def validator(self):
if not AccessRbac.is_login():
return self.render_json(code=1000, message=u'请先登录')
if not AccessRbac.is_allow(action=self.action,
controller=self.controller):
return self.render_json(code=1001, message=u'无操作权限')
def put(self, *args, **kwargs):
self.action = 'put'
is_allow = AccessRbac.is_allow(action=self.action, controller=self.controller)
if not is_allow:
self.render_json(code=403, message=u'无操作权限')
# abort(403)
pass
pass
def put(self, *args, **kwargs):
self.action = 'put'
is_allow = AccessRbac.is_allow(action=self.action, controller=self.controller)
if not is_allow:
self.render_json(code=403, message=u'无操作权限')
# abort(403)
pass
pass
def fetch_access_list_by_role_id(self, role_id):
module = aliased(MenuModel)
controller = aliased(MenuModel)
action = aliased(MenuModel)
role = RoleModel.query.get(role_id)
access_ids = role.access_ids.split(',')
data = db.session \
.query(controller.name_en, controller.name_cn,
action.name_en, action.name_cn) \
.outerjoin(action, action.pid == controller.id) \
.filter(module.type == MenuModel.type_module) \
.filter(controller.id.in_(access_ids)) \
.filter(action.id.in_(access_ids)) \
.all()
return [
AccessRbac.resource(a_en, c_en) for c_en, c_cn, a_en, a_cn in data
if c_en and a_en
]
def validator(self):
if not AccessRbac.is_login():
return self.render_json(code=1000, message=u'请先登录')
if not AccessRbac.is_allow(action=self.action, controller=self.controller):
return self.render_json(code=1001, message=u'无操作权限')