def access(route, role_id, isOwner=False):
'''
@returns -1 if the route is not in the Rules table.
0 of the client is not allowed to perform this action.
1 if the client is allowed to perform this action.
@param route: The address to check. Either request.path or a link on the
site.
@param role_id: The clients current role_id.
@param isOwner: Whether the client owns the item associated with the requested
action.
'''
# This here is trying to figure out if this is a standard action (create,
# delete, update) and use the appropriate permission field. If it is
# not "view" is used.
actions = {
"/create$": lambda item: item.insert,
"/[^/]+/delete$": lambda item: item.remove,
"/[^/]+/update$": lambda item: item.change
}
try:
for key, value in actions.items():
if re.match("^.+" + key, route):
item = lookup(re.sub(key, "/", route), role_id)
if item: return has_permissions(value(item), isOwner)
item = lookup(route, role_id)
if item: return has_permissions(item.view, isOwner)
return 0
except ValueError:
Log.warning(__name__, "Invalid route accessed (%s)." % (route))
return -1
def write_data(cls, file, data):
try:
with open(file, 'wb') as f:
f.write(data)
except Exception as e:
Log.warning('%s: %s' % (e, file))
def write_file(cls, file, string, mode='w', encoding='utf-8'):
try:
with open(file, mode, encoding=encoding) as f:
f.write(string)
except Exception as e:
Log.warning('%s: %s' % (e, file))
def read_file(cls, file, encoding='utf-8'):
try:
with open(file, 'r', encoding=encoding) as f:
return f.read()
except Exception as e:
Log.warning('%s: %s' % (e, file))
