def wrapper(): route = func.__name__ q_per = AuthManager.query.filter(AuthManager.route_name == '/' + route).all() if q_per: role = set() for p in q_per: permission = p.permission if permission: roles = permission.split(',') role.update(roles) if role: per = Permission() for r in role: if r: per = per.union(Permission(RoleNeed(r))) @per.require(http_exception=403) def f(): return func() return f() else: return func() else: return func()
def contact(retailer_id, contact_id): permisssion = Permission(RoleNeed('normal')) need = ItemNeed('access', 'retailer', retailer_id) if not permisssion.union(Permission(need)).can(): return abort(403) retailer = Retailer.query.get(retailer_id) contact = Contact.query.get(contact_id) if contact_id else Contact() contact_form = ContactForm(obj=contact) del contact_form.roles if contact_form.validate_on_submit(): contact_form.populate_obj(contact) contact.phone = contact_form.phone.data if not contact.id: retailer.contacts.append(contact) db.session.commit() flash(_('User updated.'), 'success') kwargs = { 'retailer_id': retailer.id, 'contact_id': contact.id, } return redirect(url_for('retailers_bp.contact', **kwargs)) context = { 'user_id': contact.id, 'retailer': retailer, 'tab_counts': tab_counts(retailer), 'contact': contact, 'contact_form': contact_form, } return render_template('retailers/contact.html', **context)
def before_request(): q_per = AuthManager.query.filter( AuthManager.route_name == request.path).all() if q_per: role = set() for p in q_per: permission = p.permission if permission: roles = permission.split(',') role.update(roles) if role: per = Permission() for r in role: if r: per = per.union(Permission(RoleNeed(r))) # print(per.can()) if current_user.username == 'god': return if not per.can(): abort(403) else: # print(request.path, "is not set auth.") pass
def test_permission_and(self): p1 = Permission(RoleNeed('boss')) p2 = Permission(RoleNeed('lackey')) p3 = p1 & p2 p4 = p1.union(p2) assert p3.needs == p4.needs
def index(): permisssion = Permission(RoleNeed('normal')) retailers = Retailer.query.all() for retailer in retailers[:]: need = ItemNeed('access', 'retailer', retailer.id) if not permisssion.union(Permission(need)).can(): retailers.remove(retailer) context = { 'retailers': retailers, } return render_template('retailers/index.html', **context)
def contacts(retailer_id): permisssion = Permission(RoleNeed('normal')) need = ItemNeed('access', 'retailer', retailer_id) if not permisssion.union(Permission(need)).can(): return abort(403) retailer = Retailer.query.get(retailer_id) context = { 'retailer': retailer, 'contacts': retailer.contacts, 'tab_counts': tab_counts(retailer), } return render_template('retailers/contacts.html', **context)
def index(retailer_id): permisssion = Permission(RoleNeed('normal')) need = ItemNeed('access', 'retailer', retailer_id) if not permisssion.union(Permission(need)).can(): return abort(403) retailer = Retailer.query.get(retailer_id) context = { 'retailer': retailer, 'stocks': retailer.stocks.filter(RetailerProduct.sold_date.is_(None)), 'tab_counts': tab_counts(retailer), } return render_template('retailers/stocks.html', **context)
def test_permission_or_excludes(self): p1 = Permission(RoleNeed('boss'), RoleNeed('lackey')).reverse() p2 = Permission(RoleNeed('lackey'), RoleNeed('underling')).reverse() p3 = p1 | p2 p4 = p1.union(p2) # Ensure that an `or` between sets also result in the expected # behavior. As expected, as "any of which must be present to # access a resource". p3excludes = p1.excludes | p2.excludes assert p3.excludes == p4.excludes assert p3.excludes == p3excludes
def sell(retailer_id, retailer_product_id): permisssion = Permission(RoleNeed('normal')) need = ItemNeed('access', 'retailer', retailer_id) if not permisssion.union(Permission(need)).can(): return abort(403) retailer = Retailer.query.get(retailer_id) retailer_product = RetailerProduct.query.get(retailer_product_id) if not retailer or not retailer_product or retailer.id != retailer_product.retailer_id: return abort(404) retailer_product.sold_date = date.today() db.session.commit() if tabapp.utils.request_wants_json(): return jsonify(success=_('Product sold.'), tab_counts=tab_counts(retailer)) flash(_('Product sold.'), 'success') kwargs = { 'retailer_id': retailer.id, } return redirect(url_for('retailers_stocks_bp.index', **kwargs))
def test_permission_union_denial(self): p1 = Permission(('a', 'b')) p2 = Denial(('a', 'c')) p3 = p1.union(p2) assert p1.issubset(p3) assert p2.issubset(p3)
db = SQLAlchemy(app) # 创建Login对象 login_manager = LoginManager() login_manager.init_app(app) login_manager.session_protection = "strong" login_manager.login_view = "login" login_manager.login_message = "" # Principal principal = Principal() principal.init_app(app) admin_permission = Permission(RoleNeed('admin')) agent_permission = Permission(RoleNeed('agent')) seller_permission = Permission(RoleNeed('seller')) admin_agent_permission = admin_permission.union(agent_permission) # a = admin_permission.union(user_permission) # b = admin_permission & user_permission # assert a.needs == b.needs # 创建Redis对象 cache = redis.StrictRedis(host='localhost', port=6379, db=0, decode_responses=True) # IP2Location ip2location = IP2Location() ip2location.open(os.path.join(BASE_DIR, 'static/ip/IP2LOCATION-LITE-DB11.BIN')) # ip2location.close() # GeoIP # geoip = geoip2.database.Reader(os.path.join(BASE_DIR, 'static/ip/GeoIP2-City.mmdb'))
from flask.ext.sqlalchemy import SQLAlchemy db = SQLAlchemy() from flask_principal import Principal, Permission, RoleNeed principal = Principal(use_sessions=True) pending_permission = Permission(RoleNeed(u'pending')) new_permission = pending_permission.union(Permission(RoleNeed(u'new'))) dev_permission = Permission(RoleNeed(u'dev')) admin_permission = dev_permission.union(Permission(RoleNeed(u'admin'))) user_permission = admin_permission.union(Permission(RoleNeed(u'user')))