.canInsert():
permissions.insert()
permissionsOld.delete()
else:
raise CelestaException(u"Недостаточно прав для данной операции!")
else:
raise CelestaException(u"Недостаточно прав для данной операции!")
def cardData(context,
main=None,
add=None,
filterinfo=None,
session=None,
elementId=None):
u'''Функция данных для карточки редактирования содержимого таблицы разрешения. '''
permissions = PermissionsCursor(context)
if add == 'add':
formData = json.loads(session)['sessioncontext']['related'][
"xformsContext"]["formData"]["schema"]
xformsdata = {
"schema": {
"roleid": formData["roleid"],
"grainid": formData["grainid"],
"tablename": formData["tablename"],
"r": "",
"i": "",
"m": "",
"d": ""
}
}
elif add == 'edit':
currIdEncoded = json.loads(session)['sessioncontext']['related'][
'gridContext']['currentRecordId']
currId = json.loads(base64.b64decode(currIdEncoded))
permissions.get(*currId)
xformsdata = {
"schema": {
"roleid": permissions.roleid,
"grainid": permissions.grainid,
"tablename": permissions.tablename,
"r": unicode(permissions.r).lower(),
"i": unicode(permissions.i).lower(),
"m": unicode(permissions.m).lower(),
"d": unicode(permissions.d).lower()
}
}
# print xformsdata
xformssettings = {
"properties": {
"event": {
"@name": "single_click",
"@linkId": "1",
"action": {
"#sorted": [{
"main_context": "current"
}, {
"datapanel": {
"@type": "current",
"@tab": "current",
"element": {
"@id": "permGrid",
"add_context": ""
}
}
}]
}
}
}
}
return JythonDTO(XMLJSONConverter.jsonToXml(json.dumps(xformsdata)),
XMLJSONConverter.jsonToXml(json.dumps(xformssettings)))
def gridSaveRecord(context=None,
main=None,
add=None,
session=None,
filterinfo=None,
elementId=None,
saveData=None):
saveData = json.loads(saveData)["savedata"]["data"]
permissions = PermissionsCursor(context)
roleId = saveData["col1"]
grainId = saveData["col2"]
tableName = saveData["col3"]
r = True if saveData["col4"] else False
i = True if saveData["col5"] else False
m = True if saveData["col6"] else False
d = True if saveData["col7"] else False
restrictError = u"Недостаточно прав для данной операции!"
if permissions.tryGet(roleId, grainId, tableName):
if r or i or m or d:
permissions.r = r
permissions.i = i
permissions.m = m
permissions.d = d
if permissions.canModify():
permissions.update()
else:
context.error(restrictError)
else:
if permissions.canDelete():
permissions.delete()
else:
context.error(restrictError)
else:
if r or i or m or d:
permissions.roleid = roleId
permissions.grainid = grainId
permissions.tablename = tableName
permissions.r = r
permissions.i = i
permissions.m = m
permissions.d = d
if permissions.canInsert():
permissions.insert()
else:
context.error(restrictError)
res = GridSaveResult()
res.setRefreshAfterSave(0)
return res
def permissionsUpload(context, main=None, add=None, filterinfo=None, session=None, elementId=None, data=None, fileName=None, file=None):
perms = PermissionsCursor(context)
tableUpload(perms, file)
return context.message(u"Данные успешно загружены в таблицу")
def permissionsDownload(context, main=None, add=None, filterinfo=None, session=None, elementId=None, data=None):
perms = PermissionsCursor(context)
fileName = 'permissions'
return tableDownload(perms, fileName)
def rolesReadPermission(rec):
context = rec.callContext()
permissions = PermissionsCursor(context)
tables = {
'celesta': ['userroles', 'permissions', 'roles'],
'security': ['customPerms', 'rolesCustomPerms', 'customPermsTypes']
}
for grain in tables.keys():
for table in tables[grain]:
if permissions.tryGet(rec.id, grain, table):
permissions.r = True
permissions.update()
else:
permissions.roleid = rec.id
permissions.grainid = grain
permissions.tablename = table
permissions.r = True
permissions.i = False
permissions.m = False
permissions.d = False
permissions.insert()