def update(policy_id, **kw): # 参数合法性检查. 如果不合法,直接报错. is_valid_kw(Policy, is_update=True, **kw) # 获取想要的记录 p = Policy.get('id', policy_id) # 如果找不到这条记录,报错 if not p: raise AttributeError("Could not find in policy with [id]=[%s]. So could not update it, either." % policy_id) for key_name in kw: if key_name in p: p[key_name] = kw[key_name] now = utc_8_now() p['update_time'] = now p.update()
def update(policy_id, **kw): # 参数合法性检查. 如果不合法,直接报错. is_valid_kw(Policy, is_update=True, **kw) # 获取想要的记录 p = Policy.get('id', policy_id) # 如果找不到这条记录,报错 if not p: raise AttributeError( "Could not find in policy with [id]=[%s]. So could not update it, either." % policy_id) for key_name in kw: if key_name in p: p[key_name] = kw[key_name] now = utc_8_now() p['update_time'] = now p.update()
def check(action: int, resource: Resource): """ Function to check the user access for a particular action on resource :return: bool """ logged_in_user = User.get( filters={'username': UserLogin.check_session().username})[0] user_roles = Role.get(filters={'id': logged_in_user.roles}) policies = [] for role in user_roles: policies.extend(role.policies) user_policies = Policy.get(filters={'id': policies}) resource_policies = [ policy for policy in user_policies if policy.resource == '*' or policy.resource == resource ] # check for the denied policy denied_policy = next( (policy for policy in resource_policies if policy.effect == 'deny' and ( policy.action == '*' or policy.action == action)), None) if denied_policy: return False # check for an allowed policy allowed_policy = next( (policy for policy in resource_policies if policy.effect == 'allow' and ( policy.action == '*' or policy.action == action)), None) if allowed_policy: return True return False