def consignment_product(id_):
from flask.ext.principal import Permission
Permission.union(CargoClerkPermission, AccountantPermission).test()
import litefac.apis as apis
current_product = apis.delivery.ConsignmentProductWrapper.get_product(id_)
if current_product:
if request.method == "GET":
return dict(current=current_product,
product_types=apis.product.get_product_types(),
products=json.dumps(apis.product.get_products()),
team_list=apis.manufacture.get_team_list(),
titlename=u"发货产品详情")
else:
class ProductForm(Form):
team_id = IntegerField("team_id")
product_id = IntegerField("product_id")
weight = IntegerField("weight")
returned_weight = IntegerField("returned_weight")
spec = TextField("spec")
type = TextField("type")
unit = TextField("unit")
form = ProductForm(request.form)
current_product.update(**form.data)
return redirect(
request.form.get("url") or url_for("delivery.consignment",
id_=current_product.consignment.id))
else:
return _(u"没有该产品编号:%d" + id_), 404
class Policy:
def __init__(self, name):
self.name = name
self._action_need = ActionNeed(name)
self._permission = Permission(self._action_need)
def __str__(self):
return self.name
def __repr__(self):
return '<Policy %s>' % self.name
def can(self):
return self._permission.can()
def require(self, *args, **kwargs):
return self._permission.require(*args, **kwargs)
@property
def permission(self):
return self._permission
@property
def action_need(self):
return self._action_need
def test_permission_difference():
p1 = Permission(('a', 'b'), ('a', 'c'))
p2 = Permission(('a', 'c'), ('d', 'e'))
p3 = p1.difference(p2)
assert p3.allow == set([('a', 'b')])
p4 = p2.difference(p1)
assert p4.allow == set([('d', 'e')])
def test_contains():
p1 = Permission(RolePermit('boss'), RolePermit('lackey'))
p2 = Permission(RolePermit('lackey'))
assert p2.issubset(p1)
assert p2 in p1
def consignment(id_=None):
import litefac.apis as apis
from flask.ext.principal import Permission
Permission.union(CargoClerkPermission, AccountantPermission).test()
if request.method == "GET":
cons = apis.delivery.get_consignment(id_)
team_list = apis.manufacture.get_team_list()
if not cons:
abort(404)
else:
return dict(plate=cons.plate, consignment=cons, titlename=u'发货单详情',
team_list=team_list)
else:
if id_:
cons = apis.delivery.get_consignment(id_)
if not cons:
abort(404)
params = {}
if request.form:
params["pay_in_cash"] = request.form.get("pay_in_cash",
type=int)
params["notes"] = request.form.get("notes")
try:
cons.update(cons.id, **params)
if CargoClerkPermission.can():
flash(u"更新成功")
except ValueError, e:
flash(unicode(e.message), "error")
else:
if cons.pay_in_cash:
cons.paid()
flash(u"支付成功")
return redirect(url_for("delivery.consignment", id_=id_,
url=request.form.get("url")))
def get(self, user_id):
""" Get details for a given user. """
personal_details_view = Permission(UserNeed(user_id))
is_self = personal_details_view.can()
user = User.query.get_or_404(user_id)
return {
'user': user.to_json(include_personal_data=is_self),
}
def test(self, *records):
if self._model_view.permission_required:
def _get_edit_need(obj):
pk = self._model_view.modell.get_pk_value(obj)
return self._model_view.edit_need(pk)
needs = [_get_edit_need(record) for record in records]
perm = Permission(*needs).union(Permission(
self._model_view.edit_all_need))
return 0 if perm.can() else ACTION_IMPERMISSIBLE
def decorated_view(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
r1 = [r for r in roles]
r2 = [r.name for r in current_user.roles]
_logger.debug('Current user does not provide a required role. '
'Accepted: %s Provided: %s' % (r1, r2))
return _get_unauthorized_view()
def decorated_view(*args, **kwargs):
iden = Identity(g.user.id)
for r in g.user.roles:
iden.provides.add(RoleNeed(r.name))
g.identity = iden
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
abort(403, message=u"Недостаточно прав!")
def test_permission_and():
p1 = Permission(RolePermit('boss'))
p2 = Permission(RolePermit('lackey'))
p3 = p1 & p2
p4 = p1.union(p2)
assert p3.allow == p4.allow
def test_permission_or():
p1 = Permission(RolePermit('boss'), RolePermit('lackey'))
p2 = Permission(RolePermit('lackey'), RolePermit('underling'))
p3 = p1 | p2
p4 = p1.difference(p2)
assert p3.allow == p4.allow
def test_identity_allowed():
p1 = Permission(RolePermit('boss'), RolePermit('lackey'))
p2 = Permission(RolePermit('lackey'))
i = Identity(1)
i.provides(RolePermit('boss'))
assert p1.allows(i) == True
assert p2.allows(i) == False
def delete(self, entry_id):
""" Delete the entry with the given ID. """
entry = Entry.query.get(entry_id)
delete_permission = Permission(UserNeed(entry.stream.creator_id))
if delete_permission.can():
db.session.delete(entry)
return {'msg': 'Entry deleted.'}
else:
return {
'msg': 'Only the stream creator can delete entries.',
}, 403
def delete(self, stream_id):
""" Delete the stream with the given ID. """
stream = Stream.query.get_or_404(stream_id)
delete_permission = Permission(UserNeed(stream.creator_id))
if delete_permission.can():
movie = stream.movie
movie.number_of_streams -= 1
db.session.delete(stream)
db.session.add(movie)
return {'msg': 'Stream deleted.'}
else:
return {
'msg': "You're not allowed to delete this stream."
}, 403
def has_permission(self, permission_type, objectId):
if objectId is None:
return True
admin = Permission(RoleNeed(ROLE_ADMIN))
if isinstance(permission_type, tuple):
for permission_type_item in permission_type:
permission = permission_type_item(unicode(objectId))
if permission.can() or admin.can():
return True
else:
permission = permission_type(unicode(objectId))
if permission.can() or admin.can():
return True
return False
def us_airline_delay_prediction():
'''
choose
:return:
'''
# permission management
# 权限管理
perm1 = Permission(Need('need1', 'my_value'))
perm2 = Permission(Need('need2', 'my_value'))
return render_template('us_airline_delay_prediction/data_analysis.html',
permission1=perm1.can(),
permission2=perm2.can(),
user=session['username'],
)
def consignment_preview(id_):
from flask.ext.principal import Permission
Permission.union(CargoClerkPermission, AccountantPermission).test()
import lite_mms.apis as apis
cons = apis.delivery.get_consignment(id_)
if not cons:
abort(404)
else:
per_page = apis.config.get("print_count_per_page", 5.0, type=float)
import math
pages = int(math.ceil(len(cons.product_list) / per_page))
return dict(plate=cons.plate, consignment=cons, titlename=u'发货单详情',
pages=pages, per_page=per_page)
def put(self, stream_id):
""" Update the stream with the given ID. """
stream = Stream.query.get_or_404(stream_id)
edit_permission = Permission(UserNeed(stream.creator_id))
if edit_permission.can():
form = StreamForm(obj=stream)
if form.validate_on_submit():
form.populate_obj(stream)
return {
'msg': 'Stream updated.',
'stream': stream.to_json(),
}
return {
'msg': 'Some attributes did not pass validation.',
'errors': form.errors,
}, 400
else:
return {
'msg': "You're not allowed to edit this stream"
}, 403
def put(self, entry_id):
""" Update the entry with the given ID. """
entry = Entry.query.get_or_404(entry_id)
put_permission = Permission(UserNeed(entry.stream.creator_id))
if put_permission.can():
form = EntryForm(obj=entry)
if form.validate_on_submit():
form.populate_obj(entry)
return {
'msg': 'Entry updated.',
'entry': entry.to_json(),
}
return {
'msg': 'Some attributes did not pass validation.',
'errors': form.errors,
}, 400
else:
return {
'msg': "Only the stream creator can edit it's entries.",
}, 403
def minneapolis_simple_analysis():
'''
choose housing price city
:return:
'''
# permission manage
perm1 = Permission(Need('need1', 'my_value'))
perm2 = Permission(Need('need2', 'my_value'))
# get the parameter from the form
lat = request.args.get('lati',44.977276 , type=float)
lon = request.args.get('long', -93.232266, type=float)
date = request.args.get('date', '', type=str)
time = request.args.get('time', "12:00", type=str)
global crime_model
top_2_result = crime_model.predict_from_rf(lat,lon,date,time,2)
maker_box = "Latitude:{0}<br>Longtitude:{1}<br>Time:{2}<br>Predictions: <ol>{3} for {4}</ol><ol>{5} for {6}</ol>".format(lat,lon,time,
top_2_result[0][0],top_2_result[0][1],top_2_result[1][0],top_2_result[1][1])
sndmap = Map(
identifier="sndmap",
varname="sndmap",
zoom=11,
lat=44.977276,
lng=-93.232266,
style="height:600px;width:1200px;margin:0;",
markers={
# icons.dots.green: [(37.4419, -122.1419), (37.4500, -122.1350)],
icons.dots.blue: [(lat, lon, maker_box)]
}
)
return render_template(
'minneapolis_crime_prediction/data_analysis_crimes.html',
permission1=perm1.can(),
permission2=perm2.can(),
user=session['username'],
sndmap=sndmap,
)
def first_tier_city_list():
'''
choose housing price city
:return:
'''
# 权限管理
city_list = { x for x in LIANJIA_MAP}
city_dict = {}
for pos,x in enumerate(city_list):
city_dict[pos+1] = x
perm1 = Permission(Need('need1', 'my_value'))
perm2 = Permission(Need('need2', 'my_value'))
return render_template('housing_price/city_dict.html',
title='Choose City',
permission1=perm1.can(),
permission2=perm2.can(),
user=session['username'],
city_dict=city_dict
)
def post(self, stream_id):
""" Create new entry. """
stream = Stream.query.get_or_404(stream_id)
add_entry_to_stream_permission = Permission(UserNeed(stream.creator_id))
if add_entry_to_stream_permission.can():
form = EntryForm()
if form.validate_on_submit():
entry = Entry()
form.populate_obj(entry)
entry.stream = stream
db.session.add(entry)
db.session.commit()
return {
'msg': 'Entry created.',
'entry': entry.to_json(),
}, 201
return {
'msg': 'Some attributes did not pass validation.',
'errors': form.errors,
}, 400
else:
return {
'msg': 'Only the creator can add entries to streams',
}, 403
def edit_post(id):
"""Edit existing blog post."""
post = Post.query.get_or_404(id)
permission = Permission(UserNeed(post.user.id))
if permission.can() or admin_permission.can():
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.text = form.text.data
post.publish_date = datetime.datetime.now()
db.session.commit()
return redirect(url_for('.post', post_id=post.id))
form.text.data = post.text
return render_template('edit.html', form=form, post=post)
abort(403)
def housing_price():
'''
controller layer for housing_price
:return:
'''
# 与界面交互
now = datetime.datetime.utcnow() - datetime.timedelta(days=1)
last_day = now - datetime.timedelta(days=80)
now_str = str(now)[:10]
last_day_str = str(last_day)[:10]
date_begin = request.args.get('begin', last_day_str, type=str)
date_end = request.args.get('end', now_str, type=str)
smooth_days = request.args.get('day', 0, type=int)
# get city name
city_name = request.args.get('city', 'Beijing', type=str)
# get housing_price_list
housing_price_model = HousingPriceModel()
housing_price_list = housing_price_model.get_housing_price_list(date_end,date_begin,smooth_days,city_name)
print housing_price_list
# list to json
housing_price_list_json = json.dumps(housing_price_list,encoding='utf-8')
# permission
perm1 = Permission(Need('need1', 'my_value'))
perm2 = Permission(Need('need2', 'my_value'))
perm3 = Permission(Need('need3', 'my_value'))
if perm2.can():
return render_template('housing_price/housing_price.html',
title=("{0} HousingPrice ".format(city_name)).decode('utf8'),
smooth=u'smooth days',
city_name=city_name,
module_list=housing_price_list_json,
smooth_num_list=smooth_num_list,
user=session['username'],
permission1=perm1.can(),
permission2=perm2.can(),
permission3=perm3.can(),
date_begin=date_begin,
date_end=date_end
)
return redirect(url_for('housing_price', _external=True, _scheme='http'))
def index():
perm1 = Permission(Need('need1', 'my_value'))
perm2 = Permission(Need('need2', 'my_value'))
perm3 = Permission(Need('need3', 'my_value'))
return render_template('index.html',
# rate_graph_dianshang_list=rate_graph_dianshang_list,
# rate_graph_work_list = rate_graph_work_list,
# rate_graph_others_list = rate_graph_others_list,
permission1=perm1.can(),
permission2=perm2.can(),
permission3=perm3.can(),
user=session['username']
)
# -*- coding: utf-8 -*-
"""
针对订单对象的权限,将用户管理相关的权限
"""
from collections import namedtuple
from flask.ext.principal import Permission
SubOrderManagement = namedtuple("sub_order", ["method"])
EditSubOrderWeight = SubOrderManagement("edit_sub_order_weight")
edit_sub_order_weight = Permission(EditSubOrderWeight)
edit_sub_order_weight.brief = u"修改子订单重量的权限"
OrderManagement = namedtuple("order", ["method"])
ViewOrder = OrderManagement("view_order")
ScheduleOrder = OrderManagement("schedule_order")
view_order = Permission(ViewOrder)
view_order.brief = u"查看订单的权限"
schedule_order = Permission(ScheduleOrder)
schedule_order.brief = u"调度订单的权限"
from flask.ext.restful import Api
from flask.ext.admin import Admin
from flask_debugtoolbar import DebugToolbarExtension
from flask.ext.cache import Cache
from flask.ext.assets import Environment
from flask.ext.celery import Celery
from celery.backends.redis import RedisBackend
from wfdb.models import User
login_manager = LoginManager()
login_manager.login_view = "main.login"
principal = Principal()
admin_permission = Permission(RoleNeed('admin'))
default_permission = Permission(RoleNeed('default'))
rest_api = Api()
admin = Admin()
toolbar = DebugToolbarExtension()
cache = Cache()
assets_env = Environment()
celery = Celery()
celery.backend = RedisBackend(app=celery)
@login_manager.user_loader
def load_user(userid):
return User.query.get(userid)
import sqlite3
import os
UPLOAD_FOLDER = 'uploads'
ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif'])
app = Flask(__name__)
Principal(app)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
problems = []
details = []
# Define Permission tags here.
logged_in_permission = Permission(('logged in'))
role_admin_permission = Permission(('role', 'admin'))
role_client_permission = Permission(('role', 'client'))
@app.before_request
def before_request():
g.db = sqlite3.connect("mydb.db")
@app.teardown_request
def teardown_request(exception):
if hasattr(g, 'db'):
g.db.close()
#Login/SignUp Page
@app.route('/login', methods = ['GET', 'POST'])
from flask import render_template, redirect, url_for, request, session, \
current_app
from flask.ext.login import login_user, logout_user, current_user, \
login_required
from flask.ext.principal import Identity, AnonymousIdentity, UserNeed, \
RoleNeed, identity_loaded, identity_changed, Permission
from . import app, db, facebook
from .models import User, Role
from .facebook import GraphAPI
# Permissions
a = db.session.query(Role).filter(Role.name == 'admin').first()
admin_permission = Permission(RoleNeed(a.name))
e = db.session.query(Role).filter(Role.name == 'editor').first()
editor_permission = Permission(RoleNeed(e.name))
@app.route('/')
def index():
return render_template('index.html')
@app.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated():
return redirect(url_for('index'))
return facebook.authorize(callback=url_for('facebook_authorized',
def dashboard():
lottery_complete = False # Lottery is complete, also show teams
hacker = Hacker.lookup_from_account_id(current_user.id)
if hacker.lottery_submitted():
lottery_complete = True
return {
'name': 'hacker_dashboard.html',
'context': {
'lottery_complete': lottery_complete
}
}
HackerPermission = Permission(RoleNeed('hacker'))
TeamPermission = Permission(AttributeNeed('admit', 'valid'))
@bp.route('/hackers', methods=['POST'])
@HackerPermission.require()
@before('lottery_closing')
def hackers():
form = LotteryForm()
# First find the hacker if they already exist
if not form.validate_on_submit():
raise BadDataError()
if form.school_id.data != "166683" and form.adult.data is not True:
raise BadDataError(
"Sorry, you need to be 18+ at the time of HackMIT to attend. Maybe next year?"
#!/usr/bin/env python
# coding=utf-8
from flask.ext.principal import RoleNeed, Permission
admin = Permission(RoleNeed('admin'))
common = Permission(RoleNeed('common'))
completed,
'confirmed':
confirmed,
'too_late':
too_late,
'profile_update_deadline':
format_utc_datetime(profile_deadline, eastern),
'mit':
mit,
'travel':
travel
}
}
ConfirmationPermission = Permission(AttributeNeed('admit', 'pending'))
UpdatePermission = Permission(AttributeNeed('admit', 'update'))
ResumePermission = ConfirmationPermission.union(UpdatePermission)
register_policy_route(
'/accounts/<int:account_id>/resume/policy', 'resume', ResumePermission,
lambda kwargs: 'accounts/' + str(kwargs['account_id']) + '/resume.pdf')
register_policy_route(
'/accounts/<int:account_id>/travel/policy', 'travel',
ConfirmationPermission,
lambda kwargs: 'accounts/' + str(kwargs['account_id']) + '/travel.pdf')
# -*- coding: UTF-8 -*-
from collections import namedtuple
from flask.ext.principal import Permission
WorkFlowManagement = namedtuple("user", ["method"])
HandleNodeNeed = WorkFlowManagement('handle_node')
handle_node = Permission(HandleNodeNeed)
handle_node.brief = u'处理工作流的权限'
# -*- coding: utf-8 -*-
"""
针对装卸货流程的权限管理
"""
from collections import namedtuple
from flask.ext.principal import Permission
UnloadSessionManagement = namedtuple("user", ["method"])
# 针对班组长的管理权限
EditUnloadSession = UnloadSessionManagement("edit_unload_session")
NewUnloadSession = UnloadSessionManagement("new_unload_session")
edit_us = Permission(EditUnloadSession)
edit_us.brief = u"修改卸货会话的权限"
new_us = Permission(NewUnloadSession)
new_us.brief = u"创建卸货会话的权限"
from flask import Flask
from flask.ext.sqlalchemy import SQLAlchemy
from flask.ext.login import LoginManager
from flask.ext.uploads import UploadSet, IMAGES, configure_uploads
from flask_wtf.csrf import CsrfProtect
from flask.ext.principal import Principal, Permission, RoleNeed
app = Flask(__name__)
app.config.from_object('config')
csrf = CsrfProtect()
csrf.init_app(app)
db = SQLAlchemy(app)
lm = LoginManager()
lm.init_app(app)
lm.login_view = 'login'
Principal(app)
admin_permission = Permission(RoleNeed(1))
avators = UploadSet('avators', IMAGES)
configure_uploads(app, avators)
pics = UploadSet('pics', IMAGES)
configure_uploads(app, pics)
from app import views, models
from flask.ext.principal import Permission, RoleNeed
from collections import namedtuple
from functools import partial
# Permission requiring that User must be admin to access resource
admin_permission = Permission(RoleNeed('admin'))
# Permission requiring User to be student to access resource
student_permission = Permission(RoleNeed('student'))
# create Need for only allowing Users to access Rides they request
RideNeed = namedtuple('ride', ['method', 'value'])
AccessRideNeed = partial(RideNeed, 'access')
"""
AccessRidePermission
--------------------
Permission for a specific Ride object.
Used so that Users can only access Rides they requested
"""
class AccessRidePermission(Permission):
def __init__(self, ride_id):
need = AccessRideNeed(unicode(ride_id))
super(AccessRidePermission, self).__init__(need)
def decorated_view(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
return _get_unauthorized_view()
def decorated_view(*args, **kwargs):
perms = [Permission(RoleNeed(role)) for role in roles]
for perm in perms:
if not perm.can():
return _get_unauthorized_view()
return fn(*args, **kwargs)
def edit(self):
return Permission(UserNeed(self.obj.pk)) & admin
def is_admin(self):
return Permission(UserNeed(self.obj.id)) & admin
import json, sys, traceback
from flask import Blueprint, request, render_template, flash, g, session, \
redirect, url_for
from flask.ext.principal import RoleNeed, UserNeed, Permission
from flask.ext.login import login_required
mod_billing = Blueprint('billing', __name__, url_prefix='/billing')
admin_permission = Permission(RoleNeed('1')).union(Permission(RoleNeed('0')))
from monitor.billing.models import *
from monitor.functions import str_2_clock, opentime_from_month_csv
@mod_billing.route('/')
@login_required
@admin_permission.require(http_exception=403)
def billing_main():
time_str_arr = billingtime.get_all_timestr()
return render_template('billing/billsreport.html', title='billing', \
time_arr=time_str_arr)
@mod_billing.route('/billsreport', methods=['POST', 'GET'])
@login_required
@admin_permission.require(http_exception=403)
def billsreport():
result = {}
info = None
load_result_bool = False
# -*- coding: UTF-8 -*-
from collections import namedtuple
from flask.ext.principal import Permission
DataManagement = namedtuple("data", ["method"])
ExportConsignment = DataManagement("export_consignment")
export_consignment = Permission(ExportConsignment)
export_consignment.brief = u"导出发货单的权限"
sql_storage = SQLAStorage(engine, metadata=meta)
blog = BloggingEngine(app, sql_storage)
mail = Mail(app)
babel = Babel(app)
sentry = Sentry(app)
# Needs
be_admin = RoleNeed('admin')
be_user = RoleNeed('user')
be_guest = RoleNeed('quest')
be_blogger = RoleNeed('blogger')
be_performer = RoleNeed('performer')
# Permissions
guest_per = Permission(be_guest)
guest_per.description = "Guest's permissions"
user_per = Permission(be_user)
user_per.description = "User's permissions"
blogger_per = Permission(be_blogger)
blogger_per.description = "Blogger's permissions"
performer_per = Permission(be_performer)
performer_per.description = "Performer's permissions"
admin_per = Permission(be_admin)
admin_per.description = "Admin's permissions"
admin_or_performer_per = Permission(be_admin, be_performer)
def test_permission_union_denial():
p1 = Permission(('a', 'b'))
p2 = Denial(('a', 'c'))
p3 = p1.union(p2)
assert p1.issubset(p3)
assert p2.issubset(p3)
def try_edit(self, processed_objs=None):
Permission.union(SchedulerPermission, CargoClerkPermission).test()
if processed_objs:
if processed_objs[0].order.refined or processed_objs[0].order.dispatched:
raise PermissionDenied
"""
.. module: lemur.auth.permissions
:platform: Unix
:synopsis: This module defines all the permission used within Lemur
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
:license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <*****@*****.**>
"""
from functools import partial
from collections import namedtuple
from flask.ext.principal import Permission, RoleNeed
# Permissions
operator_permission = Permission(RoleNeed('operator'))
admin_permission = Permission(RoleNeed('admin'))
CertificateCreator = namedtuple('certificate', ['method', 'value'])
CertificateCreatorNeed = partial(CertificateCreator, 'key')
CertificateOwner = namedtuple('certificate', ['method', 'value'])
CertificateOwnerNeed = partial(CertificateOwner, 'role')
class SensitiveDomainPermission(Permission):
def __init__(self):
super(SensitiveDomainPermission, self).__init__(RoleNeed('admin'))
class CertificatePermission(Permission):
def __init__(self, certificate_id, owner, roles):
def perm_definalize_record(record):
if not record.is_agg_final():
return Denial(need.everybody)
return Permission(need.admin,
*get_roles_for_subject('reviewer', record.subject))
# -*- coding: utf-8 -*-
__author__ = 'shn7798'
from flask.ext.principal import Permission, RoleNeed
from flask.ext.login import LoginManager
from FlaskZhihu.models import User
admin = Permission(RoleNeed('admin'))
auth = Permission(RoleNeed('authenticated'))
login_manager = LoginManager()
login_manager.login_view = 'UserView:login'
@login_manager.user_loader
def user_loader(user_id):
if not user_id:
return None
try:
return User.find_by_id(user_id, abort404=True)
except Exception as e:
print e
return None
def test_reverse_permission():
p = Permission(('a', 'b'))
d = p.reverse()
print d.deny
assert ('a', 'b') in d.deny
def perm_preview_aggregation():
return Permission(need.admin, need.expert, need.reporter, need.reviewer)
from cloudmesh_install import config_file
from flask import Blueprint, g, render_template, request
from flask.ext.login import login_required
from cloudmesh.config.ConfigDict import ConfigDict
from cloudmesh.launcher.cm_launcher_db import cm_launcher_db
from flask.ext.principal import Permission, RoleNeed
from cloudmesh.config.cm_config import cm_config
import subprocess
from pprint import pprint
from cloudmesh_common.logger import LOGGER
LOG_MSG = LOGGER(__file__)
launch_module = Blueprint('launch _module', __name__)
RAIN_PERMISSION = Permission(RoleNeed('rain'))
#
# ROUTE: launch
#
# list of recipies which we need to get from cm_launcher.yaml
# @RAIN_PERMISSION.require(http_exception=403)
# @login_required
# @RAIN_PERMISSION.require(http_exception=403)
@launch_module.route('/cm/launch/launch_servers/', methods=["POST", "GET"])
def launch_servers():
config = cm_config()
data = {
def perm_view_reports():
return Permission(need.admin, need.expert, need.reporter, need.reviewer)
def perm_edit_refvals():
return Permission(need.admin, need.expert, need.reporter, need.reviewer)
#### Create the Flask-Assets's instance
assets_env = Environment()
# Define the set for js and css file.
main_css = Bundle('css/bootstrap.css',
'css/bootstrap-theme.css',
filters='cssmin',
output='assets/css/common.css')
main_js = Bundle('js/bootstrap.js',
filters='jsmin',
output='assets/js/common.js')
#### Create the Flask-Login's instance
login_manager = LoginManager()
# Init the permission object via RoleNeed(Need).
admin_permission = Permission(RoleNeed('admin'))
poster_permission = Permission(RoleNeed('poster'))
default_permission = Permission(RoleNeed('default'))
# Setup the configuration for login manager.
# 1. Set the login page.
# 2. Set the more stronger auth-protection.
# 3. Show the information when you are logging.
# 4. Set the Login Messages type as `information`.
login_manager.login_view = "main.login"
login_manager.session_protection = "strong"
login_manager.login_message = "Please login to access this page."
login_manager.login_message_category = "info"
# login_manager.anonymous_user = CustomAnonymousUser
#### Create the Flask-OAuth's instance
oauth = OAuth()
def delete(self):
return Permission(UserNeed(self.obj.pk)) & admin
from flask import Flask, render_template
from flask.ext.sqlalchemy import SQLAlchemy
from flask.ext.login import LoginManager, current_user
from flask.ext.principal import (Principal, Permission, identity_loaded,
RoleNeed, UserNeed)
app = Flask(__name__)
app.config.from_object('config')
db = SQLAlchemy(app)
login_manager = LoginManager()
login_manager.setup_app(app)
principals = Principal(app)
admin_permission = Permission(RoleNeed('admin'))
from app.users.models import Users
@login_manager.user_loader
def load_user(userid):
return Users.by_id(userid)
@app.errorhandler(404)
def non_fount(error):
return render_template('404.html'), 404
@app.route('/', methods=[
# -*- coding: UTF-8 -*-
"""
@author: Yangminghua
@version: $
"""
from collections import namedtuple
from flask.ext.principal import Permission
WorkCommandManagement = namedtuple("work_command", ["method"])
ViewWorkCommand = WorkCommandManagement("view_work_command")
ScheduleWorkCommand = WorkCommandManagement("schedule_work_command")
view_work_command = Permission(ViewWorkCommand)
view_work_command.brief = u"查看工单的权限"
schedule_work_command = Permission(ScheduleWorkCommand)
schedule_work_command.brief = u"调度工单的权限"
if __name__ == "__main__":
from litefac.permissions.order import ViewOrder ,ScheduleOrder
print ViewWorkCommand == ViewOrder
print ScheduleOrder == ScheduleWorkCommand
if os.path.isfile(app_config_file):
app.config.from_pyfile(app_config_file, silent=True)
elif platform == "linux2" and os.path.isfile('/etc/astrobox/application.cfg'):
app.config.from_pyfile('/etc/astrobox/application.cfg', silent=True)
assets = Environment(app)
Compress(app)
userManager = None
eventManager = None
loginManager = None
softwareManager = None
discoveryManager = None
principals = Principal(app)
admin_permission = Permission(RoleNeed("admin"))
user_permission = Permission(RoleNeed("user"))
# only import the octoprint stuff down here, as it might depend on things defined above to be initialized already
from octoprint.server.util import LargeResponseHandler, ReverseProxied, restricted_access, PrinterStateConnection, admin_validator, UrlForwardHandler, user_validator
from astroprint.printer.manager import printerManager
from octoprint.settings import settings
import octoprint.util as util
import octoprint.events as events
#import octoprint.timelapse
import astroprint.users as users
from astroprint.software import softwareManager as swManager
from astroprint.boxrouter import boxrouterManager
from astroprint.network.manager import networkManager
from flask.ext.principal import Identity, AnonymousIdentity, identity_changed, identity_loaded
from functools import wraps
app = Flask(__name__)
app.config["SECRET_KEY"] = "123123123"
app.config["SERVER_NAME"] = "127.0.0.1:5007"
login_manager = LoginManager()
login_manager.init_app(app)
# load the extension
principals = Principal(app)
# Create a permission with a single Need, in this case a RoleNeed.
admin_permission = Permission(RoleNeed('admin'))
user_permission = Permission(RoleNeed('user'))
@app.errorhandler(PermissionDenied)
def handle_invalid_usage(error):
response = jsonify(error.to_dict())
response.status_code = error.status_code
return response
def requires_roles(*roles):
def wrapper(f):
@wraps(f)
def wrapped(*args, **kwargs):
if hasattr(current_user, 'roles'):
# -*- coding: utf-8 -*-
"""
permissions.py
~~~~~~~~~~~
Application configuration
:copyright: (c) 2013.
:license: BSD, see LICENSE for more details.
"""
from flask.ext.principal import Permission, RoleNeed
adm = Permission(RoleNeed('admin'))
moderator = Permission(RoleNeed('moderator'))
auth = Permission(RoleNeed('authenticated'))
