def group_right_mod(appname, projectname, gid, data): ''' this api is used to modify one group Request URL: /auth/user/{gid} HTTP Method:POST Parameters: { "perm_list":[1,2,3,4] } Return : { "status":0 "data":{} } ''' # check if group id in db cond = {"_id": gid} fields = {"_id": 0} group_info = Group.find_one_group(appname, cond, fields) if not group_info: return json_response_error(PARAM_ERROR, msg="the group not exist") right_list = [int(rid) for rid in data["perm_list"]] right_list = list(set(right_list)) # check if right id in db for rid in right_list: if not Right.find_one_right(appname, {"_id": rid}): return json_response_error( PARAM_ERROR, msg="the right id:%s not exist" % rid) # update group right info group_info["permission_list"][projectname] = right_list Group.update_group(appname, cond, group_info) return json_response_ok({}, msg="update group right success")
def right_create( appname, projectname, perm_module, perm_opname, perm_action='list', perm_type="module", perm_lc='all'): ''' create api to add right. Parameters: { 'perm_type': 'module', 'perm_name': 'aospreset-aosrecommendshare-list', 'perm_container': 'aospreset', 'perm_lc': 'zh-cn' } ''' perm_name = '%s-%s-%s' % (perm_opname, perm_module, perm_action) right_cond = { 'perm_name': perm_name, 'app_name': projectname, "lc": perm_lc} if Right.find_one_right(appname, right_cond): return json_response_error(PARAM_ERROR, msg="the right exist") if not App.find_one_app(appname, {"name": perm_opname}): return json_response_error(PARAM_ERROR, msg="the app label not exist") if not Module.find_one_module(appname, {"module_name": perm_module}): return json_response_error( PARAM_ERROR, msg="the app module not exist") right_instance = Right.new( appname, projectname, perm_module, perm_opname, perm_action, perm_type, perm_lc) Right.save(appname, right_instance) return json_response_ok()
def check_session(appname, module, opname, action, lc, uid): ''' check user right ''' rightids = [] perm_names = ['%s-%s-%s' % (opname, module, action), ] for perm_name in perm_names: perm = Right.find_one_right(appname, {'perm_name': perm_name}) if perm: if perm['_id'] not in rightids: rightids.append(perm['_id']) usr = User.find_one_user({'_id': uid}) usrights = usr['permission_list'] if not usr: return json_response_error(AUTH_ERROR) if usr['is_superuser']: return json_response_ok() usrgroup = usr['group_id'] for group in usrgroup: group_info = Group.find_one_group({'_id': group}) usrights.extend(group_info['permission_list']) for rightid in rightids: if rightid in usrights: return json_response_ok() return json_response_error(AUTH_ERROR)
def get_perms_by_ids(appname, projectname, pids, perm_type="module"): ''' an internal function for getting permissions by id array ''' permissions = [] for pid in pids: perm_cond = { "app_name": projectname, "_id": pid, "perm_type": perm_type} perm = Right.find_one_right(appname, perm_cond, None) if perm: permissions.append(perm) return permissions
def user_right_mod(appname, projectname, uid, data): """ this api is used to modify one group Request URL: /auth/user/{gid} HTTP Method:POST Parameters: { "perm_list":[1,2,3,4] "disable_list":[1,2,3,4] } Return : { "status":0 "data":{} } """ # check if user id in db cond = {"_id": uid} fields = {"_id": 0} user_info = User.find_one_user(appname, cond, fields) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") # check if right id in db right_list = [int(rid) for rid in data["perm_list"]] right_list = list(set(right_list)) for rid in right_list: if not Right.find_one_right(appname, {"_id": rid}): return json_response_error(PARAM_ERROR, msg="the right id:%s not exist" % rid) group_perm_ids = [] gids = user_info.get("group_id") for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: perm_ids = group_info.get("permission_list") group_perm_ids += perm_ids.get(projectname, []) if group_perm_ids: group_perm_ids = list(set(group_perm_ids)) # update user right info user_right_list = [] for rid in right_list: if rid not in group_perm_ids: user_right_list.append(rid) user_info["permission_list"][projectname] = user_right_list User.update_user(appname, cond, user_info) return json_response_ok({}, msg="update user right success")
def right_get(appname, rid): ''' this api is used to view one right Request URL: /auth/right/{rid} HTTP Method:GET Return: Parameters: None { "status":0 "data":{ "item":[ { "id":"2", "role":"admin", "last_login":"******" } } ''' right_info = Right.find_one_right(appname, {'_id': rid}, None) if right_info: return json_response_ok(right_info) else: return json_response_error(PARAM_ERROR, msg="not app:%s" % rid)