Exemplo n.º 1
0
    def add(name, type_id, app_id):
        Resource.get_by(
            name=name, resource_type_id=type_id, app_id=app_id) and abort(
                400, "Resource <{0}> is already existed".format(name))

        return Resource.create(name=name,
                               resource_type_id=type_id,
                               app_id=app_id)
Exemplo n.º 2
0
    def update(_id, name):
        resource = Resource.get_by_id(_id) or abort(404, "Resource <{0}> is not found".format(_id))

        other = Resource.get_by(name=name, resource_type_id=resource.resource_type_id, to_dict=False, first=True)
        if other and other.id != _id:
            return abort(400, "Resource <{0}> is duplicated".format(name))

        return resource.update(name=name)
Exemplo n.º 3
0
    def has_permission(cls, rid, resource_name, resource_type, app_id, perm):
        resource_type = ResourceType.get_by(app_id=app_id,
                                            name=resource_type,
                                            first=True,
                                            to_dict=False)
        resource_type or abort(
            404, "ResourceType <{0}> is not found".format(resource_type))
        type_id = resource_type.id
        resource = Resource.get_by(name=resource_name,
                                   resource_type_id=type_id,
                                   first=True,
                                   to_dict=False)
        resource = resource or abort(
            403, "Resource <{0}> is not in ACL".format(resource_name))

        parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)

        group_ids = cls.get_group_ids(resource.id)
        for parent_id in parent_ids:
            id2perms = RoleRelationCache.get_resources(parent_id)
            perms = id2perms['id2perms'].get(resource.id, [])
            if perms and {perm}.issubset(set(perms)):
                return True

            for group_id in group_ids:
                perms = id2perms['group2perms'].get(group_id, [])
                if perms and {perm}.issubset(set(perms)):
                    return True

        return False
Exemplo n.º 4
0
    def delete(_id):
        resource = Resource.get_by_id(_id) or abort(404, "Resource <{0}> is not found".format(_id))

        resource.soft_delete()

        for i in RolePermission.get_by(resource_id=_id, to_dict=False):
            i.soft_delete()
            role_rebuild.apply_async(args=(i.rid,), queue=ACL_QUEUE)
Exemplo n.º 5
0
    def delete(cls, rt_id):
        rt = ResourceType.get_by_id(rt_id) or abort(
            404, "ResourceType <{0}> is not found".format(rt_id))

        if Resource.get_by(resource_type_id=rt_id):
            return abort(
                400,
                "At least one instance of this type exists and cannot be deleted"
            )

        cls.update_perms(rt_id, [], rt.app_id)

        rt.soft_delete()
Exemplo n.º 6
0
Arquivo: acl.py Projeto: 13052020/cmdb
    def _get_resource(self, name, resource_type_name):
        resource_type = ResourceType.get_by(name=resource_type_name,
                                            first=True,
                                            to_dict=False)
        resource_type or abort(
            404,
            "ResourceType <{0}> cannot be found".format(resource_type_name))

        return Resource.get_by(resource_type_id=resource_type.id,
                               app_id=self.app_id,
                               name=name,
                               first=True,
                               to_dict=False)
Exemplo n.º 7
0
    def del_resource(self, name, resource_type_name=None):
        resource_type = ResourceType.get_by(name=resource_type_name,
                                            first=True,
                                            to_dict=False)
        if resource_type:
            return abort(
                400, "ResourceType <{0}> cannot be found".format(
                    resource_type_name))

        resource = Resource.get_by(resource_type_id=resource_type.id,
                                   app_id=self.app_id,
                                   name=name,
                                   first=True,
                                   to_dict=False)
        if resource:
            ResourceCRUD.delete(resource.id)
Exemplo n.º 8
0
    def get_permissions(cls, rid, resource_name):
        resource = Resource.get_by(name=resource_name,
                                   first=True,
                                   to_dict=False)
        resource = resource or abort(
            403, "Resource <{0}> is not in ACL".format(resource_name))

        parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)
        group_ids = cls.get_group_ids(resource.id)

        perms = []
        for parent_id in parent_ids:
            id2perms = RoleRelationCache.get_resources(parent_id)
            perms += id2perms['id2perms'].get(parent_id, [])

            for group_id in group_ids:
                perms += id2perms['group2perms'].get(group_id, [])

        return set(perms)
Exemplo n.º 9
0
    def delete(_id):
        resource = Resource.get_by_id(_id) or abort(404, "Resource <{0}> is not found".format(_id))

        resource.soft_delete()