def test_permission_difference():
p1 = Permission(('a', 'b'), ('a', 'c'))
p2 = Permission(('a', 'c'), ('d', 'e'))
p3 = p1.difference(p2)
assert p3.needs == set([('a', 'b')])
p4 = p2.difference(p1)
assert p4.needs == set([('d', 'e')])
def test_contains():
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
p2 = Permission(RoleNeed('lackey'))
assert p2.issubset(p1)
assert p2 in p1
def test_contains():
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
p2 = Permission(RoleNeed('lackey'))
assert p2.issubset(p1)
assert p2 in p1
def test_permission_or():
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
p2 = Permission(RoleNeed('lackey'), RoleNeed('underling'))
p3 = p1 | p2
p4 = p1.difference(p2)
assert p3.needs == p4.needs
def test_permission_and():
p1 = Permission(RoleNeed('boss'))
p2 = Permission(RoleNeed('lackey'))
p3 = p1 & p2
p4 = p1.union(p2)
assert p3.needs == p4.needs
def test_permission_and():
p1 = Permission(RoleNeed('boss'))
p2 = Permission(RoleNeed('lackey'))
p3 = p1 & p2
p4 = p1.union(p2)
assert p3.needs == p4.needs
def test_permission_or():
p1 = Permission(RoleNeed('boss'), RoleNeed('lackey'))
p2 = Permission(RoleNeed('lackey'), RoleNeed('underling'))
p3 = p1 | p2
p4 = p1.difference(p2)
assert p3.needs == p4.needs
def view(self):
if self.access == Post.PUBLIC:
return Permission()
if self.access == Post.FRIENDS:
needs = [UserNeed(User.query.get(user_id).username) for user_id in \
self.author.friends]
return self.default & Permission(*needs)
return self.default
def send_message(self):
if not self.receive_email:
return null
needs = [UserNeed(username) for username in self.friends]
if not needs:
return null
return Permission(*needs)
def test_permission_difference():
p1 = Permission(('a', 'b'), ('a', 'c'))
p2 = Permission(('a', 'c'), ('d', 'e'))
p3 = p1.difference(p2)
assert p3.needs == set([('a', 'b')])
p4 = p2.difference(p1)
assert p4.needs == set([('d', 'e')])
def delete(self):
return Permission(UserNeed(self.obj.author_id),
UserNeed(self.obj.post.author_id)) & moderator
perm = perm.union(x)
return perm
class Permissions(dict):
def __getattr__(self, attr):
try:
return self[attr]
except:
return super(self, dict).attr
def __setattr__(self, attr, value):
self[attr] = value
permissions = Permissions()
permissions.read = Permission(RoleNeed('read'))
permissions.insert = Permission(RoleNeed('insert'))
permissions.modify = Permission(RoleNeed('modify'))
permissions.delete = Permission(RoleNeed('delete'))
permissions.full_access = permission(permissions.delete, permissions.insert,
permissions.modify, permissions.read)
@identity_loaded.connect
def set_owned_by(sender, identity):
permissions.owned_by = Permission(UserNeed(identity.user))
permissions.modify_own_content = permission(permissions.owned_by,
permissions.full_access)
def test_reverse_permission():
p = Permission(('a', 'b'))
d = p.reverse()
print d.excludes
assert ('a', 'b') in d.excludes
def test_reverse_permission():
p = Permission(('a', 'b'))
d = p.reverse()
print d.excludes
assert ('a', 'b') in d.excludes
def default(self):
return Permission(UserNeed(self.author.username)) & moderator
from flask import Flask, Response, redirect, url_for, request, session, abort
from flaskext.principal import Identity, Principal, RoleNeed, UserNeed, \
Permission, identity_changed, identity_loaded
app = Flask(__name__)
# config
app.config.update(DEBUG=True, SECRET_KEY='secret_xxx')
# flask-principal
principals = Principal()
normal_role = RoleNeed('normal')
normal_permission = Permission(normal_role)
principals._init_app(app)
# silly user model
class User(object):
def __init__(self, id):
self.id = id
self.name = "user" + str(id)
self.password = self.name + "_secret"
def __repr__(self):
return "%d/%s/%s" % (self.id, self.name, self.password)
# create some users with ids 1 to 20
users = [User(id) for id in range(1, 21)]
except:
pass
import datetime
from flask import Flask, Response, session, request, redirect, url_for
from flaskext.principal import Principal, Permission, RoleNeed, ActionNeed, PermissionDenied, identity_changed, identity_loaded, Identity
app = Flask(__name__)
#配置app参数
app.config.update(
#使用session必须要配置secret key
SECRET_KEY=os.urandom(32).encode('hex'))
#集成principal支持
principal = Principal(app)
#配置某种操作的权限
sayHiPermission = Permission(ActionNeed('sayHi'))
#配置登录用户权限,只要用户登录了就授予该权限
loginPermission = Permission(RoleNeed('loginUser'))
#配置某角色权限
adminRolePermission = Permission(RoleNeed('adminRole'))
#设置无权限处理器
@app.errorhandler(PermissionDenied)
def permissionDenied(error):
print '该操作(' + request.url + ')需要的访问权限为:' + str(error.args[0].needs)
#先记录来源地址
session['redirected_from'] = request.url
#如果用户已登录则显示无权限页面
if session.get('identity.name'):
return '访问被拒绝!<br/>该问该页面(' + request.url + ')需要的权限是' + str(
def delete(self):
return Permission(UserNeed(self.obj.pk)) & sa
def edit(self):
return Permission(UserNeed(self.obj.pk)) & sa
#! /usr/bin/env python
#coding=utf-8
from flaskext.principal import RoleNeed, Permission
admin_permission = Permission(RoleNeed('admin'))
moderator_permission = Permission(RoleNeed('moderator'))
auth_permission = Permission(RoleNeed('authenticated'))
# this is assigned when you want to block a permission to all
# never assign this role to anyone !
null_permission = Permission(RoleNeed('null'))
def set_owned_by(sender, identity):
permissions.owned_by = Permission(UserNeed(identity.user))
permissions.modify_own_content = permission(permissions.owned_by,
permissions.full_access)
def permission(*roles):
perm = Permission(RoleNeed('none'))
for x in roles:
perm = perm.union(x)
return perm
def default(self):
return Permission(UserNeed(self.author_id)) & moderator
def permission(*roles):
perm = Permission(RoleNeed('none'))
for x in roles:
perm = perm.union(x)
return perm
# coding: utf-8
from flaskext.principal import RoleNeed, Permission
sa = Permission(RoleNeed('admin'))
normal = Permission(RoleNeed('auth'))
# this is assigned when you want to block a permission to all
# never assign this role to anyone !
null = Permission(RoleNeed('null'))
def default(self):
return Permission(UserNeed(self.owner.username))
from flask import Flask, Response
from flaskext.principal import Principal, Permission, Denial, RoleNeed, \
PermissionDenied, identity_changed, Identity, identity_loaded
def _on_principal_init(sender, identity):
if identity.name == 'ali':
identity.provides.add(RoleNeed('admin'))
class ReraiseException(Exception):
"""For checking reraising"""
admin_permission = Permission(RoleNeed('admin'))
anon_permission = Permission()
admin_or_editor = Permission(RoleNeed('admin'), RoleNeed('editor'))
editor_permission = Permission(RoleNeed('editor'))
admin_denied = Denial(RoleNeed('admin'))
def mkapp():
app = Flask(__name__)
app.secret_key = 'notverysecret'
app.debug = True
p = Principal(app)
def delete(self):
return Permission(UserNeed(self.author.username)) & admin
import os
import inspect
import json
import re
from datetime import datetime
from flask import (Blueprint, render_template, abort, request, flash, redirect,
url_for, Response)
from flask.views import MethodView
from flaskext.login import login_required
from flaskext.principal import Permission, Need
from wtforms.form import FormMeta
from wtforms.widgets import HTMLString, html_params
from flaskext import wtf
PERMISSIONS = Permission(Need('role', 'admin'))
def _get_admin_dir():
''' get absolute path to flaskext.admin folder '''
return os.path.dirname(inspect.getfile(inspect.currentframe()))
APP = Blueprint(
'admin',
'admin',
static_folder=os.path.join(_get_admin_dir(), 'static'),
template_folder=os.path.join(_get_admin_dir(), 'templates'),
)
APP.dict_models = {}
def test_permission_union_denial():
p1 = Permission(('a', 'b'))
p2 = Denial(('a', 'c'))
p3 = p1.union(p2)
assert p1.issubset(p3)
assert p2.issubset(p3)
def edit(self):
return Permission(UserNeed(self.obj.author_id))
def test_permission_union_denial():
p1 = Permission(('a', 'b'))
p2 = Denial(('a', 'c'))
p3 = p1.union(p2)
assert p1.issubset(p3)
assert p2.issubset(p3)
def reply(self):
return Permission(UserNeed(self.obj.post.author_id))
from flaskext.principal import Permission, RoleNeed,\
UserNeed
# define permissions
admin = Permission(RoleNeed('admin'))
moderator = Permission(RoleNeed('moderator'))
auth = Permission(RoleNeed('authenticated'))
# this is assigned when you want to block a permission to all
# never assign this role to anyone !
null = Permission(RoleNeed('null'))
class Permissions(object):
def __init__(self, obj):
self.obj = obj
def __getattr__(self, name):
return getattr(self.obj, name)
from .app import app
from flask import Flask, Response
from flaskext.principal import Principal, Permission, RoleNeed
principals = Principal(app)
admin_permission = Permission(RoleNeed('admin'))
#######################################################################
#######################################################################
from flask import current_app
from flaskext.principal import Identity, identity_changed
def login_view(req):
username = req.form.get('username')
identity_changed.send(current_app._get_current_object(),
identity=Identity(username))
#######################################################################
#######################################################################
from flaskext import principal
identity_loaded = principal.identity_loaded
#from flaskext.principal import indentity_loaded
## from pprint import pprint
## pprint(dir(principal))
## #pprint(principal)
def edit(self):
return Permission(UserNeed(self.obj.id)) & admin
def delete(self):
return Permission(UserNeed(self.obj.author.pk)) & \
Permission(UserNeed(self.obj.gist.author.pk)) & admin