def delete_role(role_id, modifier_id):
query = UserRole.all()
query.filter("role_id =", role_id)
if query.count() > 0 :
raise CoreError("The role %s is set to user, can not be deleted." % role_id)
role = Role.get_by_key(int(role_id))
delete_roleoperations(role_id=role_id)
role.delete(modifier_id)
def has_permission(user_id, operation_key, oqlparams=None):
b = False
cachekey = '%d:%s:%r' % (user_id, operation_key, oqlparams)
perm = cache.get(CACHESPACE_PERMISSION, cachekey)
if perm != None:
return perm
query = stdModel.all()
query.model(UserRole.get_modelname(), "a")
query.model(Role.get_modelname(), "b", join="inner", on="a.role_id=b.uid")
query.model(RoleOperation.get_modelname(), "c", join="inner", on="c.role_id=b.uid")
query.model(Operation.get_modelname(), "d", join="inner", on="c.operation_key=d.operation_key")
query.what("a.user_id", alias="user_id")
query.what("b.uid", alias="role_id")
query.what("d.operation_key", alias="operation_key")
query.what("d.handler_classes", alias="handler_classes")
query.what("d.resource_oql", alias="resource_oql")
query.what("a.user_id", alias="user_id")
query.filter("a.user_id =", user_id)
if operation_key is not None:
query.filter("d.operation_key =", operation_key)
std = query.get()
if std != None:
if std.resource_oql != None:
operation = get_operation(operation_key=operation_key)
params = operation.get_resource_oql_paramnames()
if len(params) != len(oqlparams):
raise UnauthorizedError()
query = stdModel.all()
if oqlparams != None and len(oqlparams) > 0 :
query = query.sql(std.resource_oql, sql_vars=oqlparams)
else:
query = query.sql(std.resource_oql)
if query.count() > 0:
b = True
else:
b = True
cache.put(CACHESPACE_PERMISSION, cachekey, b)
return b
def delete_userrole(user_id, role_id, modifier_id):
userrole = UserRole(user_id=user_id, role_id=role_id)
if userrole is not None:
userrole.delete(modifier_id)
def create_userrole(user_id, role_id, modifier_id):
userrole = UserRole(user_id=user_id, role_id=role_id)
userrole.create(modifier_id)
