def priv_add(masterRole=None, masterId=None, object=None, objectId=None, operList=None, master="user"):
# role operation define default
role_privilege = {
"user": {"administrator": "add|del|upd|get|privilege_add|privilege_del|privilege_upd|privilege_query"},
"device": {
"administrator": "add|del|upd|get|privilege_add|privilege_del|privilege_upd|privilege_query",
"operator": "upd|query",
"guest": "query",
},
"sensor": {
"administrator": "add|del|upd|get|command|privilege_add|privilege_del|privilege_upd|privilege_query",
"operator": "upd|query|command",
"guest": "query",
},
}
if masterId is None:
masterId = "all"
if object is None:
object = "all"
if objectId is None:
objectId = "all"
if masterRole is None:
masterRole = "all"
if operList is None:
if role_privilege.has_key(object):
if role_privilege[object].has_key(masterRole):
operList = role_privilege[object][masterRole]
if operList is None:
return error.ERR_CODE_ERR_
return database.db_insert_privilege(master, masterId, masterRole, object, objectId, operList)
def priv_init():
"""
some default privilege table will be created in phase of iotx server init.
0 super user
1 any role can create a user
2 any role can access a device(if has accessKey, and login)
3 ...
"""
# get super user id , and create topest privilege table
row = database.db_select_user_by_name(configure.super_user_name)
if len(row) > 0:
database.db_insert_privilege("user", row[0], "all", "all", "all", "all")
database.db_insert_privilege("user", "all", "all", "user", "all", "add")
database.db_insert_privilege("user", "all", "all", "device", "all", "add")