def add_permission():
"""添加权限"""
if request.method == 'GET':
pers = Permission.query.all()
return render_template('addpermission.html', pers=pers)
if request.method == 'POST':
p_name = request.form.get('p_name')
p_er = request.form.get('p_er')
p_name_test_repeat = Permission.query.filter(
Permission.p_name == p_name).first()
if p_name_test_repeat:
msg = '*权限名称重复'
return render_template('addpermission.html', msg=msg)
p_er_test_repeat = Permission.query.filter(
Permission.p_er == p_er).first()
if p_er_test_repeat:
msg1 = '*权限简写名重复'
return render_template('addpermission.html', msg1=msg1)
permission = Permission(p_name=p_name, p_er=p_er)
permission.save()
return redirect(url_for('user.permission_list'))
def post(self):
try:
parser = reqparse.RequestParser()
parser.add_argument('id', type=int)
parser.add_argument('permission', type=str)
parser.add_argument('detail', type=str)
parser.add_argument('created_by', type=str)
parser.add_argument('created_date', type=str)
parser.add_argument('updated_by', type=str)
parser.add_argument('updated_date', type=str)
## yyyy/mm/dd format
a = time.strftime("%Y/%m/%d")
args = parser.parse_args()
id = args['id']
permission = args['permission']
detail = args['detail']
created_by = args['created_by']
created_date = a
updated_by = args['updated_by']
updated_date = args['updated_by']
r = Permission(id, permission, detail, created_by, created_date,
updated_by, updated_date)
db.session.add(r)
db.session.commit()
return "Role Added"
except Exception as e:
return {'error': str(e)}
def Role(userid):
if request.method == 'GET':
pass
elif request.method == 'POST':
if request.json:
try:
payload = User.validated_token(request.json['token'])
user = User.query.filter_by(username=payload['sub']).first()
# TODO: Get tab owner information
staff = user
if staff.username == user.username:
role = Permission(user.id,
request.json['tab_id'],
role=request.json['permission'])
db.session.add(role)
db.session.commit()
responseObject = {
'state': 'success',
'msg': 'success create user permission'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {'state': 'fail', 'msg': str(e)}
return make_response(jsonify(responseObject)), 200
elif request.method == 'PATCH':
pass
return abort(400)
def set_permissions(user_id, service_id):
# TODO fix security hole, how do we verify that the user
# who is making this request has permission to make the request.
service_user = dao_get_service_user(user_id, service_id)
user = service_user.user
service = dao_fetch_service_by_id(service_id=service_id)
data = request.get_json()
validate(data, post_set_permissions_schema)
permission_list = [
Permission(service_id=service_id, user_id=user_id, permission=p['permission'])
for p in data['permissions']
]
service_key = "service_id_{}".format(service_id)
change_dict = {service_key: service_id, "permissions": permission_list}
try:
_update_alert(user, change_dict)
except Exception as e:
current_app.logger.error(e)
permission_dao.set_user_service_permission(user, service, permission_list, _commit=True, replace=True)
if 'folder_permissions' in data:
folders = [
dao_get_template_folder_by_id_and_service_id(folder_id, service_id)
for folder_id in data['folder_permissions']
]
service_user.folders = folders
dao_update_service_user(service_user)
return jsonify({}), 204
def create_permissions(user, service, *permissions):
permissions = [
Permission(service_id=service.id, user_id=user.id, permission=p)
for p in permissions
]
permission_dao.set_user_service_permission(user, service, permissions)
def set_permissions(user_id, service_id):
# TODO fix security hole, how do we verify that the user
# who is making this request has permission to make the request.
service_user = dao_get_service_user(user_id, service_id)
user = service_user.user
service = dao_fetch_service_by_id(service_id=service_id)
data = request.get_json()
validate(data, post_set_permissions_schema)
permission_list = [
Permission(service_id=service_id,
user_id=user_id,
permission=p['permission']) for p in data['permissions']
]
permission_dao.set_user_service_permission(user,
service,
permission_list,
_commit=True,
replace=True)
if 'folder_permissions' in data:
folders = [
dao_get_template_folder_by_id_and_service_id(
folder_id, service_id)
for folder_id in data['folder_permissions']
]
service_user.folders = folders
dao_update_service_user(service_user)
return jsonify({}), 204
def add_permission():
if not request.json or not 'name' in request.json \
or not 'url' in request.json \
or not 'method' in request.json \
or not 'role' in request.json:
return jsonify({'status': 400})
name = request.json['name']
url = request.json['url']
method = request.json['method']
role = request.json['role']
result = Permission.query.filter_by(name=name,
url=url,
method=method,
role=role).count()
if result is not 0:
return jsonify({'flag': 'error', 'reason': '该权限已经存在', 'status': 400})
permission = Permission(name=name, url=url, method=method, role=role)
db.session.add(permission)
op_log = Oplog(id=g.user_id, reason='添加权限')
db.session.add(op_log)
db.session.commit()
return jsonify({
'flag': 'success',
'status': 200,
})
def test_add_existing_user_to_another_service_doesnot_change_old_permissions(
notify_db_session, ):
user = create_user()
service_one = Service(
name="service_one",
email_from="service_one",
message_limit=1000,
restricted=False,
created_by=user,
)
dao_create_service(service_one, user)
assert user.id == service_one.users[0].id
test_user_permissions = Permission.query.filter_by(service=service_one,
user=user).all()
assert len(test_user_permissions) == 8
other_user = User(
name="Other Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+447700900987",
)
save_model_user(other_user)
service_two = Service(
name="service_two",
email_from="service_two",
message_limit=1000,
restricted=False,
created_by=other_user,
)
dao_create_service(service_two, other_user)
assert other_user.id == service_two.users[0].id
other_user_permissions = Permission.query.filter_by(service=service_two,
user=other_user).all()
assert len(other_user_permissions) == 8
other_user_service_one_permissions = Permission.query.filter_by(
service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 0
# adding the other_user to service_one should leave all other_user permissions on service_two intact
permissions = []
for p in ["send_emails", "send_texts", "send_letters"]:
permissions.append(Permission(permission=p))
dao_add_user_to_service(service_one, other_user, permissions=permissions)
other_user_service_one_permissions = Permission.query.filter_by(
service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 3
other_user_service_two_permissions = Permission.query.filter_by(
service=service_two, user=other_user).all()
assert len(other_user_service_two_permissions) == 8
def insert_permissions(role_id, request_permissions):
permissions = []
for resource_id in request_permissions:
permission = Permission()
permission.roleIntID = role_id
permission.resourceIntID = resource_id
permissions.append(permission)
db.session.add_all(permissions)
db.session.commit()
async def test_has_perm():
perm = Permission(code="perm_code", name="perm_name")
await perm.save()
role = Role(code="role_code", name="role_name")
await role.save()
await role.permissions.add(perm)
identity = Identity()
await identity.save()
await identity.roles.add(role)
assert await identity.has_perm("perm_code")
assert not await identity.has_perm("fake_code")
def post(self):
name = request.form.get('name')
parent_id = request.form.get('parent_id')
if not name or Permission.query.filter_by(name=name).first():
abort(400)
if not parent_id:
root = Permission.query.filter_by(name='root').first()
parent_id = root.id if root else None
p = Permission(name, parent_id)
db.session.add(p)
db.session.commit()
return jsonify({'id': p.id, 'name': p.name})
def create_new_permission():
req = request.get_json(force=True)
name = req.get('name', None)
description = req.get('description', None)
if Permission.query.get(name):
return jsonify({
"success": False,
"message": "The permission is already exist",
"error": 501
}), 501
new_permission = Permission(name=name, description=description).create()
return jsonify({"success": True, "permission": new_permission.format()})
def post(self):
args = parser.parse_args()
permission = Permission()
merge(permission, args)
try:
with safe_session(db):
db.session.add(permission)
except sqlalchemy.exc.IntegrityError:
raise IllegalPermissionValueException()
return {Const.MESSAGE_KEY: '权限创建成功'}, Const.STATUS_OK
def post(self):
try:
json_data = request.get_json()
resource_id = json_data['form']['resource_id']
resource_pro = Resources.query.get(resource_id)
app_id = json_data['form']['app_id']
app_pro = Application.query.get(app_id)
action = json_data['form']['action']
action_value = sum(action)
perms = mapPerm.map_perm(action_value, resource_pro.resource_type)
if perms == []:
aciton_str = 'DISABLE'
else:
aciton_str = ('-').join(perms)
remark = app_pro.app_name + '-' + resource_pro.resource_name + '-' + resource_pro.resource_type + '-' + aciton_str
permission_name = resource_pro.resource_name + '-' + bin(
action_value)
pms_count = Permission.query.filter(
and_(Permission.resource_id == resource_id,
Permission.action == action_value)).count()
if pms_count != 0:
res = {
'code': 50000,
'message': 'ERROR: Permission is already exists!'
}
return jsonify(res)
else:
record = Permission(app_id=app_id,
resource_id=resource_id,
action=action_value,
remark=remark,
permission_name=permission_name)
db.session.add(record)
db.session.commit()
res = {
'code': 20000,
}
except Exception as e:
current_app.logger.info("ERROR:" + str(e))
res = {
'code':
50000,
'message':
'ERROR: Failed to add permission. Please drop email to [email protected]'
}
db.session.rollback()
finally:
db.session.close()
return jsonify(res)
def sample_user_service_permission(notify_db_session):
user = create_user()
service = create_service(user=user, check_if_service_exists=True)
permission = 'manage_settings'
data = {'user': user, 'service': service, 'permission': permission}
p_model = Permission.query.filter_by(user=user,
service=service,
permission=permission).first()
if not p_model:
p_model = Permission(**data)
db.session.add(p_model)
db.session.commit()
return p_model
def permissionmanagement(permission):
form = form_edit_permission()
if current_user.is_authenticated:
if current_user.check_permission(
'usercenter_permission_add') and permission == 'add':
return render_template('usercenter/add_permission.html',
title=_('Add Permission'),
form=form)
elif current_user.check_permission(
'usercenter_permission_add') and permission != None:
permission = permission.replace("%20", "+")
print(permission)
if Permission.query.filter(
Permission.permissionname == permission).count() == 1:
permissiontoedit = permission
else:
flash("No legal permission found")
else:
flash('You are not allowed to change permission settings')
return redirect(url_for('usercenter.lobby'))
form = form_edit_permission()
permission = Permission.query.filter(
Permission.permissionname == permission).first()
print(form.permissionname.data, form.permissionaction.data)
if form.validate_on_submit():
# Add new one
if Permission.query.filter(Permission.permissionname ==
permission.permissionname).count() == 0:
newpermission = Permission(
permissionname=form.permissionname.data,
action=form.permissionaction.data)
db.session.add(newpermission)
db.session.commit()
flash('Permission ' + form.permissionname.data +
' has been created')
elif Permission.query.filter(
Permission.permissionname ==
permission.permissionname).count() == 1:
permission = Permission.query.filter(
Permission.permissionname == permissiontoedit).first()
permission.permissionname = form.permissionname.data
permission.action = form.permissionaction.data
flash('Permission has been updated')
db.session.commit()
return render_template('usercenter/edit_permission.html',
title=_('Edit Permission'),
form=form,
permission=permission)
def post(self):
args = parser.parse_args()
# TODO 判断权限值是否是2N次方
permission = Permission()
merge(permission, args)
try:
with safe_session(db):
db.session.add(permission)
except sqlalchemy.exc.IntegrityError as e:
print('create permission error:', e)
return {Const.MESSAGE_KEY: '权限创建失败,权限值不能重复'}, Const.STATUS_ERROR
return {Const.MESSAGE_KEY: '权限创建成功'}, Const.STATUS_OK
def sample_user_service_permission(notify_db, notify_db_session, service=None, user=None, permission="manage_settings"):
if user is None:
user = create_user()
if service is None:
service = create_service(user=user, check_if_service_exists=True)
data = {
"user": user,
"service": service,
"permission": permission,
}
p_model = Permission.query.filter_by(user=user, service=service, permission=permission).first()
if not p_model:
p_model = Permission(**data)
db.session.add(p_model)
db.session.commit()
return p_model
def sample_user_service_permission(notify_db,
notify_db_session,
service=None,
user=None,
permission="manage_settings"):
if user is None:
user = create_user()
if service is None:
service = sample_service(notify_db, notify_db_session, user=user)
data = {'user': user, 'service': service, 'permission': permission}
p_model = Permission.query.filter_by(user=user,
service=service,
permission=permission).first()
if not p_model:
p_model = Permission(**data)
db.session.add(p_model)
db.session.commit()
return p_model
def add_user_to_service(service_id, user_id):
service = dao_fetch_service_by_id(service_id)
user = get_user_by_id(user_id=user_id)
if user in service.users:
error = 'User id: {} already part of service id: {}'.format(user_id, service_id)
raise InvalidRequest(error, status_code=400)
data = request.get_json()
validate(data, post_set_permissions_schema)
permissions = [
Permission(service_id=service_id, user_id=user_id, permission=p['permission'])
for p in data['permissions']
]
folder_permissions = data.get('folder_permissions', [])
dao_add_user_to_service(service, user, permissions, folder_permissions)
data = service_schema.dump(service).data
return jsonify(data=data), 201
def add_permission():
req_dict = request.get_json()
label = req_dict.get("label")
discripe = req_dict.get("discripe",'')
pid = req_dict.get("pid")
is_function = req_dict.get("is_function")
routing = req_dict.get("routing")
print("================添加权限=================",req_dict)
# 校验数据
param_keys = ["label","discripe","is_function"]
if is_function == "Y":
param_keys.append("routing")
param_dict = dict()
for i in param_keys:
param_dict.__setitem__(i,req_dict.get(i,''))
for key,value in param_dict.items():
if not value:
return jsonify(errno=RET.PARAMERR, errmsg="数据不完整,缺少%s"%key)
try:
exist = Permission.query.filter_by(label=label,discripe=discripe,pid=pid,is_function=is_function).all()
if exist:
return jsonify(errno=RET.OK,errmsg='该权限已存在,保存失败')
else:
permission = Permission(label=label,discripe=discripe,pid=pid,is_function=is_function,routing=routing)
permission.all_discripe=discripe
if pid:
parent_permission = Permission.query.filter_by(id=pid).first()
if not parent_permission:
return jsonify(errno=RET.DBERR, errmsg='没有此父级')
permission.all_discripe = parent_permission.all_discripe+'_'+discripe
permission.parent.append(parent_permission)
db.session.add(permission)
db.session.commit()
except Exception as e:
current_app.logger.error(e)
db.session.rollback()
return jsonify(errno=RET.DBERR, errmsg="数据库错误")
return jsonify(errno=RET.OK,errmsg="成功")
def test_accepts_jwt_with_permission_for_service(self, client, db_session,
required_permission):
@requires_user_in_service(required_permission=required_permission)
def endpoint_that_requires_permission_for_service():
pass
user = create_user()
service = create_service(service_name='some-service')
dao_add_user_to_service(service,
user,
permissions=[
Permission(service=service,
user=user,
permission=required_permission)
])
token = create_access_token(identity=user)
request.view_args['service_id'] = service.id
request.headers = {'Authorization': 'Bearer {}'.format(token)}
endpoint_that_requires_permission_for_service()
async def create_permissions(codes: List[str]):
permissions = [Permission(name=code, code=code) for code in codes]
await Permission.bulk_create(permissions)
async def create_permission(body: schemas.PermissionCreate):
if await Permission.filter(code=body.code).exists():
raise EvaException(message="provided permission code already exists")
permission = Permission(**body.dict())
await permission.save()
return schemas.PermissionDetail.from_orm(permission)
def process_permissions():
# todo: check if we have new perms / votes
client = get_active_rpc_client()
try:
perms = client.listpermissions("*", "*", True)
except Exception as e:
log.debug(e)
return
with data_session_scope() as session:
session.query(Permission).delete()
session.query(PendingVote).delete()
with data_session_scope() as session:
for perm in perms:
perm_type = perm['type']
perm_start = perm['startblock']
perm_end = perm['endblock']
address = perm['address']
Address.create_if_not_exists(session, address)
if perm_type not in [
enums.ISSUE, enums.CREATE, enums.MINE, enums.ADMIN
]:
continue
perm_obj = Permission(address=address,
perm_type=perm_type,
start_block=perm_start,
end_block=perm_end)
session.add(perm_obj)
for vote in perm['pending']:
start_block = vote['startblock']
end_block = vote['endblock']
# If candidate has already the permission continue.
if start_block == perm['startblock'] and end_block == perm[
'endblock']:
continue
for admin in vote['admins']:
Address.create_if_not_exists(session, admin)
vote_obj = PendingVote(address_from=admin,
address_to=address,
perm_type=perm_type,
start_block=start_block,
end_block=end_block)
session.add(vote_obj)
signals.votes_changed.emit()
with profile_session_scope() as profile_db:
profile = Profile.get_active(profile_db)
with data_session_scope() as data_db:
is_admin, is_miner = Permission.get_permissions_for_address(
data_db, profile.address)
if is_admin != profile.is_admin:
profile.is_admin = is_admin
signals.is_admin_changed.emit(is_admin)
if is_miner != profile.is_miner:
profile.is_miner = is_miner
signals.is_miner_changed.emit(is_miner)
signals.permissions_changed.emit()
def post(self):
json_data = data_json()
per = Permission(email=json_data["email"], level=json_data["level"])
db.session.add(per)
db.session.commit()
return 200
def test_saving_and_retrieving_models(self):
company = Company()
company.name = 'PSL'
company.email = '*****@*****.**'
company.telephone = 7777777
company.save()
first_room = Room()
first_room.name = 'Peter Santamaria'
first_room.company = company
first_room.security_level = 2
first_room.description = 'Conference room'
first_room.id = 'r00m1'
first_room.save()
second_room = Room()
second_room.name = '201'
second_room.company = company
second_room.security_level = 1
second_room.description = 'Class room'
second_room.id = 'r00m2'
second_room.save()
third_room = Room()
third_room.name = 'rest'
third_room.company = company
third_room.security_level = 1
third_room.description = 'Rest room'
third_room.id = 'r00m3'
third_room.save()
event = Event()
event.name = 'My event'
event.company = company
event.start_date = datetime(2017, 3, 16)
event.end_date = datetime(2017, 3, 21)
event.event_id = '3v3nt'
event.rooms.add(first_room)
event.rooms.add(second_room)
event.rooms.add(third_room)
event.save()
enduser = EndUser()
enduser.id = 'u53r'
enduser.name = 'Sebastian'
enduser.last_name = 'Villegas'
enduser.email = '*****@*****.**'
enduser.save()
first_permission = Permission()
first_permission.user_id = enduser
first_permission.event = event
first_permission.id = '93rm151'
first_permission.save()
second_permission = Permission()
second_permission.user_id = enduser
second_permission.event = event
second_permission.id = '93rm152'
second_permission.save()
saved_company = Company.objects.first()
self.assertEqual(saved_company, company)
saved_rooms = Room.objects.all()
self.assertEqual(saved_rooms.count(), 3)
self.assertEqual(saved_rooms[0], first_room)
self.assertEqual(saved_rooms[1], second_room)
self.assertEqual(saved_rooms[2], third_room)
saved_event = Event.objects.first()
self.assertEqual(saved_event, event)
saved_enduser = EndUser.objects.first()
self.assertEqual(saved_enduser, enduser)
saved_permissions = Permission.objects.all()
self.assertEqual(saved_permissions.count(), 2)
self.assertEqual(saved_permissions[0], first_permission)
self.assertEqual(saved_permissions[1], second_permission)
def add_default_service_permissions_for_user(self, user, service):
for name in default_service_permissions:
permission = Permission(permission=name, user=user, service=service)
self.create_instance(permission, _commit=False)
