def test_query_add_func(): ab1 = Ability({}, based_on=ab) def func1(ability: Ability, user, query: 'SQLQueryInfo', view: "AbstractSQLView"): query.add_condition('nickname', '=', 'aa') ab1.add_query_condition('user', func=func1) sqi = SQLQueryInfo() sqi.select = sqi.parse_select('username, nickname, password') sqi.parse_then_add_condition('username', '=', 'b') sqi.check_query_permission_full(None, 'user', ab1, None) assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],] ab2 = Ability({}, based_on=ab) def func2(ability: Ability, user, query: 'SQLQueryInfo'): query.add_condition('nickname', '=', 'aa') ab2.add_query_condition('user', func=func2) sqi = SQLQueryInfo() sqi.select = sqi.parse_select('username, nickname, password') sqi.parse_then_add_condition('username', '=', 'b') sqi.check_query_permission_full(None, 'user', ab2, None) assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
def test_query_condition_add2(): """ 测试添加多个条件 """ ab2 = Ability({}, based_on=ab) ab2.add_query_condition('user', [ ['username', 'like', '1%'], ['nickname', 'like', '1%'], ]) sqi = SQLQueryInfo() sqi.select = sqi.parse_select('username, nickname, password') sqi.parse_then_add_condition('username', '=', 'b') sqi.check_query_permission_full(None, 'user', ab2, None) assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['username', SQL_OP.LIKE, '1%'], ['nickname', SQL_OP.LIKE, '1%']]
def test_query_condition_add1(): """ 测试添加单个条件 :return: """ ab1 = Ability({}, based_on=ab) ab1.add_query_condition('user', ['phone', '>=', '123456']) sqi = SQLQueryInfo() sqi.select = sqi.parse_select('username, nickname, password') sqi.parse_then_add_condition('username', '=', 'b') assert sqi.conditions[-1] == ['username', SQL_OP.EQ, 'b'] sqi.check_query_permission_full(None, 'user', ab1, None) assert sqi.conditions[-1] == ['phone', SQL_OP.GE, '123456']
ab = Ability({ # 测试不带通配的权限 'user': { 'username': (A.QUERY, A.READ), 'nickname': (A.QUERY, A.READ), 'password': (A.QUERY, A.READ), }, # 测试白名单权限,行为应与 user 完全一致 'account': { 'username': (A.QUERY, A.READ), 'nickname': (A.QUERY, A.READ), 'password': (A.QUERY, A.READ), '*': [], }, # 测试数据表的权限 # 测试带通配数据表下列的权限,列权限应高于表权限 'test': A.ALL, 'topic': '*', 'article': { 'title': (A.QUERY, A.READ), 'user': [], 'time': '*', '*': '*' }, # 规则测试 'rule_test1': (A.DELETE, ), # columns: a, b, c 'rule_test1_1': (A.DELETE, ), # columns: a, b, c 'rule_test2': [], # columns: a, b, c })
ab = Ability( 'normal', { # 测试不带通配的权限 'user': { 'username': ['query', 'read'], 'nickname': ['query', 'read'], 'password': ['query', 'read'], }, # 测试白名单权限,行为应与 user 完全一致 'account': { 'username': ['query', 'read'], 'nickname': ['query', 'read'], 'password': ['query', 'read'], '*': [], }, # 测试数据表的权限 # 测试带通配数据表下列的权限,列权限应高于表权限 'test': ['query', 'read', 'write', 'create', 'delete'], 'topic': '*', 'article': { 'title': ['query', 'read'], 'user': [], 'time': '*', '*': '*' }, # 规则测试 'rule_test1': ['delete'], # columns: a, b, c 'rule_test1_1': ['delete'], # columns: a, b, c 'rule_test2': [], # columns: a, b, c })
from permissions.roles.visitor import visitor from slim.base.permission import Ability, A, DataRecord normal_user = Ability( { 'user': { 'email': (A.CREATE, ), 'nickname': (A.READ, A.WRITE, A.CREATE), 'state': (A.READ, A.WRITE), }, 'example': A.ALL }, based_on=visitor)
super_user = Ability('superuser', { 'topic': { 'title': A.ALL, 'board_id': (A.QUERY, A.READ, A.CREATE, A.WRITE), 'content': (A.READ, A.CREATE, A.WRITE), 'awesome': (A.READ, A.WRITE, A.QUERY), 'weight': (A.QUERY, A.READ, A.WRITE), 'sticky_weight': (A.READ, A.WRITE), 'state': A.ALL, }, 'board': { 'name': A.ALL, 'brief': A.ALL, 'desc': A.ALL, 'time': ( A.READ, A.QUERY, A.CREATE, ), 'weight': A.ALL, 'color': (A.READ, A.WRITE, A.CREATE), 'state': A.ALL, 'visible': A.ALL, 'category': A.ALL, 'user_id': (A.READ, A.CREATE), 'parent_id': A.ALL }, 'user': { 'key': (A.WRITE, ), 'time': (A.READ, ), 'state': A.ALL, 'email': A.ALL, 'nickname': A.ALL, 'credit': A.ALL, 'group': A.ALL, 'repute': A.ALL } }, based_on=normal_user)
visitor = Ability( None, { 'topic': { 'id': (A.QUERY, A.READ), 'title': (A.READ, ), 'user_id': (A.QUERY, A.READ), 'board_id': (A.QUERY, A.READ), 'time': (A.READ, ), 'state': (A.READ, ), 'edit_time': (A.READ, ), 'edit_count': (A.READ, ), 'last_edit_user_id': (A.READ, ), 'content': (A.READ, ), 'awesome': (A.READ, ), 'sticky_weight': ( A.QUERY, A.READ, ), 'weight': (A.READ, ), 'update_time': (A.READ, ), }, 'wiki_article': { 'id': (A.QUERY, A.READ), 'state': (A.READ, ), 'visible': (A.READ, ), 'time': (A.READ, ), 'user_id': (A.QUERY, A.READ), 'title': (A.READ, ), 'root_id': (A.QUERY, A.READ), 'parent_id': (A.QUERY, A.READ), 'content': (A.READ, ), 'flag': ( A.QUERY, A.READ, ), 'is_current': ( A.QUERY, A.READ, ), 'major_ver': (A.READ, ), 'minor_ver': (A.READ, ), }, 'user': { 'id': (A.QUERY, A.READ), 'nickname': (A.READ, A.CREATE), 'group': (A.READ, ), 'state': (A.READ, ), 'number': (A.READ, ), 'biology': (A.READ, ), 'time': (A.READ, ), 'key_time': (A.READ, ), 'avatar': (A.READ, ), 'type': (A.READ, ), 'url': (A.READ, ), 'location': (A.READ, ), 'email': (A.CREATE, ), 'exp': (A.READ, ), 'credit': (A.READ, ), 'repute': (A.READ, ), }, 'board': { 'id': (A.QUERY, A.READ), 'name': (A.READ, ), 'brief': (A.READ, ), 'desc': (A.READ, ), 'time': ( A.READ, A.QUERY, ), 'weight': (A.READ, A.QUERY), 'color': (A.READ, ), 'state': (A.READ, ), 'visible': (A.READ, ), 'category': (A.READ, ), 'parent_id': ( A.QUERY, A.READ, ) }, 'comment': { 'id': (A.QUERY, A.READ), 'related_id': (A.QUERY, A.READ), 'related_type': (A.QUERY, A.READ), 'user_id': (A.QUERY, A.READ), 'reply_to_cmt_id': (A.QUERY, A.READ), 'time': (A.READ, ), 'state': (A.READ, ), 'visible': (A.READ, ), 'content': (A.READ, ), 'post_number': (A.READ, ), }, 'statistic': { 'id': (A.READ, A.QUERY), 'post_type': (A.READ, ), 'click_count': (A.READ, ), 'comment_count': (A.READ, ), 'topic_count': (A.READ, ), 'last_comment_id': (A.READ, ), 'follow_count': (A.READ, ), }, 'statistic24h': { 'id': (A.READ, A.QUERY), 'post_type': (A.READ, ), 'click_count': (A.READ, ), 'comment_count': (A.READ, ), 'topic_count': (A.READ, ), 'last_comment_id': (A.READ, ), 'follow_count': (A.READ, ), }, 'manage_log': { 'id': (A.READ, ), 'user_id': (A.READ, ), 'role': (A.READ, ), 'time': (A.READ, ), 'related_type': (A.READ, ), 'related_id': (A.READ, A.QUERY), 'operation': (A.READ, ), 'value': (A.READ, ), 'note': (A.READ, ) } })
# deprecated from slim.base.permission import Ability, A, DataRecord from permissions.roles.p10_visitor import visitor inactive_user = Ability( 'inactive_user', { 'user': { 'nickname': (A.QUERY, A.READ), 'group': (A.READ, ), 'access_time': (A.READ, ), 'last_check_in_time': (A.READ, ), 'check_in_his': (A.READ, ), # 'key': ['query', 'read'] }, 'notif': { 'receiver_id': (A.QUERY, A.READ) } }, based_on=visitor)
from slim.base.permission import A, Ability, DataRecord visitor = Ability(None, { 'test': { 'id': (A.QUERY, A.READ), 'test': (A.READ, ), }, 'pics': A.ALL }) normal_user = Ability('user', { 'test': { 'id': (A.QUERY, A.READ, A.CREATE, A.DELETE), 'test': (A.READ, A.WRITE, A.CREATE, A.DELETE), }, }, based_on=visitor)
Topic.create(title='Hello1', content='World') Topic.create(title='Hello2', content='World') Topic.create(title='Hello3', content='World') Topic.create(title='Hello4', content='World') Article.create(name='Hello', content='World') Article.create(name='Hello2', content='World2') Article.create(name='Hello3', content='World3') app.permission.add(None, Ability({ 'topic': { '|': {A.QUERY}, 'title': {A.QUERY, A.READ}, 'time': {A.QUERY, A.READ, A.QUERY_EX}, 'content': {A.QUERY}, }, 'article': { '|': {A.QUERY, A.DELETE}, 'name': {A.QUERY, A.READ}, 'content': {A.QUERY}, } })) @app.route.view('/topic') class TopicView(PeeweeView): model = Topic @app.route.view('/article') class ArticleView(PeeweeView):
superuser = Ability('superuser', { 'topic': merge_post_permissions_of_superuser({ 'title': A.ALL, 'board_id': (A.QUERY, A.READ, A.CREATE, A.WRITE), 'content': (A.READ, A.CREATE, A.WRITE), 'awesome': (A.READ, A.WRITE, A.QUERY), 'weight': (A.QUERY, A.READ, A.WRITE), 'sticky_weight': (A.READ, A.WRITE), }), 'wiki_article': merge_post_permissions_of_superuser({ 'title': A.ALL, 'ref': A.ALL, 'content': A.ALL, }), 'board': merge_post_permissions_of_superuser({ 'name': A.ALL, 'brief': A.ALL, 'desc': A.ALL, 'weight': A.ALL, 'color': (A.READ, A.WRITE, A.CREATE), 'category': A.ALL, 'parent_id': A.ALL }), 'user': merge_post_permissions_of_superuser({ 'key': (A.WRITE, ), 'password': (A.WRITE, ), 'email': A.ALL, 'nickname': A.ALL, 'credit': A.ALL, 'repute': A.ALL }) }, based_on=normal_user)
from slim.base.permission import A, Ability, DataRecord, Permissions ab1 = Ability({ 'user': { 'username': (A.QUERY, A.READ), 'nickname': (A.QUERY, A.READ), 'password': (A.QUERY, A.READ), }, 'tab1': {A.WRITE, A.QUERY}, '*': {A.WRITE} }) def test_default(): assert ab1.can_with_columns( None, A.WRITE, 'user', ['username', 'nickname', 'password', 'salt']) == {'salt'} assert ab1.can_with_columns(None, A.WRITE, 'tab1', {'username', 'nickname', 'password'}) == { 'username', 'nickname', 'password' } assert ab1.can_with_columns(None, A.QUERY, 'tab1', {'username', 'nickname', 'password'}) == { 'username', 'nickname', 'password' } assert ab1.can_with_columns(None, A.READ, 'tab1', {'username', 'nickname', 'password'}) == set() ab2 = Ability({
def test_permission_role_bug(): p = Permissions(None) p.add(None, Ability({'user': {'key': (A.READ, )}})) p.add('user', Ability({'user': {'key': (A.READ, A.WRITE)}})) assert p.request_role(None, 'user') is None
normal_user = Ability('user', { 'user': { 'nickname': (A.QUERY, A.READ), 'group': (A.READ,), 'biology': (A.QUERY, A.READ, A.WRITE), 'avatar': (A.QUERY, A.READ), 'type': (A.QUERY, A.READ, A.WRITE), 'url': (A.QUERY, A.READ, A.WRITE), 'location': (A.QUERY, A.READ, A.WRITE), # 'key': ['query', 'read'] }, 'topic': { 'title': (A.READ, A.CREATE, A.WRITE), 'board_id': (A.QUERY, A.READ, A.CREATE), 'content': (A.READ, A.CREATE, A.WRITE), }, 'comment': { 'related_id': (A.READ, A.CREATE,), 'related_type': (A.READ, A.CREATE,), 'reply_to_cmt_id': (A.READ, A.CREATE,), 'state': (A.READ, A.WRITE,), 'content': (A.READ, A.CREATE,), }, 'upload': { 'id': (A.READ, A.QUERY), 'user_id': (A.READ, A.QUERY), 'state': (A.READ,), 'visible': (A.READ,), 'time': (A.READ,), 'key': (A.READ, A.QUERY), 'size': (A.READ, A.QUERY), 'type_name': (A.READ, A.QUERY), } }, based_on=inactive_user)
import pytest from peewee import Model, BlobField from playhouse.postgres_ext import ArrayField from slim import Application, ALL_PERMISSION from slim.base.permission import Ability from slim.base.sqlquery import SQLQueryInfo, SQL_OP from slim.exception import InvalidParams from slim.support.peewee import PeeweeView pytestmark = [pytest.mark.asyncio] app = Application(cookies_secret=b'123456') app.permission.add(None, Ability({'*': '*'})) class ATestModel(Model): name = ArrayField(BlobField) class Meta: table_name = 'topic' @app.route.view('test1') class ATestView(PeeweeView): model = ATestModel ATestView.ability = Ability({'*': '*'}) app._prepare()
from permissions.roles.p40_super_user import superuser from slim.base.permission import Ability, A, DataRecord admin = Ability({ 'user': { 'group': A.ALL, } }, based_on=superuser)
normal_user = Ability('user', { 'user': { 'nickname': (A.QUERY, A.READ), 'group': (A.READ, ), 'biology': (A.QUERY, A.READ, A.WRITE), 'avatar': (A.QUERY, A.READ), 'type': (A.QUERY, A.READ, A.WRITE), 'url': (A.QUERY, A.READ, A.WRITE), 'location': (A.QUERY, A.READ, A.WRITE), }, 'topic': { 'title': (A.READ, A.CREATE, A.WRITE), 'board_id': (A.QUERY, A.READ, A.CREATE), 'content': (A.READ, A.CREATE, A.WRITE), }, 'comment': { 'related_id': ( A.READ, A.CREATE, ), 'related_type': ( A.READ, A.CREATE, ), 'reply_to_cmt_id': ( A.READ, A.CREATE, ), 'state': ( A.READ, A.WRITE, ), 'content': ( A.READ, A.CREATE, ), }, 'upload': merge_post_permissions_of_visitor({ 'key': (A.READ, A.QUERY), 'size': (A.READ, ), 'type_name': (A.READ, A.QUERY), }) }, based_on=inactive_user)
from permissions.roles.p40_super_user import super_user from slim.base.permission import Ability, A, DataRecord admin = Ability('admin', {'user': { 'group': A.ALL, }}, based_on=super_user)
visitor = Ability(None, { 'topic': { 'id': (A.QUERY, A.READ), 'title': (A.READ,), 'user_id': (A.QUERY, A.READ), 'board_id': (A.QUERY, A.READ), 'time': (A.READ,), 'state': (A.READ,), 'edit_time': (A.READ,), 'edit_count': (A.READ,), 'last_edit_user_id': (A.READ,), 'content': (A.READ,), 'awesome': (A.READ,), 'sticky_weight': (A.READ,), 'weight': (A.READ,), }, 'user': { 'id': (A.QUERY, A.READ), 'nickname': (A.READ, A.CREATE), 'group': (A.READ,), 'state': (A.READ,), 'number': (A.READ,), 'biology': (A.READ,), 'time': (A.READ,), 'key_time': (A.READ,), 'avatar': (A.READ,), 'type': (A.READ,), 'url': (A.READ,), 'location': (A.READ,), 'email': (A.CREATE,), 'exp': (A.READ,), 'credit': (A.READ,), 'reputation': (A.READ,), }, 'board': { 'id': (A.QUERY, A.READ), 'name': (A.READ,), 'brief': (A.READ,), 'desc': (A.READ,), 'time': (A.READ, A.QUERY,), 'weight': (A.READ, A.QUERY), 'color': (A.READ,), 'state': (A.READ,), 'visible': (A.READ,), 'category': (A.READ,), 'parent_id': (A.QUERY, A.READ,) }, 'comment': { 'id': (A.QUERY, A.READ), 'related_id': (A.QUERY, A.READ), 'related_type': (A.QUERY, A.READ), 'user_id': (A.QUERY, A.READ), 'reply_to_cmt_id': (A.QUERY, A.READ), 'time': (A.READ,), 'state': (A.READ,), 'visible': (A.READ,), 'content': (A.READ,), 'post_number': (A.READ,), }, 'statistic': { 'id': (A.READ, A.QUERY), 'post_type': (A.READ,), 'click_count': (A.READ,), 'comment_count': (A.READ,), 'topic_count': (A.READ,), 'last_comment_id': (A.READ,), 'follow_count': (A.READ,), }, 'statistic24h': { 'id': (A.READ, A.QUERY), 'post_type': (A.READ,), 'click_count': (A.READ,), 'comment_count': (A.READ,), 'topic_count': (A.READ,), 'last_comment_id': (A.READ,), 'follow_count': (A.READ,), }, 'manage_log': { 'id': (A.READ,), 'user_id': (A.READ,), 'role': (A.READ,), 'time': (A.READ,), 'related_type': (A.READ,), 'related_id': (A.READ, A.QUERY), 'operation': (A.READ,), 'value': (A.READ,), 'note': (A.READ,) } })
visitor = Ability( None, { 'topic': merge_post_permissions_of_visitor({ 'title': (A.READ, ), 'board_id': (A.QUERY, A.READ), 'edit_count': (A.READ, ), 'edit_time': (A.READ, ), 'last_edit_user_id': (A.READ, ), 'content': (A.READ, ), 'awesome': (A.READ, ), 'sticky_weight': ( A.QUERY, A.READ, ), 'weight': (A.READ, ), 'update_time': (A.READ, ), }), 'wiki_article': merge_post_permissions_of_visitor({ 'title': (A.READ, ), 'ref': ( A.QUERY, A.READ, ), 'content': (A.READ, ), 'flag': ( A.QUERY, A.READ, ), }), 'user': merge_post_permissions_of_visitor({ 'email': (A.CREATE, ), 'phone': (A.CREATE, ), 'nickname': (A.READ, A.CREATE), 'biology': (A.READ, ), 'avatar': (A.READ, ), 'type': (A.READ, ), 'url': (A.READ, ), 'location': (A.READ, ), 'group': (A.READ, ), 'is_wiki_editor': (A.READ, ), 'is_board_moderator': (A.READ, ), 'is_forum_master': (A.READ, ), 'access_time': (A.READ, ), 'number': (A.READ, ), 'exp': (A.READ, ), 'credit': (A.READ, ), 'repute': (A.READ, ), }), 'board': merge_post_permissions_of_visitor({ 'name': (A.READ, ), 'brief': (A.READ, ), 'desc': (A.READ, ), 'weight': (A.READ, A.QUERY), 'color': (A.READ, ), 'category': (A.READ, ), 'parent_id': ( A.QUERY, A.READ, ), 'can_post_rank': ( A.QUERY, A.READ, ), }), 'comment': merge_post_permissions_of_visitor({ 'related_id': (A.QUERY, A.READ), 'related_type': (A.QUERY, A.READ), 'reply_to_cmt_id': (A.QUERY, A.READ), 'content': (A.READ, ), 'post_number': (A.READ, ), }), # 以下并非post类型 'post_stats': { 'id': (A.READ, A.QUERY), 'post_type': (A.READ, ), 'last_comment_id': (A.READ, ), 'last_edit_user_id': (A.READ, ), 'last_edit_time': (A.READ, ), 'update_time': (A.READ, ), 'click_count': (A.READ, ), 'edit_count': (A.READ, ), 'comment_count': (A.READ, ), 'topic_count': (A.READ, ), 'follow_count': (A.READ, ), 'bookmark_count': (A.READ, ), 'upvote_count': (A.READ, ), 'downvote_count': (A.READ, ), 'thank_count': (A.READ, ), 'vote_weight': (A.READ, ), }, 'manage_log': { 'id': (A.READ, ), 'user_id': (A.READ, ), 'role': (A.READ, ), 'time': (A.READ, ), 'related_type': (A.READ, ), 'related_id': (A.READ, A.QUERY), 'operation': (A.READ, ), 'value': (A.READ, ), 'note': (A.READ, ) } })
superuser = Ability( { 'topic': merge_post_permissions_of_superuser({ 'title': A.ALL, 'board_id': (A.QUERY, A.READ, A.CREATE, A.WRITE), 'content': (A.READ, A.CREATE, A.WRITE), 'awesome': (A.READ, A.WRITE, A.QUERY), 'weight': (A.QUERY, A.READ, A.WRITE), 'sticky_weight': (A.READ, A.WRITE), }), 'wiki_article': merge_post_permissions_of_superuser({ 'title': A.ALL, 'ref': A.ALL, 'content': A.ALL, }), 'board': merge_post_permissions_of_superuser( { 'name': A.ALL, 'brief': A.ALL, 'desc': A.ALL, 'weight': A.ALL, 'color': (A.READ, A.WRITE, A.CREATE), 'category': A.ALL, 'parent_id': A.ALL, 'can_post_rank': A.ALL, }), 'user': merge_post_permissions_of_superuser( { 'key': (A.WRITE, ), 'password': (A.WRITE, ), 'email': A.ALL, 'nickname': A.ALL, 'credit': A.ALL, 'repute': A.ALL, 'access_time': (A.READ, ), 'last_check_in_time': (A.READ, ), 'is_wiki_editor': ( A.QUERY, A.READ, A.WRITE, ), 'is_board_moderator': ( A.QUERY, A.READ, A.WRITE, ), 'is_forum_master': ( A.QUERY, A.READ, A.WRITE, ), }) }, based_on=normal_user)
from permissions.roles.p30_normal_user import normal_user from permissions.roles.p40_super_user import merge_post_permissions_of_superuser from slim.base.permission import Ability, A, DataRecord wiki_editor = Ability( { 'wiki_article': merge_post_permissions_of_superuser({ 'title': A.ALL, 'ref': A.ALL, 'content': A.ALL, }), }, based_on=normal_user)
from slim.base.permission import Ability, A, DataRecord visitor = Ability({ 'example': { 'id': {A.READ, A.QUERY}, 'state': {A.READ}, }, 'user': { 'id': {A.QUERY, A.READ}, 'nickname': {A.READ}, 'state': {A.READ}, 'time': {A.READ}, } })
from slim.base.permission import A, Ability, DataRecord, Permissions from slim.base.sqlquery import SQLQueryInfo, SQL_OP ab = Ability({ 'user': { 'username': {A.QUERY, A.READ}, 'nickname': {A.QUERY, A.READ, A.QUERY_EX}, 'password': {A.QUERY}, 'phone': {A.READ}, } }) def test_query_filter(): sqi = SQLQueryInfo() sqi.select = sqi.parse_select('username, nickname, password') sqi.parse_then_add_condition('username', '=', 'b') sqi.parse_then_add_condition('nickname', '=', 'b') sqi.check_query_permission_full(None, 'user', ab, None) assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'b']] sqi = SQLQueryInfo() sqi.select = sqi.parse_select('username, nickname, password') sqi.parse_then_add_condition('phone', '=', 'c') sqi.parse_then_add_condition('username', '=', 'b') sqi.parse_then_add_condition('username', 'like', 'b') sqi.parse_then_add_condition('nickname', '=', 'b') sqi.check_query_permission_full(None, 'user', ab, None) assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'b']]
from slim.base.permission import Ability, A from permissions.roles.p10_visitor import visitor # 除了访问自己的用户信息之外,与visitor平权 banned_user = Ability( 'banned_user', { 'user': { 'nickname': (A.QUERY, A.READ), 'group': (A.READ, ), 'access_time': (A.READ, ), 'last_check_in_time': (A.READ, ), 'check_in_his': (A.READ, ), # 'key': ['query', 'read'] } }, based_on=visitor)
from permissions.roles.visitor import visitor from slim.base.permission import Ability, A, DataRecord user = Ability( { 'user': { '|': {A.CREATE}, 'nickname': {A.READ, A.WRITE}, 'state': {A.READ, A.WRITE}, }, 'example': A.ALL }, based_on=visitor)