def consignment_product(id_): from flask.ext.principal import Permission Permission.union(CargoClerkPermission, AccountantPermission).test() import litefac.apis as apis current_product = apis.delivery.ConsignmentProductWrapper.get_product(id_) if current_product: if request.method == "GET": return dict(current=current_product, product_types=apis.product.get_product_types(), products=json.dumps(apis.product.get_products()), team_list=apis.manufacture.get_team_list(), titlename=u"发货产品详情") else: class ProductForm(Form): team_id = IntegerField("team_id") product_id = IntegerField("product_id") weight = IntegerField("weight") returned_weight = IntegerField("returned_weight") spec = TextField("spec") type = TextField("type") unit = TextField("unit") form = ProductForm(request.form) current_product.update(**form.data) return redirect( request.form.get("url") or url_for("delivery.consignment", id_=current_product.consignment.id)) else: return _(u"没有该产品编号:%d" + id_), 404
class Policy: def __init__(self, name): self.name = name self._action_need = ActionNeed(name) self._permission = Permission(self._action_need) def __str__(self): return self.name def __repr__(self): return '<Policy %s>' % self.name def can(self): return self._permission.can() def require(self, *args, **kwargs): return self._permission.require(*args, **kwargs) @property def permission(self): return self._permission @property def action_need(self): return self._action_need
def test_permission_difference(): p1 = Permission(('a', 'b'), ('a', 'c')) p2 = Permission(('a', 'c'), ('d', 'e')) p3 = p1.difference(p2) assert p3.allow == set([('a', 'b')]) p4 = p2.difference(p1) assert p4.allow == set([('d', 'e')])
def test_contains(): p1 = Permission(RolePermit('boss'), RolePermit('lackey')) p2 = Permission(RolePermit('lackey')) assert p2.issubset(p1) assert p2 in p1
def consignment(id_=None): import litefac.apis as apis from flask.ext.principal import Permission Permission.union(CargoClerkPermission, AccountantPermission).test() if request.method == "GET": cons = apis.delivery.get_consignment(id_) team_list = apis.manufacture.get_team_list() if not cons: abort(404) else: return dict(plate=cons.plate, consignment=cons, titlename=u'发货单详情', team_list=team_list) else: if id_: cons = apis.delivery.get_consignment(id_) if not cons: abort(404) params = {} if request.form: params["pay_in_cash"] = request.form.get("pay_in_cash", type=int) params["notes"] = request.form.get("notes") try: cons.update(cons.id, **params) if CargoClerkPermission.can(): flash(u"更新成功") except ValueError, e: flash(unicode(e.message), "error") else: if cons.pay_in_cash: cons.paid() flash(u"支付成功") return redirect(url_for("delivery.consignment", id_=id_, url=request.form.get("url")))
def get(self, user_id): """ Get details for a given user. """ personal_details_view = Permission(UserNeed(user_id)) is_self = personal_details_view.can() user = User.query.get_or_404(user_id) return { 'user': user.to_json(include_personal_data=is_self), }
def test(self, *records): if self._model_view.permission_required: def _get_edit_need(obj): pk = self._model_view.modell.get_pk_value(obj) return self._model_view.edit_need(pk) needs = [_get_edit_need(record) for record in records] perm = Permission(*needs).union(Permission( self._model_view.edit_all_need)) return 0 if perm.can() else ACTION_IMPERMISSIBLE
def decorated_view(*args, **kwargs): perm = Permission(*[RoleNeed(role) for role in roles]) if perm.can(): return fn(*args, **kwargs) r1 = [r for r in roles] r2 = [r.name for r in current_user.roles] _logger.debug('Current user does not provide a required role. ' 'Accepted: %s Provided: %s' % (r1, r2)) return _get_unauthorized_view()
def decorated_view(*args, **kwargs): iden = Identity(g.user.id) for r in g.user.roles: iden.provides.add(RoleNeed(r.name)) g.identity = iden perm = Permission(*[RoleNeed(role) for role in roles]) if perm.can(): return fn(*args, **kwargs) abort(403, message=u"Недостаточно прав!")
def test_permission_and(): p1 = Permission(RolePermit('boss')) p2 = Permission(RolePermit('lackey')) p3 = p1 & p2 p4 = p1.union(p2) assert p3.allow == p4.allow
def test_permission_or(): p1 = Permission(RolePermit('boss'), RolePermit('lackey')) p2 = Permission(RolePermit('lackey'), RolePermit('underling')) p3 = p1 | p2 p4 = p1.difference(p2) assert p3.allow == p4.allow
def test_identity_allowed(): p1 = Permission(RolePermit('boss'), RolePermit('lackey')) p2 = Permission(RolePermit('lackey')) i = Identity(1) i.provides(RolePermit('boss')) assert p1.allows(i) == True assert p2.allows(i) == False
def delete(self, entry_id): """ Delete the entry with the given ID. """ entry = Entry.query.get(entry_id) delete_permission = Permission(UserNeed(entry.stream.creator_id)) if delete_permission.can(): db.session.delete(entry) return {'msg': 'Entry deleted.'} else: return { 'msg': 'Only the stream creator can delete entries.', }, 403
def delete(self, stream_id): """ Delete the stream with the given ID. """ stream = Stream.query.get_or_404(stream_id) delete_permission = Permission(UserNeed(stream.creator_id)) if delete_permission.can(): movie = stream.movie movie.number_of_streams -= 1 db.session.delete(stream) db.session.add(movie) return {'msg': 'Stream deleted.'} else: return { 'msg': "You're not allowed to delete this stream." }, 403
def has_permission(self, permission_type, objectId): if objectId is None: return True admin = Permission(RoleNeed(ROLE_ADMIN)) if isinstance(permission_type, tuple): for permission_type_item in permission_type: permission = permission_type_item(unicode(objectId)) if permission.can() or admin.can(): return True else: permission = permission_type(unicode(objectId)) if permission.can() or admin.can(): return True return False
def us_airline_delay_prediction(): ''' choose :return: ''' # permission management # 权限管理 perm1 = Permission(Need('need1', 'my_value')) perm2 = Permission(Need('need2', 'my_value')) return render_template('us_airline_delay_prediction/data_analysis.html', permission1=perm1.can(), permission2=perm2.can(), user=session['username'], )
def consignment_preview(id_): from flask.ext.principal import Permission Permission.union(CargoClerkPermission, AccountantPermission).test() import lite_mms.apis as apis cons = apis.delivery.get_consignment(id_) if not cons: abort(404) else: per_page = apis.config.get("print_count_per_page", 5.0, type=float) import math pages = int(math.ceil(len(cons.product_list) / per_page)) return dict(plate=cons.plate, consignment=cons, titlename=u'发货单详情', pages=pages, per_page=per_page)
def put(self, stream_id): """ Update the stream with the given ID. """ stream = Stream.query.get_or_404(stream_id) edit_permission = Permission(UserNeed(stream.creator_id)) if edit_permission.can(): form = StreamForm(obj=stream) if form.validate_on_submit(): form.populate_obj(stream) return { 'msg': 'Stream updated.', 'stream': stream.to_json(), } return { 'msg': 'Some attributes did not pass validation.', 'errors': form.errors, }, 400 else: return { 'msg': "You're not allowed to edit this stream" }, 403
def put(self, entry_id): """ Update the entry with the given ID. """ entry = Entry.query.get_or_404(entry_id) put_permission = Permission(UserNeed(entry.stream.creator_id)) if put_permission.can(): form = EntryForm(obj=entry) if form.validate_on_submit(): form.populate_obj(entry) return { 'msg': 'Entry updated.', 'entry': entry.to_json(), } return { 'msg': 'Some attributes did not pass validation.', 'errors': form.errors, }, 400 else: return { 'msg': "Only the stream creator can edit it's entries.", }, 403
def minneapolis_simple_analysis(): ''' choose housing price city :return: ''' # permission manage perm1 = Permission(Need('need1', 'my_value')) perm2 = Permission(Need('need2', 'my_value')) # get the parameter from the form lat = request.args.get('lati',44.977276 , type=float) lon = request.args.get('long', -93.232266, type=float) date = request.args.get('date', '', type=str) time = request.args.get('time', "12:00", type=str) global crime_model top_2_result = crime_model.predict_from_rf(lat,lon,date,time,2) maker_box = "Latitude:{0}<br>Longtitude:{1}<br>Time:{2}<br>Predictions: <ol>{3} for {4}</ol><ol>{5} for {6}</ol>".format(lat,lon,time, top_2_result[0][0],top_2_result[0][1],top_2_result[1][0],top_2_result[1][1]) sndmap = Map( identifier="sndmap", varname="sndmap", zoom=11, lat=44.977276, lng=-93.232266, style="height:600px;width:1200px;margin:0;", markers={ # icons.dots.green: [(37.4419, -122.1419), (37.4500, -122.1350)], icons.dots.blue: [(lat, lon, maker_box)] } ) return render_template( 'minneapolis_crime_prediction/data_analysis_crimes.html', permission1=perm1.can(), permission2=perm2.can(), user=session['username'], sndmap=sndmap, )
def first_tier_city_list(): ''' choose housing price city :return: ''' # 权限管理 city_list = { x for x in LIANJIA_MAP} city_dict = {} for pos,x in enumerate(city_list): city_dict[pos+1] = x perm1 = Permission(Need('need1', 'my_value')) perm2 = Permission(Need('need2', 'my_value')) return render_template('housing_price/city_dict.html', title='Choose City', permission1=perm1.can(), permission2=perm2.can(), user=session['username'], city_dict=city_dict )
def post(self, stream_id): """ Create new entry. """ stream = Stream.query.get_or_404(stream_id) add_entry_to_stream_permission = Permission(UserNeed(stream.creator_id)) if add_entry_to_stream_permission.can(): form = EntryForm() if form.validate_on_submit(): entry = Entry() form.populate_obj(entry) entry.stream = stream db.session.add(entry) db.session.commit() return { 'msg': 'Entry created.', 'entry': entry.to_json(), }, 201 return { 'msg': 'Some attributes did not pass validation.', 'errors': form.errors, }, 400 else: return { 'msg': 'Only the creator can add entries to streams', }, 403
def edit_post(id): """Edit existing blog post.""" post = Post.query.get_or_404(id) permission = Permission(UserNeed(post.user.id)) if permission.can() or admin_permission.can(): form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.text = form.text.data post.publish_date = datetime.datetime.now() db.session.commit() return redirect(url_for('.post', post_id=post.id)) form.text.data = post.text return render_template('edit.html', form=form, post=post) abort(403)
def housing_price(): ''' controller layer for housing_price :return: ''' # 与界面交互 now = datetime.datetime.utcnow() - datetime.timedelta(days=1) last_day = now - datetime.timedelta(days=80) now_str = str(now)[:10] last_day_str = str(last_day)[:10] date_begin = request.args.get('begin', last_day_str, type=str) date_end = request.args.get('end', now_str, type=str) smooth_days = request.args.get('day', 0, type=int) # get city name city_name = request.args.get('city', 'Beijing', type=str) # get housing_price_list housing_price_model = HousingPriceModel() housing_price_list = housing_price_model.get_housing_price_list(date_end,date_begin,smooth_days,city_name) print housing_price_list # list to json housing_price_list_json = json.dumps(housing_price_list,encoding='utf-8') # permission perm1 = Permission(Need('need1', 'my_value')) perm2 = Permission(Need('need2', 'my_value')) perm3 = Permission(Need('need3', 'my_value')) if perm2.can(): return render_template('housing_price/housing_price.html', title=("{0} HousingPrice ".format(city_name)).decode('utf8'), smooth=u'smooth days', city_name=city_name, module_list=housing_price_list_json, smooth_num_list=smooth_num_list, user=session['username'], permission1=perm1.can(), permission2=perm2.can(), permission3=perm3.can(), date_begin=date_begin, date_end=date_end ) return redirect(url_for('housing_price', _external=True, _scheme='http'))
def index(): perm1 = Permission(Need('need1', 'my_value')) perm2 = Permission(Need('need2', 'my_value')) perm3 = Permission(Need('need3', 'my_value')) return render_template('index.html', # rate_graph_dianshang_list=rate_graph_dianshang_list, # rate_graph_work_list = rate_graph_work_list, # rate_graph_others_list = rate_graph_others_list, permission1=perm1.can(), permission2=perm2.can(), permission3=perm3.can(), user=session['username'] )
# -*- coding: utf-8 -*- """ 针对订单对象的权限,将用户管理相关的权限 """ from collections import namedtuple from flask.ext.principal import Permission SubOrderManagement = namedtuple("sub_order", ["method"]) EditSubOrderWeight = SubOrderManagement("edit_sub_order_weight") edit_sub_order_weight = Permission(EditSubOrderWeight) edit_sub_order_weight.brief = u"修改子订单重量的权限" OrderManagement = namedtuple("order", ["method"]) ViewOrder = OrderManagement("view_order") ScheduleOrder = OrderManagement("schedule_order") view_order = Permission(ViewOrder) view_order.brief = u"查看订单的权限" schedule_order = Permission(ScheduleOrder) schedule_order.brief = u"调度订单的权限"
from flask.ext.restful import Api from flask.ext.admin import Admin from flask_debugtoolbar import DebugToolbarExtension from flask.ext.cache import Cache from flask.ext.assets import Environment from flask.ext.celery import Celery from celery.backends.redis import RedisBackend from wfdb.models import User login_manager = LoginManager() login_manager.login_view = "main.login" principal = Principal() admin_permission = Permission(RoleNeed('admin')) default_permission = Permission(RoleNeed('default')) rest_api = Api() admin = Admin() toolbar = DebugToolbarExtension() cache = Cache() assets_env = Environment() celery = Celery() celery.backend = RedisBackend(app=celery) @login_manager.user_loader def load_user(userid): return User.query.get(userid)
import sqlite3 import os UPLOAD_FOLDER = 'uploads' ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif']) app = Flask(__name__) Principal(app) app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER problems = [] details = [] # Define Permission tags here. logged_in_permission = Permission(('logged in')) role_admin_permission = Permission(('role', 'admin')) role_client_permission = Permission(('role', 'client')) @app.before_request def before_request(): g.db = sqlite3.connect("mydb.db") @app.teardown_request def teardown_request(exception): if hasattr(g, 'db'): g.db.close() #Login/SignUp Page @app.route('/login', methods = ['GET', 'POST'])
from flask import render_template, redirect, url_for, request, session, \ current_app from flask.ext.login import login_user, logout_user, current_user, \ login_required from flask.ext.principal import Identity, AnonymousIdentity, UserNeed, \ RoleNeed, identity_loaded, identity_changed, Permission from . import app, db, facebook from .models import User, Role from .facebook import GraphAPI # Permissions a = db.session.query(Role).filter(Role.name == 'admin').first() admin_permission = Permission(RoleNeed(a.name)) e = db.session.query(Role).filter(Role.name == 'editor').first() editor_permission = Permission(RoleNeed(e.name)) @app.route('/') def index(): return render_template('index.html') @app.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated(): return redirect(url_for('index')) return facebook.authorize(callback=url_for('facebook_authorized',
def dashboard(): lottery_complete = False # Lottery is complete, also show teams hacker = Hacker.lookup_from_account_id(current_user.id) if hacker.lottery_submitted(): lottery_complete = True return { 'name': 'hacker_dashboard.html', 'context': { 'lottery_complete': lottery_complete } } HackerPermission = Permission(RoleNeed('hacker')) TeamPermission = Permission(AttributeNeed('admit', 'valid')) @bp.route('/hackers', methods=['POST']) @HackerPermission.require() @before('lottery_closing') def hackers(): form = LotteryForm() # First find the hacker if they already exist if not form.validate_on_submit(): raise BadDataError() if form.school_id.data != "166683" and form.adult.data is not True: raise BadDataError( "Sorry, you need to be 18+ at the time of HackMIT to attend. Maybe next year?"
#!/usr/bin/env python # coding=utf-8 from flask.ext.principal import RoleNeed, Permission admin = Permission(RoleNeed('admin')) common = Permission(RoleNeed('common'))
completed, 'confirmed': confirmed, 'too_late': too_late, 'profile_update_deadline': format_utc_datetime(profile_deadline, eastern), 'mit': mit, 'travel': travel } } ConfirmationPermission = Permission(AttributeNeed('admit', 'pending')) UpdatePermission = Permission(AttributeNeed('admit', 'update')) ResumePermission = ConfirmationPermission.union(UpdatePermission) register_policy_route( '/accounts/<int:account_id>/resume/policy', 'resume', ResumePermission, lambda kwargs: 'accounts/' + str(kwargs['account_id']) + '/resume.pdf') register_policy_route( '/accounts/<int:account_id>/travel/policy', 'travel', ConfirmationPermission, lambda kwargs: 'accounts/' + str(kwargs['account_id']) + '/travel.pdf')
# -*- coding: UTF-8 -*- from collections import namedtuple from flask.ext.principal import Permission WorkFlowManagement = namedtuple("user", ["method"]) HandleNodeNeed = WorkFlowManagement('handle_node') handle_node = Permission(HandleNodeNeed) handle_node.brief = u'处理工作流的权限'
# -*- coding: utf-8 -*- """ 针对装卸货流程的权限管理 """ from collections import namedtuple from flask.ext.principal import Permission UnloadSessionManagement = namedtuple("user", ["method"]) # 针对班组长的管理权限 EditUnloadSession = UnloadSessionManagement("edit_unload_session") NewUnloadSession = UnloadSessionManagement("new_unload_session") edit_us = Permission(EditUnloadSession) edit_us.brief = u"修改卸货会话的权限" new_us = Permission(NewUnloadSession) new_us.brief = u"创建卸货会话的权限"
from flask import Flask from flask.ext.sqlalchemy import SQLAlchemy from flask.ext.login import LoginManager from flask.ext.uploads import UploadSet, IMAGES, configure_uploads from flask_wtf.csrf import CsrfProtect from flask.ext.principal import Principal, Permission, RoleNeed app = Flask(__name__) app.config.from_object('config') csrf = CsrfProtect() csrf.init_app(app) db = SQLAlchemy(app) lm = LoginManager() lm.init_app(app) lm.login_view = 'login' Principal(app) admin_permission = Permission(RoleNeed(1)) avators = UploadSet('avators', IMAGES) configure_uploads(app, avators) pics = UploadSet('pics', IMAGES) configure_uploads(app, pics) from app import views, models
from flask.ext.principal import Permission, RoleNeed from collections import namedtuple from functools import partial # Permission requiring that User must be admin to access resource admin_permission = Permission(RoleNeed('admin')) # Permission requiring User to be student to access resource student_permission = Permission(RoleNeed('student')) # create Need for only allowing Users to access Rides they request RideNeed = namedtuple('ride', ['method', 'value']) AccessRideNeed = partial(RideNeed, 'access') """ AccessRidePermission -------------------- Permission for a specific Ride object. Used so that Users can only access Rides they requested """ class AccessRidePermission(Permission): def __init__(self, ride_id): need = AccessRideNeed(unicode(ride_id)) super(AccessRidePermission, self).__init__(need)
def decorated_view(*args, **kwargs): perm = Permission(*[RoleNeed(role) for role in roles]) if perm.can(): return fn(*args, **kwargs) return _get_unauthorized_view()
def decorated_view(*args, **kwargs): perms = [Permission(RoleNeed(role)) for role in roles] for perm in perms: if not perm.can(): return _get_unauthorized_view() return fn(*args, **kwargs)
def edit(self): return Permission(UserNeed(self.obj.pk)) & admin
def is_admin(self): return Permission(UserNeed(self.obj.id)) & admin
import json, sys, traceback from flask import Blueprint, request, render_template, flash, g, session, \ redirect, url_for from flask.ext.principal import RoleNeed, UserNeed, Permission from flask.ext.login import login_required mod_billing = Blueprint('billing', __name__, url_prefix='/billing') admin_permission = Permission(RoleNeed('1')).union(Permission(RoleNeed('0'))) from monitor.billing.models import * from monitor.functions import str_2_clock, opentime_from_month_csv @mod_billing.route('/') @login_required @admin_permission.require(http_exception=403) def billing_main(): time_str_arr = billingtime.get_all_timestr() return render_template('billing/billsreport.html', title='billing', \ time_arr=time_str_arr) @mod_billing.route('/billsreport', methods=['POST', 'GET']) @login_required @admin_permission.require(http_exception=403) def billsreport(): result = {} info = None load_result_bool = False
# -*- coding: UTF-8 -*- from collections import namedtuple from flask.ext.principal import Permission DataManagement = namedtuple("data", ["method"]) ExportConsignment = DataManagement("export_consignment") export_consignment = Permission(ExportConsignment) export_consignment.brief = u"导出发货单的权限"
sql_storage = SQLAStorage(engine, metadata=meta) blog = BloggingEngine(app, sql_storage) mail = Mail(app) babel = Babel(app) sentry = Sentry(app) # Needs be_admin = RoleNeed('admin') be_user = RoleNeed('user') be_guest = RoleNeed('quest') be_blogger = RoleNeed('blogger') be_performer = RoleNeed('performer') # Permissions guest_per = Permission(be_guest) guest_per.description = "Guest's permissions" user_per = Permission(be_user) user_per.description = "User's permissions" blogger_per = Permission(be_blogger) blogger_per.description = "Blogger's permissions" performer_per = Permission(be_performer) performer_per.description = "Performer's permissions" admin_per = Permission(be_admin) admin_per.description = "Admin's permissions" admin_or_performer_per = Permission(be_admin, be_performer)
def test_permission_union_denial(): p1 = Permission(('a', 'b')) p2 = Denial(('a', 'c')) p3 = p1.union(p2) assert p1.issubset(p3) assert p2.issubset(p3)
def try_edit(self, processed_objs=None): Permission.union(SchedulerPermission, CargoClerkPermission).test() if processed_objs: if processed_objs[0].order.refined or processed_objs[0].order.dispatched: raise PermissionDenied
""" .. module: lemur.auth.permissions :platform: Unix :synopsis: This module defines all the permission used within Lemur :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more :license: Apache, see LICENSE for more details. .. moduleauthor:: Kevin Glisson <*****@*****.**> """ from functools import partial from collections import namedtuple from flask.ext.principal import Permission, RoleNeed # Permissions operator_permission = Permission(RoleNeed('operator')) admin_permission = Permission(RoleNeed('admin')) CertificateCreator = namedtuple('certificate', ['method', 'value']) CertificateCreatorNeed = partial(CertificateCreator, 'key') CertificateOwner = namedtuple('certificate', ['method', 'value']) CertificateOwnerNeed = partial(CertificateOwner, 'role') class SensitiveDomainPermission(Permission): def __init__(self): super(SensitiveDomainPermission, self).__init__(RoleNeed('admin')) class CertificatePermission(Permission): def __init__(self, certificate_id, owner, roles):
def perm_definalize_record(record): if not record.is_agg_final(): return Denial(need.everybody) return Permission(need.admin, *get_roles_for_subject('reviewer', record.subject))
# -*- coding: utf-8 -*- __author__ = 'shn7798' from flask.ext.principal import Permission, RoleNeed from flask.ext.login import LoginManager from FlaskZhihu.models import User admin = Permission(RoleNeed('admin')) auth = Permission(RoleNeed('authenticated')) login_manager = LoginManager() login_manager.login_view = 'UserView:login' @login_manager.user_loader def user_loader(user_id): if not user_id: return None try: return User.find_by_id(user_id, abort404=True) except Exception as e: print e return None
def test_reverse_permission(): p = Permission(('a', 'b')) d = p.reverse() print d.deny assert ('a', 'b') in d.deny
def perm_preview_aggregation(): return Permission(need.admin, need.expert, need.reporter, need.reviewer)
from cloudmesh_install import config_file from flask import Blueprint, g, render_template, request from flask.ext.login import login_required from cloudmesh.config.ConfigDict import ConfigDict from cloudmesh.launcher.cm_launcher_db import cm_launcher_db from flask.ext.principal import Permission, RoleNeed from cloudmesh.config.cm_config import cm_config import subprocess from pprint import pprint from cloudmesh_common.logger import LOGGER LOG_MSG = LOGGER(__file__) launch_module = Blueprint('launch _module', __name__) RAIN_PERMISSION = Permission(RoleNeed('rain')) # # ROUTE: launch # # list of recipies which we need to get from cm_launcher.yaml # @RAIN_PERMISSION.require(http_exception=403) # @login_required # @RAIN_PERMISSION.require(http_exception=403) @launch_module.route('/cm/launch/launch_servers/', methods=["POST", "GET"]) def launch_servers(): config = cm_config() data = {
def perm_view_reports(): return Permission(need.admin, need.expert, need.reporter, need.reviewer)
def perm_edit_refvals(): return Permission(need.admin, need.expert, need.reporter, need.reviewer)
#### Create the Flask-Assets's instance assets_env = Environment() # Define the set for js and css file. main_css = Bundle('css/bootstrap.css', 'css/bootstrap-theme.css', filters='cssmin', output='assets/css/common.css') main_js = Bundle('js/bootstrap.js', filters='jsmin', output='assets/js/common.js') #### Create the Flask-Login's instance login_manager = LoginManager() # Init the permission object via RoleNeed(Need). admin_permission = Permission(RoleNeed('admin')) poster_permission = Permission(RoleNeed('poster')) default_permission = Permission(RoleNeed('default')) # Setup the configuration for login manager. # 1. Set the login page. # 2. Set the more stronger auth-protection. # 3. Show the information when you are logging. # 4. Set the Login Messages type as `information`. login_manager.login_view = "main.login" login_manager.session_protection = "strong" login_manager.login_message = "Please login to access this page." login_manager.login_message_category = "info" # login_manager.anonymous_user = CustomAnonymousUser #### Create the Flask-OAuth's instance oauth = OAuth()
def delete(self): return Permission(UserNeed(self.obj.pk)) & admin
from flask import Flask, render_template from flask.ext.sqlalchemy import SQLAlchemy from flask.ext.login import LoginManager, current_user from flask.ext.principal import (Principal, Permission, identity_loaded, RoleNeed, UserNeed) app = Flask(__name__) app.config.from_object('config') db = SQLAlchemy(app) login_manager = LoginManager() login_manager.setup_app(app) principals = Principal(app) admin_permission = Permission(RoleNeed('admin')) from app.users.models import Users @login_manager.user_loader def load_user(userid): return Users.by_id(userid) @app.errorhandler(404) def non_fount(error): return render_template('404.html'), 404 @app.route('/', methods=[
# -*- coding: UTF-8 -*- """ @author: Yangminghua @version: $ """ from collections import namedtuple from flask.ext.principal import Permission WorkCommandManagement = namedtuple("work_command", ["method"]) ViewWorkCommand = WorkCommandManagement("view_work_command") ScheduleWorkCommand = WorkCommandManagement("schedule_work_command") view_work_command = Permission(ViewWorkCommand) view_work_command.brief = u"查看工单的权限" schedule_work_command = Permission(ScheduleWorkCommand) schedule_work_command.brief = u"调度工单的权限" if __name__ == "__main__": from litefac.permissions.order import ViewOrder ,ScheduleOrder print ViewWorkCommand == ViewOrder print ScheduleOrder == ScheduleWorkCommand
if os.path.isfile(app_config_file): app.config.from_pyfile(app_config_file, silent=True) elif platform == "linux2" and os.path.isfile('/etc/astrobox/application.cfg'): app.config.from_pyfile('/etc/astrobox/application.cfg', silent=True) assets = Environment(app) Compress(app) userManager = None eventManager = None loginManager = None softwareManager = None discoveryManager = None principals = Principal(app) admin_permission = Permission(RoleNeed("admin")) user_permission = Permission(RoleNeed("user")) # only import the octoprint stuff down here, as it might depend on things defined above to be initialized already from octoprint.server.util import LargeResponseHandler, ReverseProxied, restricted_access, PrinterStateConnection, admin_validator, UrlForwardHandler, user_validator from astroprint.printer.manager import printerManager from octoprint.settings import settings import octoprint.util as util import octoprint.events as events #import octoprint.timelapse import astroprint.users as users from astroprint.software import softwareManager as swManager from astroprint.boxrouter import boxrouterManager from astroprint.network.manager import networkManager
from flask.ext.principal import Identity, AnonymousIdentity, identity_changed, identity_loaded from functools import wraps app = Flask(__name__) app.config["SECRET_KEY"] = "123123123" app.config["SERVER_NAME"] = "127.0.0.1:5007" login_manager = LoginManager() login_manager.init_app(app) # load the extension principals = Principal(app) # Create a permission with a single Need, in this case a RoleNeed. admin_permission = Permission(RoleNeed('admin')) user_permission = Permission(RoleNeed('user')) @app.errorhandler(PermissionDenied) def handle_invalid_usage(error): response = jsonify(error.to_dict()) response.status_code = error.status_code return response def requires_roles(*roles): def wrapper(f): @wraps(f) def wrapped(*args, **kwargs): if hasattr(current_user, 'roles'):
# -*- coding: utf-8 -*- """ permissions.py ~~~~~~~~~~~ Application configuration :copyright: (c) 2013. :license: BSD, see LICENSE for more details. """ from flask.ext.principal import Permission, RoleNeed adm = Permission(RoleNeed('admin')) moderator = Permission(RoleNeed('moderator')) auth = Permission(RoleNeed('authenticated'))