def getAuthorizedUsers(request, *args, **kwargs): response = { "code" : 0, "message" : "", "users" : [] } userinfo = UserInfo.getUserInfo(request) fullpath = userinfo.getHomePath() + request.POST.get("path") authType = int(request.POST.get("type")) if userinfo.isAdmin() : file_id = index.dir_get(fullpath) if file_id is not None : for user in UserAuthority.objects.filter(file_id=file_id) : if authType & 4 and not user.readable : continue elif authType & 2 and not user.writeable : continue elif authType & 1 and not user.deletable : continue response['users'].append([user.username.username, user.username.getName(), user.username.usertype]) else : response['code'] = 1 response['message'] = "최고 관리자만 가능합니다" return HttpResponse(json.dumps(response))
def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None) : """ Directory 권한 설정 성공 시 경로 식별자 ID "" 실패 시 -1 예외 메시지 """ file_id = index.dir_get(fullPath) message = "" if file_id is None : params = {} if inherit is not None : params["inherit"] = inherit if readable is not None : params["readable"] = readable if writeable is not None : params["writeable"] = writeable if deletable is not None : params["deletable"] = deletable try : with transaction.atomic() : descriptor = FileDescriptor(file=fullPath, reference_id=0, **params) descriptor.save() index.dir_set(fullPath, descriptor.file_id) file_id = descriptor.file_id except Exception as err : error("auth.dir.set : " + err.__str__()) file_id = -1 message = err.__str__() else : try : descriptor = FileDescriptor.objects.get(file_id=file_id) file_id = descriptor.file_id if inherit is not None : descriptor.inherit = inherit if readable is not None : descriptor.readable = readable if writeable is not None : descriptor.writeable = writeable if deletable is not None : descriptor.deletable = deletable descriptor.save() except Exception as err : error("auth.dir.set : " + err.__str__()) file_id = -2 message = err.__str__() return (file_id, message)
def delAuth(fullPath) : """ Directory 권한 삭제 """ file_id = index.dir_get(fullPath) if file_id is None : return True elif index.dir_del(fullPath): FileDescriptor.objects.filter(file_id=file_id).delete() FileDescriptor.objects.filter(reference_id=file_id).delete() return True else : return False
def delAuth(fullPath): """ Directory 권한 삭제 """ file_id = index.dir_get(fullPath) if file_id is None: return True elif index.dir_del(fullPath): FileDescriptor.objects.filter(file_id=file_id).delete() FileDescriptor.objects.filter(reference_id=file_id).delete() return True else: return False
def getDefaultAuthority(request, *args, **kwargs): path = request.POST.get("path") response = { "path" : path, "register" : False, "readable" : config.DEFAULT_AUTH_DIR_READABLE, "writeable" : config.DEFAULT_AUTH_DIR_WRITEABLE, "deletable" : config.DEFAULT_AUTH_DIR_DELETABLE, "inherit" : config.DEFAULT_AUTH_DIR_INHERIT } userinfo = UserInfo.getUserInfo(request) fullpath = userinfo.getHomePath() + path file_id = index.dir_get(fullpath) if file_id is not None : fileDescriptor = FileDescriptor.objects.get(file_id=file_id) response['register'] = True response['readable'] = fileDescriptor.readable response['writeable'] = fileDescriptor.writeable response['deletable'] = fileDescriptor.deletable response['inherit'] = fileDescriptor.inherit return HttpResponse(json.dumps(response))
def getAuth(userinfo, fullPath, mode = 0x07): """ 조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다. """ if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic() : return (True, True, True) readable = not (mode & 0x04) | userinfo.isMetic() writeable = not (mode & 0x02) deletable = not (mode & 0x01) normFullPath = os.path.normpath(fullPath) descriptor = None file_id = index.dir_get(fullPath) # 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음. # info("ROOT : " + userinfo.getHomePath()) # info("COMP : " + normFullPath) if normFullPath == userinfo.getHomePath() : inheritable = False else : inheritable = True if file_id is not None and file_id >= 0 : try : descriptor = FileDescriptor.objects.get(file_id=file_id) readable |= descriptor.readable writeable |= descriptor.writeable deletable |= descriptor.deletable if not (readable and writeable and deletable) : users = [] users.append(userinfo) for user in UserGroups.objects.filter(user=userinfo) : users.append(user.group) for userAuthority in UserAuthority.objects.filter(username__in=users, file_id=file_id) : readable |= userAuthority.readable writeable |= userAuthority.writeable deletable |= userAuthority.deletable if readable and writeable and deletable : break if not (readable and writeable and deletable) and inheritable and descriptor.inherit : auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] except Exception as err: error("auth.dir.get : " + err.__str__()) pass elif not userinfo.isGuest() or config.USING_GUEST : readable = config.DEFAULT_AUTH_DIR_READABLE writeable = config.DEFAULT_AUTH_DIR_WRITEABLE deletable = config.DEFAULT_AUTH_DIR_DELETABLE # 상속받는 경우 if not(readable and writeable and deletable) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT : auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] # 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다. if userinfo.isGuest() and normFullPath == config.getHomeGuest() : readable = True return (readable, writeable, deletable)
def setAuthorizedUsers(request, *args, **kwargs): response = { "code" : 0, "message" : "", "users" : [] } userinfo = UserInfo.getUserInfo(request) fullpath = userinfo.getHomePath() + request.POST.get("path") ids = request.POST.getlist("ids[]") readable = request.POST.get('readable') readable = (readable == "1", None)[readable == None] writeable = request.POST.get('writeable') writeable = (writeable == "1", None)[writeable == None] deletable = request.POST.get('deletable') deletable = (deletable == "1", None)[deletable == None] if userinfo.isAdmin() : file_id = index.dir_get(fullpath) if file_id is None : file_id = Directory.setAuth(fullpath, config.DEFAULT_AUTH_DIR_INHERIT, config.DEFAULT_AUTH_DIR_READABLE, config.DEFAULT_AUTH_DIR_WRITEABLE, config.DEFAULT_AUTH_DIR_DELETABLE)[0] fileDescriptor = FileDescriptor.objects.get(file_id=file_id) try : with transaction.atomic() : for authUser in UserInfo.objects.filter(username__in=ids) : userAuthority = None try : userAuthority = UserAuthority.objects.get(username=authUser, file_id=fileDescriptor) if (readable is not None and userAuthority.readable == readable) or \ (writeable is not None and userAuthority.writeable == writeable) or \ (deletable is not None and userAuthority.deletable == deletable) : continue except Exception as err : userAuthority = UserAuthority(username=authUser, file_id=fileDescriptor) if readable is not None : userAuthority.readable = readable if writeable is not None : userAuthority.writeable = writeable if deletable is not None : userAuthority.deletable = deletable userAuthority.save() response['users'].append([ authUser.username, authUser.getName(), authUser.usertype, userAuthority.readable, userAuthority.writeable, userAuthority.deletable]) except Exception as err : response['code'] = -2 response['message'] = err.__str__() response['users'].clear() else : response['code'] = 1 response['message'] = "최고 관리자만 가능합니다" return HttpResponse(json.dumps(response))
def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None): """ Directory 권한 설정 성공 시 경로 식별자 ID "" 실패 시 -1 예외 메시지 """ file_id = index.dir_get(fullPath) message = "" if file_id is None: params = {} if inherit is not None: params["inherit"] = inherit if readable is not None: params["readable"] = readable if writeable is not None: params["writeable"] = writeable if deletable is not None: params["deletable"] = deletable try: with transaction.atomic(): descriptor = FileDescriptor(file=fullPath, reference_id=0, **params) descriptor.save() index.dir_set(fullPath, descriptor.file_id) file_id = descriptor.file_id except Exception as err: error("auth.dir.set : " + err.__str__()) file_id = -1 message = err.__str__() else: try: descriptor = FileDescriptor.objects.get(file_id=file_id) file_id = descriptor.file_id if inherit is not None: descriptor.inherit = inherit if readable is not None: descriptor.readable = readable if writeable is not None: descriptor.writeable = writeable if deletable is not None: descriptor.deletable = deletable descriptor.save() except Exception as err: error("auth.dir.set : " + err.__str__()) file_id = -2 message = err.__str__() return (file_id, message)
def getAuth(userinfo, fullPath, mode=0x07): """ 조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다. """ if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic(): return (True, True, True) readable = not (mode & 0x04) | userinfo.isMetic() writeable = not (mode & 0x02) deletable = not (mode & 0x01) normFullPath = os.path.normpath(fullPath) descriptor = None file_id = index.dir_get(fullPath) # 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음. # info("ROOT : " + userinfo.getHomePath()) # info("COMP : " + normFullPath) if normFullPath == userinfo.getHomePath(): inheritable = False else: inheritable = True if file_id is not None and file_id >= 0: try: descriptor = FileDescriptor.objects.get(file_id=file_id) readable |= descriptor.readable writeable |= descriptor.writeable deletable |= descriptor.deletable if not (readable and writeable and deletable): users = [] users.append(userinfo) for user in UserGroups.objects.filter(user=userinfo): users.append(user.group) for userAuthority in UserAuthority.objects.filter( username__in=users, file_id=file_id): readable |= userAuthority.readable writeable |= userAuthority.writeable deletable |= userAuthority.deletable if readable and writeable and deletable: break if not (readable and writeable and deletable) and inheritable and descriptor.inherit: auth_inherit = Directory.getAuth( userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] except Exception as err: error("auth.dir.get : " + err.__str__()) pass elif not userinfo.isGuest() or config.USING_GUEST: readable = config.DEFAULT_AUTH_DIR_READABLE writeable = config.DEFAULT_AUTH_DIR_WRITEABLE deletable = config.DEFAULT_AUTH_DIR_DELETABLE # 상속받는 경우 if not (readable and writeable and deletable ) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT: auth_inherit = Directory.getAuth( userinfo, FileManager.getParent(fullPath)) readable |= auth_inherit[0] writeable |= auth_inherit[1] deletable |= auth_inherit[2] # 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다. if userinfo.isGuest() and normFullPath == config.getHomeGuest(): readable = True return (readable, writeable, deletable)