class RoleParentCollectionApi(BaseApiResource): @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, role_id): role = req.context['role'] parents = Role.find({ 'name': { '$in': role.parents, } }) resp.media = [ p.to_dict() for p in parents ] @falcon.before(extract_params_object) @falcon.before(JsonSchema(''' definitions: parent: type: string minLength: 24 maxLength: 24 anyOf: - type: array items: $ref: "#/definitions/parent" - $ref: "#/definitions/parent" ''')) @falcon.before(permission_required) def on_post(self, req, resp, role_id): role = req.context['role'] params = req.media if isinstance(params, str): params = [params] resp.media = [] for p in params: if ObjectId(p) not in role.parents: role.parents.append(p) role.save() resp.media = [str(p) for p in role.parents] resp.status = falcon.HTTP_201 @falcon.before(extract_params_object) @falcon.before(JsonSchema(''' definitions: parent: type: string minLength: 24 maxLength: 24 type: array items: $ref: "#/definitions/parent" ''')) @falcon.before(permission_required) def on_put(self, req, resp, role_id): role = req.context['role'] params = req.media role.parents = params role.save() resp.media = [str(p) for p in role.parents]
class UserRoleCollectionApi(BaseApiResource): URL_PARAMS_SCHEMA = UrlParamsSchema(''' type: object properties: user_id: type: string minLength: 24 maxLength: 24 ''') @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, user_id): u = req.context['api_user'] roles = u.get_roles() ret = [r.to_json_dict() for r in roles] for r in ret: r.pop('permissions_all') resp.media = ret @falcon.before(extract_params_object) @falcon.before( JsonSchema(''' anyOf: - type: string - type: array items: type: string ''')) @falcon.before(permission_required) def on_post(self, req, resp, user_id): u = req.context['api_user'] role_names = req.media if isinstance(role_names, str): role_names = [role_names] u.update_one({'$addToSet': { 'role_names': { '$each': role_names, } }}) resp.media = role_names resp.status = falcon.HTTP_201 @falcon.before(extract_params_object) @falcon.before( JsonSchema(''' type: array items: { type: string } ''')) @falcon.before(permission_required) def on_put(self, req, resp, user_id): u = req.context['api_user'] role_names = req.media u.role_names = role_names u.save() resp.media = role_names
class RoleApi(BaseApiResource): @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, role_name): role = req.context['role'] resp.media = role.to_json_dict() @falcon.before(extract_params_object) @falcon.before( JsonSchema(''' type: object properties: name: { type: string } description: { type: string } ''')) @falcon.before(permission_required) def on_patch(self, req, resp, role_name): params = req.media role = req.context['role'] for k, v in params.items(): setattr(role, k, v) role.save() resp.media = role.to_json_dict() @falcon.before(extract_params_object) @falcon.before(permission_required) def on_delete(self, req, resp, role_name): role = req.context['role'] role.delete() resp.media = { 'title': 'Success', 'id': role_name, }
class UserLoginApi(BaseApiResource): def on_get(self, req, resp): session = req.context['session'] permissions = session.permissions if session.user: username = session.user.username else: username = '******' resp.media = { 'user_id': str(session.user_id), 'username': username, 'permissions': [p.to_json_dict() for p in permissions], 'is_guest': session.is_guest(), } @falcon.before( JsonSchema(''' type: object properties: username: { type: string } password: { type: string } required: [username, password] ''')) def on_post(self, req, resp): params = req.media try: username_attempt = params['username'] password_attempt = params['password'] except KeyError: raise falcon.HTTPInvalidParam('HTTP param not valid') u = User.find_one({'username': username_attempt}) if not u: raise falcon.HTTPUnauthorized('User %(username)s not exists' % params) if not password.verify_password(u.password, password_attempt): raise falcon.HTTPUnauthorized('Incorrect password') session = req.context['session'] session.login(u) permissions = u.get_permissions() resp.media = { 'title': 'Login Success', 'user_id': str(u.id), 'username': str(u.username), 'permissions': [p.to_json_dict() for p in permissions], } @falcon.before(login_required) def on_delete(self, req, resp): session = req.context['session'] session.logout() resp.unset_cookie('session_id') resp.media = { 'title': 'Logout Success', }
class UserPermissionCollectionApi(BaseApiResource): URL_PARAMS_SCHEMA = UrlParamsSchema(''' type: object properties: user_id: type: string minLength: 24 maxLength: 24 ''') @falcon.after(add_list_index) @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, user_id): user = req.context['api_user'] resp.media = [p.to_dict() for p in user.permissions] @falcon.after(add_list_index) @falcon.before(extract_params_object) @falcon.before( JsonSchema(''' definitions: permission: type: object properties: allow: { type: boolean } resource: { type: string } actions: type: array items: { type: string } pattern: (GET|POST|PUT|PATCH|DELETE) required: [allow, resource, actions] anyOf: - type: array items: $ref: "#/definitions/permission" - $ref: "#/definitions/permission" ''')) @falcon.before(permission_required) def on_post(self, req, resp, user_id): user = req.context['api_user'] params = req.media if isinstance(params, dict): params = [params] permissions = [] for p in params: permission = Permission(allow=p['allow'], resource=p['resource'], actions=p['actions']) if permission not in user.permissions: user.permissions.append(permission) user.save() resp.media = [p.to_dict() for p in user.permissions]
class RolePermissionApi(BaseApiResource): @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, role_id, permission_id): role = req.context['role'] permission = req.context['permission'] resp.media = permission.to_dict() @falcon.before(extract_params_object) @falcon.before(JsonSchema(''' type: object properties: allow: { type: boolean } resource: { type: string } actions: type: array items: { type: string } pattern: (GET|POST|PUT|PATCH|DELETE) required: [allow, resource, actions] ''')) @falcon.before(permission_required) def on_put(self, req, resp, role_id, permission_id): role = req.context['role'] params = req.media role.permissions[permission_id] = Permission( allow=params['allow'], resource=params['resource'], actions=[ Permission.Action.num_to_name()[a] for a in params['actions'] ] ) role.save() permission = role.permissions[permission_id] resp.media = permission.to_dict() @falcon.before(extract_params_object) @falcon.before(permission_required) def on_delete(self, req, resp, role_id, permission_id): role = req.context['role'] role.permissions.pop(permission_id) role.save() resp.media = { 'title': 'Success', 'role_name': role.name, 'permission_id': permission_id, }
class UserCollectionApi(BaseApiResource): @falcon.before(permission_required) def on_get(self, req, resp): all_users = User.find({}) resp.media = [u.to_json_dict() for u in all_users] @falcon.before( JsonSchema(''' type: object properties: username: { type: string } password: { type: string } email: type: string format: email phone_number: { type: string } required: [username, password, email, phone_number] ''')) def on_post(self, req, resp): time.sleep(1) # simulate server delay params = req.media try: username = params['username'] pwd = params['password'] email = params['email'] phone = params['phone_number'] except KeyError: raise falcon.HTTPBadRequest('Bad input body') e_password = password.encrypt_password(pwd) try: u = User( username=username, password=e_password, email=email, phone_number=phone, ) u.save() resp.status = falcon.HTTP_201 resp.media = { 'id': str(u.id), 'username': str(u.username), } except dberr.NotUniqueError as e: raise falcon.HTTPBadRequest('User already exists')
class RoleApi(BaseApiResource): @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, role_id): print("----------------") role = Role.by_id(role_id) if role: resp.media = role.to_dict() else: raise falcon.HTTPNotFound(description="Role不存在!") @falcon.before(extract_params_object) @falcon.before(JsonSchema(''' type: object properties: name: { type: string } description: { type: string } ''')) @falcon.before(permission_required) def on_patch(self, req, resp, role_id): params = req.media role = req.context['role'] for k, v in params.items(): setattr(role, k, v) role.save() resp.media = role.to_dict() @falcon.before(extract_params_object) @falcon.before(permission_required) def on_delete(self, req, resp, role_id): role = req.context['role'] role.delete() resp.media = { 'title': 'Success', 'id': role_id, }
class RoleCollectionApi(BaseApiResource): @falcon.before(permission_required) def on_get(self, req, resp): roles = Role.find({}) resp.media = [{ 'id': str(r.id), 'name': r.name, 'description': r.description, } for r in roles] @falcon.before(JsonSchema(''' definitions: permission: type: object properties: allow: { type: boolean } resource: { type: string } actions: type: array items: { type: string } pattern: (GET|POST|PUT|PATCH|DELETE) required: [allow, resource, actions] role: type: object properties: name: { type: string } description: { type: string } parents: type: array items: type: string minLength: 24 maxLength: 24 permissions: type: array items: $ref: "#/definitions/permission" required: [name, permissions] anyOf: - $ref: "#/definitions/role" - type: array items: $ref: "#/definitions/role" ''')) @falcon.before(permission_required) def on_post(self, req, resp): params = req.media if isinstance(params, dict): params = [params] roles = [] for param in params: permissions = [] for p in param['permissions']: actions = [Permission.Action.name_to_num( a.upper() ) for a in p['actions']] permissions.append(Permission( resource=p['resource'], allow=p['allow'], actions=actions, )) roles.append(Role( name=param['name'], description=param.get('description'), parents=param.get('parents', []), permissions=permissions, )) try: with Role.bulk() as bulk_context: for r in roles: r.bulk_save(bulk_context) except dberr.NotUniqueError as e: raise falcon.HTTPBadRequest( 'Role name already exists.' ) ret_value = [r.to_dict() for r in roles] if len(ret_value) == 0: resp.media = ret_value[0] else: resp.media = ret_value resp.status = falcon.HTTP_201
class RolePermissionCollectionApi(BaseApiResource): @falcon.after(add_list_index) @falcon.before(extract_params_object) @falcon.before(permission_required) def on_get(self, req, resp, role_id): role = req.context['role'] resp.media = [p.to_dict() for p in role.permissions] @falcon.after(add_list_index) @falcon.before(extract_params_object) @falcon.before(JsonSchema(''' definitions: permission: type: object properties: allow: { type: boolean } resource: { type: string } actions: type: array items: { type: string } pattern: (GET|POST|PUT|PATCH|DELETE) required: [allow, resource, actions] anyOf: - type: array items: $ref: "#/definitions/permission" - $ref: "#/definitions/permission" ''')) @falcon.before(permission_required) def on_post(self, req, resp, role_id): role = req.context['role'] params = req.media if isinstance(params, dict): params = [params] resp.media = [] permission_resources = [p.resource for p in role.permissions] for p in params: if p['resource'] not in permission_resources: permission = Permission( allow=p['allow'], resource=p['resource'], actions=[ Permission.Action.name_to_num(a) for a in p['actions'] ] ) role.permissions.append(permission) permission_resources.append(p) role.set(permissions=role.permissions) resp.media = [p.to_dict() for p in role.permissions] resp.status = falcon.HTTP_201 @falcon.before(extract_params_object) @falcon.before(JsonSchema(''' definitions: permission: type: object properties: allow: { type: boolean } resource: { type: string } actions: type: array items: { type: string } pattern: (GET|POST|PUT|PATCH|DELETE) required: [allow, resource, actions] type: array items: $ref: "#/definitions/permission" ''')) @falcon.before(permission_required) def on_put(self, req, resp, role_id): role = req.context['role'] params = req.media resp.media = [] permissions = [] for p in params: permission = Permission( allow=p['allow'], resource=p['resource'], actions=[ Permission.Action.name_to_num(a) for a in p['actions'] ] ) if permission in role.permissions: raise falcon.HTTPBadRequest( 'Duplicate permission %s' % p ) permissions.append(permission) role.permissions = permissions role.save() resp.media = [ p.to_dict() for p in role.permissions ]