def wrapper():
route = func.__name__
q_per = AuthManager.query.filter(AuthManager.route_name == '/' +
route).all()
if q_per:
role = set()
for p in q_per:
permission = p.permission
if permission:
roles = permission.split(',')
role.update(roles)
if role:
per = Permission()
for r in role:
if r:
per = per.union(Permission(RoleNeed(r)))
@per.require(http_exception=403)
def f():
return func()
return f()
else:
return func()
else:
return func()
def contact(retailer_id, contact_id):
permisssion = Permission(RoleNeed('normal'))
need = ItemNeed('access', 'retailer', retailer_id)
if not permisssion.union(Permission(need)).can():
return abort(403)
retailer = Retailer.query.get(retailer_id)
contact = Contact.query.get(contact_id) if contact_id else Contact()
contact_form = ContactForm(obj=contact)
del contact_form.roles
if contact_form.validate_on_submit():
contact_form.populate_obj(contact)
contact.phone = contact_form.phone.data
if not contact.id:
retailer.contacts.append(contact)
db.session.commit()
flash(_('User updated.'), 'success')
kwargs = {
'retailer_id': retailer.id,
'contact_id': contact.id,
}
return redirect(url_for('retailers_bp.contact', **kwargs))
context = {
'user_id': contact.id,
'retailer': retailer,
'tab_counts': tab_counts(retailer),
'contact': contact,
'contact_form': contact_form,
}
return render_template('retailers/contact.html', **context)
def before_request():
q_per = AuthManager.query.filter(
AuthManager.route_name == request.path).all()
if q_per:
role = set()
for p in q_per:
permission = p.permission
if permission:
roles = permission.split(',')
role.update(roles)
if role:
per = Permission()
for r in role:
if r:
per = per.union(Permission(RoleNeed(r)))
# print(per.can())
if current_user.username == 'god':
return
if not per.can():
abort(403)
else:
# print(request.path, "is not set auth.")
pass
def test_permission_and(self):
p1 = Permission(RoleNeed('boss'))
p2 = Permission(RoleNeed('lackey'))
p3 = p1 & p2
p4 = p1.union(p2)
assert p3.needs == p4.needs
def test_permission_and(self):
p1 = Permission(RoleNeed('boss'))
p2 = Permission(RoleNeed('lackey'))
p3 = p1 & p2
p4 = p1.union(p2)
assert p3.needs == p4.needs
def index():
permisssion = Permission(RoleNeed('normal'))
retailers = Retailer.query.all()
for retailer in retailers[:]:
need = ItemNeed('access', 'retailer', retailer.id)
if not permisssion.union(Permission(need)).can():
retailers.remove(retailer)
context = {
'retailers': retailers,
}
return render_template('retailers/index.html', **context)
def contacts(retailer_id):
permisssion = Permission(RoleNeed('normal'))
need = ItemNeed('access', 'retailer', retailer_id)
if not permisssion.union(Permission(need)).can():
return abort(403)
retailer = Retailer.query.get(retailer_id)
context = {
'retailer': retailer,
'contacts': retailer.contacts,
'tab_counts': tab_counts(retailer),
}
return render_template('retailers/contacts.html', **context)
def index(retailer_id):
permisssion = Permission(RoleNeed('normal'))
need = ItemNeed('access', 'retailer', retailer_id)
if not permisssion.union(Permission(need)).can():
return abort(403)
retailer = Retailer.query.get(retailer_id)
context = {
'retailer': retailer,
'stocks': retailer.stocks.filter(RetailerProduct.sold_date.is_(None)),
'tab_counts': tab_counts(retailer),
}
return render_template('retailers/stocks.html', **context)
def test_permission_or_excludes(self):
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey')).reverse()
p2 = Permission(RoleNeed('lackey'), RoleNeed('underling')).reverse()
p3 = p1 | p2
p4 = p1.union(p2)
# Ensure that an `or` between sets also result in the expected
# behavior. As expected, as "any of which must be present to
# access a resource".
p3excludes = p1.excludes | p2.excludes
assert p3.excludes == p4.excludes
assert p3.excludes == p3excludes
def sell(retailer_id, retailer_product_id):
permisssion = Permission(RoleNeed('normal'))
need = ItemNeed('access', 'retailer', retailer_id)
if not permisssion.union(Permission(need)).can():
return abort(403)
retailer = Retailer.query.get(retailer_id)
retailer_product = RetailerProduct.query.get(retailer_product_id)
if not retailer or not retailer_product or retailer.id != retailer_product.retailer_id:
return abort(404)
retailer_product.sold_date = date.today()
db.session.commit()
if tabapp.utils.request_wants_json():
return jsonify(success=_('Product sold.'), tab_counts=tab_counts(retailer))
flash(_('Product sold.'), 'success')
kwargs = {
'retailer_id': retailer.id,
}
return redirect(url_for('retailers_stocks_bp.index', **kwargs))
def test_permission_union_denial(self):
p1 = Permission(('a', 'b'))
p2 = Denial(('a', 'c'))
p3 = p1.union(p2)
assert p1.issubset(p3)
assert p2.issubset(p3)
def test_permission_union_denial(self):
p1 = Permission(('a', 'b'))
p2 = Denial(('a', 'c'))
p3 = p1.union(p2)
assert p1.issubset(p3)
assert p2.issubset(p3)
db = SQLAlchemy(app)
# 创建Login对象
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.session_protection = "strong"
login_manager.login_view = "login"
login_manager.login_message = ""
# Principal
principal = Principal()
principal.init_app(app)
admin_permission = Permission(RoleNeed('admin'))
agent_permission = Permission(RoleNeed('agent'))
seller_permission = Permission(RoleNeed('seller'))
admin_agent_permission = admin_permission.union(agent_permission)
# a = admin_permission.union(user_permission)
# b = admin_permission & user_permission
# assert a.needs == b.needs
# 创建Redis对象
cache = redis.StrictRedis(host='localhost', port=6379, db=0, decode_responses=True)
# IP2Location
ip2location = IP2Location()
ip2location.open(os.path.join(BASE_DIR, 'static/ip/IP2LOCATION-LITE-DB11.BIN'))
# ip2location.close()
# GeoIP
# geoip = geoip2.database.Reader(os.path.join(BASE_DIR, 'static/ip/GeoIP2-City.mmdb'))
from flask.ext.sqlalchemy import SQLAlchemy db = SQLAlchemy() from flask_principal import Principal, Permission, RoleNeed principal = Principal(use_sessions=True) pending_permission = Permission(RoleNeed(u'pending')) new_permission = pending_permission.union(Permission(RoleNeed(u'new'))) dev_permission = Permission(RoleNeed(u'dev')) admin_permission = dev_permission.union(Permission(RoleNeed(u'admin'))) user_permission = admin_permission.union(Permission(RoleNeed(u'user')))
