Commit89702f0

committed

now apijson get OWNER role should be given in parameters explicitly; code 401 change to 400

1 parent7228135 commit89702f0Copy full SHA for 89702f0

File tree

2 files changed

+49

-74

lines changed

demo/apps/apijson_demo
- views.py
uliweb_apijson/apijson
- views.py

2 files changed

+49

-74

lines changed

`‎demo/apps/apijson_demo/views.py`

Lines changed: 8 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,25 +11,28 @@ def index():`
`11`	`11`
`12`	`12`	`request_get= [`
`13`	`13`	`{`
`14`		`-"label":"Single record query:no parameter",`
	`14`	`+"label":"Single record query:self user",`
`15`	`15`	`"value":'''{`
`16`	`16`	`"user":{`
	`17`	`+ "@role":"OWNER"`
`17`	`18`	`}`
`18`	`19`	`}''',`
`19`	`20`	`},`
`20`	`21`	`{`
`21`	`22`	`"label":"Single record query: with id as parameter",`
`22`	`23`	`"value":'''{`
`23`	`24`	`"user":{`
`24`		`- "id":1`
	`25`	`+ "id":2,`
	`26`	`+ "@role":"ADMIN"`
`25`	`27`	`}`
`26`	`28`	`}''',`
`27`	`29`	`},`
`28`	`30`	`{`
`29`	`31`	`"label":"Single record query: @column",`
`30`	`32`	`"value":'''{`
`31`	`33`	`"user":{`
`32`		`- "@column": "id,username,email"`
	`34`	`+ "@column": "id,username,email",`
	`35`	`+ "@role":"OWNER"`
`33`	`36`	`}`
`34`	`37`	`}''',`
`35`	`38`	`},`
`@@ -41,7 +44,8 @@ def index():`
`41`	`44`	`"@page":0,`
`42`	`45`	`"user":{`
`43`	`46`	`"@column":"id,username,nickname,email",`
`44`		`- "@order":"id-"`
	`47`	`+ "@order":"id-",`
	`48`	`+ "@role":"ADMIN"`
`45`	`49`	`}`
`46`	`50`	`}`
`47`	`51`	`}''',`

`‎uliweb_apijson/apijson/views.py`

Lines changed: 41 additions & 70 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,45 +44,30 @@ def _get_one(self,key):`
`44`	`44`	`model_column_set=None`
`45`	`45`	`q=model.all()`
`46`	`46`
`47`		`-GET=model_setting.get("GET",{})`
	`47`	`+GET=model_setting.get("GET")`
`48`	`48`	`ifnotGET:`
`49`		`-returnjson({"code":401,"msg":"'%s' not accessible"%(modelname)})`
	`49`	`+returnjson({"code":400,"msg":"'%s' not accessible"%(modelname)})`
`50`	`50`
`51`	`51`	`roles=GET.get("roles")`
`52`		`-perms=GET.get("perms")`
`53`	`52`	`permission_check_ok=False`
`54`		`-user_role=None`
`55`		`-ifparams_role:`
`56`		`-ifparams_rolenotinroles:`
`57`		`-returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`58`		`-iffunctions.has_role(request.user,params_role):`
`59`		`-permission_check_ok=True`
`60`		`-user_role=params_role`
	`53`	`+ifnotparams_role:`
	`54`	`+ifrequest.user:`
	`55`	`+params_role="LOGIN"`
`61`	`56`	`else:`
`62`		`-returnjson({"code":401,"msg":"user doesn't have role '%s'"%(params_role)})`
`63`		`-ifnotpermission_check_okandroles:`
`64`		`-forroleinroles:`
`65`		`-iffunctions.has_role(request.user,role):`
`66`		`-permission_check_ok=True`
`67`		`-user_role=role`
`68`		`-break`
`69`		`-`
`70`		`-ifnotpermission_check_okandperms:`
`71`		`-forperminperms:`
`72`		`-iffunctions.has_permission(request.user,perm):`
`73`		`-permission_check_ok=True`
`74`		`-break`
`75`		`-`
	`57`	`+params_role="UNKNOWN"`
	`58`	`+ifparams_rolenotinroles:`
	`59`	`+returnjson({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
	`60`	`+iffunctions.has_role(request.user,params_role):`
	`61`	`+permission_check_ok=True`
	`62`	`+else:`
	`63`	`+returnjson({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})`
`76`	`64`	`ifnotpermission_check_ok:`
`77`		`-returnjson({"code":401,"msg":"no permission"})`
`78`		`-`
`79`		`-filtered=False`
	`65`	`+returnjson({"code":400,"msg":"no permission"})`
`80`	`66`
`81`		`-ifuser_role=="OWNER":`
	`67`	`+ifparams_role=="OWNER":`
`82`	`68`	`owner_filtered,q=self._filter_owner(model,model_setting,q)`
`83`	`69`	`ifnotowner_filtered:`
`84`		`-returnjson({"code":401,"msg":"'%s' cannot filter with owner"%(modelname)})`
`85`		`-filtered=True`
	`70`	`+returnjson({"code":400,"msg":"'%s' cannot filter with owner"%(modelname)})`
`86`	`71`
`87`	`72`	`params=self.request_data[key]`
`88`	`73`	`ifisinstance(params,dict):`
`@@ -92,12 +77,8 @@ def _get_one(self,key):`
`92`	`77`	`model_column_set=set(params[n].split(","))`
`93`	`78`	`elifhasattr(model,n):`
`94`	`79`	`q=q.filter(getattr(model.c,n)==params[n])`
`95`		`-filtered=True`
`96`	`80`	`else:`
`97`	`81`	`returnjson({"code":400,"msg":"'%s' have no attribute '%s'"%(modelname,n)})`
`98`		`-#default filter is trying to filter with owner`
`99`		`-ifnotfilteredandrequest.user:`
`100`		`-owner_filtered,q=self._filter_owner(model,model_setting,q)`
`101`	`82`	`o=q.one()`
`102`	`83`	`ifo:`
`103`	`84`	`o=o.to_dict()`
`@@ -166,45 +147,32 @@ def _get_array(self,key):`
`166`	`147`
`167`	`148`	`q=model.all()`
`168`	`149`
`169`		`-#rbac check begin`
`170`		`-GET=model_setting.get("GET",{})`
	`150`	`+GET=model_setting.get("GET")`
`171`	`151`	`ifnotGET:`
`172`		`-returnjson({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})`
	`152`	`+returnjson({"code":400,"msg":"'%s' not accessible by apijson"%(modelname)})`
`173`	`153`
`174`	`154`	`roles=GET.get("roles")`
`175`		`-perms=GET.get("perms")`
`176`		`-params_role=params.get("@role")`
	`155`	`+params_role=model_param.get("@role")`
`177`	`156`	`permission_check_ok=False`
`178`		`-user_role=None`
`179`		`-ifparams_role:`
`180`		`-ifparams_rolenotinroles:`
`181`		`-returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`182`		`-iffunctions.has_role(request.user,params_role):`
`183`		`-permission_check_ok=True`
`184`		`-user_role=params_role`
	`157`	`+ifnotparams_role:`
	`158`	`+ifrequest.user:`
	`159`	`+params_role="LOGIN"`
`185`	`160`	`else:`
`186`		`-returnjson({"code":401,"msg":"user doesn't have role '%s'"%(params_role)})`
`187`		`-ifnotpermission_check_okandroles:`
`188`		`-forroleinroles:`
`189`		`-iffunctions.has_role(request.user,role):`
`190`		`-permission_check_ok=True`
`191`		`-user_role=role`
`192`		`-break`
`193`		`-`
`194`		`-ifnotpermission_check_okandperms:`
`195`		`-forperminperms:`
`196`		`-iffunctions.has_permission(request.user,perm):`
`197`		`-permission_check_ok=True`
`198`		`-break`
	`161`	`+params_role="UNKNOWN"`
	`162`	`+ifparams_rolenotinroles:`
	`163`	`+returnjson({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
	`164`	`+iffunctions.has_role(request.user,params_role):`
	`165`	`+permission_check_ok=True`
	`166`	`+else:`
	`167`	`+returnjson({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})`
`199`	`168`
`200`	`169`	`ifnotpermission_check_ok:`
`201`		`-returnjson({"code":401,"msg":"no permission"})`
`202`		`-#rbac check end`
	`170`	`+returnjson({"code":400,"msg":"no permission"})`
`203`	`171`
`204`		`-ifuser_role=="OWNER":`
	`172`	`+ifparams_role=="OWNER":`
`205`	`173`	`owner_filtered,q=self._filter_owner(model,model_setting,q)`
`206`	`174`	`ifnotowner_filtered:`
`207`		`-returnjson({"code":401,"msg":"'%s' cannot filter with owner"%(modelname)})`
	`175`	`+returnjson({"code":400,"msg":"'%s' cannot filter with owner"%(modelname)})`
`208`	`176`
`209`	`177`	`ifquery_count:`
`210`	`178`	`ifquery_page:`
`@@ -271,9 +239,9 @@ def _head(self,key):`
`271`	`239`
`272`	`240`	`q=model.all()`
`273`	`241`
`274`		`-HEAD=model_setting.get("HEAD",{})`
	`242`	`+HEAD=model_setting.get("HEAD")`
`275`	`243`	`ifnotHEAD:`
`276`		`-returnjson({"code":401,"msg":"'%s' not accessible"%(modelname)})`
	`244`	`+returnjson({"code":400,"msg":"'%s' not accessible"%(modelname)})`
`277`	`245`
`278`	`246`	`roles=HEAD.get("roles")`
`279`	`247`	`permission_check_ok=False`
`@@ -283,11 +251,14 @@ def _head(self,key):`
`283`	`251`	`else:`
`284`	`252`	`params_role="UNKNOWN"`
`285`	`253`	`ifparams_rolenotinroles:`
`286`		`-returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
	`254`	`+returnjson({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`287`	`255`	`iffunctions.has_role(request.user,params_role):`
`288`	`256`	`permission_check_ok=True`
`289`	`257`	`else:`
`290`		`-returnjson({"code":401,"msg":"user doesn't have role '%s'"%(params_role)})`
	`258`	`+returnjson({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})`
	`259`	`+ifnotpermission_check_ok:`
	`260`	`+returnjson({"code":400,"msg":"no permission"})`
	`261`	`+`
`291`	`262`	`ifparams_role=="OWNER":`
`292`	`263`	`owner_filtered,q=self._filter_owner(model,model_setting,q)`
`293`	`264`	`ifnotowner_filtered:`
`@@ -352,7 +323,7 @@ def _post_one(self,key,tag):`
`352`	`323`	`roles=POST.get("roles")`
`353`	`324`	`ifparams_role:`
`354`	`325`	`ifnotparams_roleinroles:`
`355`		`-returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
	`326`	`+returnjson({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`356`	`327`	`roles= [params_role]`
`357`	`328`
`358`	`329`	`ifroles:`
`@@ -462,7 +433,7 @@ def _put_one(self,key,tag):`
`462`	`433`	`roles=PUT.get("roles")`
`463`	`434`	`ifparams_role:`
`464`	`435`	`ifnotparams_roleinroles:`
`465`		`-returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
	`436`	`+returnjson({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`466`	`437`	`roles= [params_role]`
`467`	`438`	`ifroles:`
`468`	`439`	`forroleinroles:`
`@@ -560,7 +531,7 @@ def _delete_one(self,key,tag):`
`560`	`531`	`roles=DELETE.get("roles")`
`561`	`532`	`ifparams_role:`
`562`	`533`	`ifnotparams_roleinroles:`
`563`		`-returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
	`534`	`+returnjson({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`564`	`535`	`roles= [params_role]`
`565`	`536`	`ifroles:`
`566`	`537`	`forroleinroles:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit89702f0

File tree

2 files changed

2 files changed

`‎demo/apps/apijson_demo/views.py`

`‎uliweb_apijson/apijson/views.py`

0 commit comments