def getAuthorizedUsers(request, *args, **kwargs):
response = {
"code" : 0,
"message" : "",
"users" : []
}
userinfo = UserInfo.getUserInfo(request)
fullpath = userinfo.getHomePath() + request.POST.get("path")
authType = int(request.POST.get("type"))
if userinfo.isAdmin() :
file_id = index.dir_get(fullpath)
if file_id is not None :
for user in UserAuthority.objects.filter(file_id=file_id) :
if authType & 4 and not user.readable : continue
elif authType & 2 and not user.writeable : continue
elif authType & 1 and not user.deletable : continue
response['users'].append([user.username.username,
user.username.getName(),
user.username.usertype])
else :
response['code'] = 1
response['message'] = "최고 관리자만 가능합니다"
return HttpResponse(json.dumps(response))
def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None) :
"""
Directory 권한 설정
성공 시
경로 식별자 ID
""
실패 시
-1
예외 메시지
"""
file_id = index.dir_get(fullPath)
message = ""
if file_id is None :
params = {}
if inherit is not None :
params["inherit"] = inherit
if readable is not None :
params["readable"] = readable
if writeable is not None :
params["writeable"] = writeable
if deletable is not None :
params["deletable"] = deletable
try :
with transaction.atomic() :
descriptor = FileDescriptor(file=fullPath, reference_id=0, **params)
descriptor.save()
index.dir_set(fullPath, descriptor.file_id)
file_id = descriptor.file_id
except Exception as err :
error("auth.dir.set : " + err.__str__())
file_id = -1
message = err.__str__()
else :
try :
descriptor = FileDescriptor.objects.get(file_id=file_id)
file_id = descriptor.file_id
if inherit is not None :
descriptor.inherit = inherit
if readable is not None :
descriptor.readable = readable
if writeable is not None :
descriptor.writeable = writeable
if deletable is not None :
descriptor.deletable = deletable
descriptor.save()
except Exception as err :
error("auth.dir.set : " + err.__str__())
file_id = -2
message = err.__str__()
return (file_id, message)
def delAuth(fullPath) :
"""
Directory 권한 삭제
"""
file_id = index.dir_get(fullPath)
if file_id is None :
return True
elif index.dir_del(fullPath):
FileDescriptor.objects.filter(file_id=file_id).delete()
FileDescriptor.objects.filter(reference_id=file_id).delete()
return True
else :
return False
def delAuth(fullPath):
"""
Directory 권한 삭제
"""
file_id = index.dir_get(fullPath)
if file_id is None:
return True
elif index.dir_del(fullPath):
FileDescriptor.objects.filter(file_id=file_id).delete()
FileDescriptor.objects.filter(reference_id=file_id).delete()
return True
else:
return False
def getDefaultAuthority(request, *args, **kwargs):
path = request.POST.get("path")
response = {
"path" : path,
"register" : False,
"readable" : config.DEFAULT_AUTH_DIR_READABLE,
"writeable" : config.DEFAULT_AUTH_DIR_WRITEABLE,
"deletable" : config.DEFAULT_AUTH_DIR_DELETABLE,
"inherit" : config.DEFAULT_AUTH_DIR_INHERIT
}
userinfo = UserInfo.getUserInfo(request)
fullpath = userinfo.getHomePath() + path
file_id = index.dir_get(fullpath)
if file_id is not None :
fileDescriptor = FileDescriptor.objects.get(file_id=file_id)
response['register'] = True
response['readable'] = fileDescriptor.readable
response['writeable'] = fileDescriptor.writeable
response['deletable'] = fileDescriptor.deletable
response['inherit'] = fileDescriptor.inherit
return HttpResponse(json.dumps(response))
def getAuth(userinfo, fullPath, mode = 0x07):
"""
조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다.
"""
if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic() :
return (True, True, True)
readable = not (mode & 0x04) | userinfo.isMetic()
writeable = not (mode & 0x02)
deletable = not (mode & 0x01)
normFullPath = os.path.normpath(fullPath)
descriptor = None
file_id = index.dir_get(fullPath)
# 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음.
# info("ROOT : " + userinfo.getHomePath())
# info("COMP : " + normFullPath)
if normFullPath == userinfo.getHomePath() :
inheritable = False
else :
inheritable = True
if file_id is not None and file_id >= 0 :
try :
descriptor = FileDescriptor.objects.get(file_id=file_id)
readable |= descriptor.readable
writeable |= descriptor.writeable
deletable |= descriptor.deletable
if not (readable and writeable and deletable) :
users = []
users.append(userinfo)
for user in UserGroups.objects.filter(user=userinfo) :
users.append(user.group)
for userAuthority in UserAuthority.objects.filter(username__in=users, file_id=file_id) :
readable |= userAuthority.readable
writeable |= userAuthority.writeable
deletable |= userAuthority.deletable
if readable and writeable and deletable :
break
if not (readable and writeable and deletable) and inheritable and descriptor.inherit :
auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
except Exception as err:
error("auth.dir.get : " + err.__str__())
pass
elif not userinfo.isGuest() or config.USING_GUEST :
readable = config.DEFAULT_AUTH_DIR_READABLE
writeable = config.DEFAULT_AUTH_DIR_WRITEABLE
deletable = config.DEFAULT_AUTH_DIR_DELETABLE
# 상속받는 경우
if not(readable and writeable and deletable) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT :
auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
# 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다.
if userinfo.isGuest() and normFullPath == config.getHomeGuest() :
readable = True
return (readable, writeable, deletable)
def setAuthorizedUsers(request, *args, **kwargs):
response = {
"code" : 0,
"message" : "",
"users" : []
}
userinfo = UserInfo.getUserInfo(request)
fullpath = userinfo.getHomePath() + request.POST.get("path")
ids = request.POST.getlist("ids[]")
readable = request.POST.get('readable')
readable = (readable == "1", None)[readable == None]
writeable = request.POST.get('writeable')
writeable = (writeable == "1", None)[writeable == None]
deletable = request.POST.get('deletable')
deletable = (deletable == "1", None)[deletable == None]
if userinfo.isAdmin() :
file_id = index.dir_get(fullpath)
if file_id is None :
file_id = Directory.setAuth(fullpath, config.DEFAULT_AUTH_DIR_INHERIT, config.DEFAULT_AUTH_DIR_READABLE, config.DEFAULT_AUTH_DIR_WRITEABLE, config.DEFAULT_AUTH_DIR_DELETABLE)[0]
fileDescriptor = FileDescriptor.objects.get(file_id=file_id)
try :
with transaction.atomic() :
for authUser in UserInfo.objects.filter(username__in=ids) :
userAuthority = None
try :
userAuthority = UserAuthority.objects.get(username=authUser, file_id=fileDescriptor)
if (readable is not None and userAuthority.readable == readable) or \
(writeable is not None and userAuthority.writeable == writeable) or \
(deletable is not None and userAuthority.deletable == deletable) :
continue
except Exception as err :
userAuthority = UserAuthority(username=authUser, file_id=fileDescriptor)
if readable is not None :
userAuthority.readable = readable
if writeable is not None :
userAuthority.writeable = writeable
if deletable is not None :
userAuthority.deletable = deletable
userAuthority.save()
response['users'].append([
authUser.username,
authUser.getName(),
authUser.usertype,
userAuthority.readable,
userAuthority.writeable,
userAuthority.deletable])
except Exception as err :
response['code'] = -2
response['message'] = err.__str__()
response['users'].clear()
else :
response['code'] = 1
response['message'] = "최고 관리자만 가능합니다"
return HttpResponse(json.dumps(response))
def setAuth(fullPath,
inherit=None,
readable=None,
writeable=None,
deletable=None):
"""
Directory 권한 설정
성공 시
경로 식별자 ID
""
실패 시
-1
예외 메시지
"""
file_id = index.dir_get(fullPath)
message = ""
if file_id is None:
params = {}
if inherit is not None:
params["inherit"] = inherit
if readable is not None:
params["readable"] = readable
if writeable is not None:
params["writeable"] = writeable
if deletable is not None:
params["deletable"] = deletable
try:
with transaction.atomic():
descriptor = FileDescriptor(file=fullPath,
reference_id=0,
**params)
descriptor.save()
index.dir_set(fullPath, descriptor.file_id)
file_id = descriptor.file_id
except Exception as err:
error("auth.dir.set : " + err.__str__())
file_id = -1
message = err.__str__()
else:
try:
descriptor = FileDescriptor.objects.get(file_id=file_id)
file_id = descriptor.file_id
if inherit is not None:
descriptor.inherit = inherit
if readable is not None:
descriptor.readable = readable
if writeable is not None:
descriptor.writeable = writeable
if deletable is not None:
descriptor.deletable = deletable
descriptor.save()
except Exception as err:
error("auth.dir.set : " + err.__str__())
file_id = -2
message = err.__str__()
return (file_id, message)
def getAuth(userinfo, fullPath, mode=0x07):
"""
조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다.
"""
if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic():
return (True, True, True)
readable = not (mode & 0x04) | userinfo.isMetic()
writeable = not (mode & 0x02)
deletable = not (mode & 0x01)
normFullPath = os.path.normpath(fullPath)
descriptor = None
file_id = index.dir_get(fullPath)
# 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음.
# info("ROOT : " + userinfo.getHomePath())
# info("COMP : " + normFullPath)
if normFullPath == userinfo.getHomePath():
inheritable = False
else:
inheritable = True
if file_id is not None and file_id >= 0:
try:
descriptor = FileDescriptor.objects.get(file_id=file_id)
readable |= descriptor.readable
writeable |= descriptor.writeable
deletable |= descriptor.deletable
if not (readable and writeable and deletable):
users = []
users.append(userinfo)
for user in UserGroups.objects.filter(user=userinfo):
users.append(user.group)
for userAuthority in UserAuthority.objects.filter(
username__in=users, file_id=file_id):
readable |= userAuthority.readable
writeable |= userAuthority.writeable
deletable |= userAuthority.deletable
if readable and writeable and deletable:
break
if not (readable and writeable
and deletable) and inheritable and descriptor.inherit:
auth_inherit = Directory.getAuth(
userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
except Exception as err:
error("auth.dir.get : " + err.__str__())
pass
elif not userinfo.isGuest() or config.USING_GUEST:
readable = config.DEFAULT_AUTH_DIR_READABLE
writeable = config.DEFAULT_AUTH_DIR_WRITEABLE
deletable = config.DEFAULT_AUTH_DIR_DELETABLE
# 상속받는 경우
if not (readable and writeable and deletable
) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT:
auth_inherit = Directory.getAuth(
userinfo, FileManager.getParent(fullPath))
readable |= auth_inherit[0]
writeable |= auth_inherit[1]
deletable |= auth_inherit[2]
# 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다.
if userinfo.isGuest() and normFullPath == config.getHomeGuest():
readable = True
return (readable, writeable, deletable)
