Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita611184

Browse files
committed
configure all access permissions in APIJSON_MODELS now, and rename roles to@ROLE in APIJSON_REQUESTS to fix previous misunderstanding
1 parentbf023f6 commita611184

File tree

3 files changed

+72
-29
lines changed

3 files changed

+72
-29
lines changed

‎demo/apps/apijson_demo/settings.ini

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,39 +6,44 @@ moment = 'apijson_demo.models.Moment'
66
[APIJSON_MODELS]
77
moment = {
88
"user_id_field" :"user_id",
9-
"GET" : {
10-
"roles" : ["OWNER"]
11-
},
12-
9+
"GET" : {"roles" : ["OWNER"] },
10+
"POST" : {"roles" : ["OWNER"] },
11+
"PUT" : {"roles" : ["OWNER"]},
12+
"DELETE" : {"roles" : ["OWNER"] },
1313
}
1414
comment = {
1515
"user_id_field" :"user_id",
16-
"GET" : {
17-
"roles" : ["OWNER"]
18-
},
16+
"GET" : {"roles" : ["OWNER"] },
17+
"POST" : {"roles" : ["OWNER"] },
18+
"PUT" : {"roles" : ["OWNER"] },
19+
"DELETE" : {"roles" : ["OWNER"] },
1920
}
2021

2122
[APIJSON_REQUESTS]
2223
moment = {
2324
"moment": {
2425
"POST" :{
25-
"ADD":{"roles":["OWNER"]},
26+
"ADD":{"@role":"OWNER"},
2627
"DISALLOW" : ["id"],
2728
"NECESSARY" : ["content"],
2829
},
2930
"PUT" :{
30-
"ADD":{"roles":["OWNER"]},
31-
"NECESSARY" : ["content"],
31+
"ADD":{"@role":"OWNER"},
32+
"NECESSARY" : ["id","content"],
3233
},
3334
}
3435
}
3536

3637
comment = {
3738
"comment": {
3839
"POST" :{
39-
"ADD" :{"roles":["OWNER"]},
40+
"ADD" :{"@role":"OWNER"},
4041
"DISALLOW" : ["id"],
4142
"NECESSARY" : ["content"]
42-
}
43+
},
44+
"PUT" :{
45+
"ADD":{"@role":"OWNER"},
46+
"NECESSARY" : ["id","content"],
47+
},
4348
}
4449
}

‎uliweb_apijson/apijson/settings.ini

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ OWNER = _('APIJSON OWNER'), 'uliweb.contrib.rbac.trusted', True
1010
user = {
1111
"user_id_field" :"id",
1212
"secret_fields" : ["password"],
13-
"GET" : {
14-
"roles" : ["ADMIN","OWNER"]
15-
}
13+
"GET" : {"roles" : ["ADMIN","OWNER"] },
14+
"POST" : {"roles" : ["ADMIN","OWNER"] },
15+
"PUT" : {"roles" : ["ADMIN","OWNER"] },
16+
"DELETE" : {"roles" : ["ADMIN","OWNER"] },
1617
}

‎uliweb_apijson/apijson/views.py

Lines changed: 51 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -268,6 +268,7 @@ def _post_one(self,key,tag):
268268
tag=tagorkey
269269
modelname=key
270270
params=self.request_data[key]
271+
params_role=params.get("@role")
271272

272273
try:
273274
model=getattr(models,modelname)
@@ -283,17 +284,33 @@ def _post_one(self,key,tag):
283284
ADD=request_setting_POST.get("ADD")
284285
permission_check_ok=False
285286
ifADD:
286-
roles=ADD.get("roles")
287+
ADD_role=ADD.get("@role")
288+
ifADD_roleandnotparams_role:
289+
params_role=ADD_role
290+
291+
POST=model_setting.get("POST")
292+
ifPOST:
293+
roles=POST.get("roles")
294+
ifparams_role:
295+
ifnotparams_roleinroles:
296+
returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})
297+
roles= [params_role]
298+
287299
ifroles:
288-
forrinroles:
289-
ifr=="OWNER":
300+
forroleinroles:
301+
ifrole=="OWNER":
290302
ifrequest.user:
291303
permission_check_ok=True
292-
ifuser_id_field:
293-
params[user_id_field]=request.user.id
294-
else:
295-
#need OWNER, but don't know how to set user id
296-
returnjson({"code":400,"msg":"no permission"})
304+
ifuser_id_field:
305+
params[user_id_field]=request.user.id
306+
else:
307+
#need OWNER, but don't know how to set user id
308+
returnjson({"code":400,"msg":"no permission"})
309+
break
310+
else:
311+
iffunctions.has_role(request.user,role):
312+
permission_check_ok=True
313+
break
297314
ifnotpermission_check_ok:
298315
returnjson({"code":400,"msg":"no permission"})
299316

@@ -347,6 +364,7 @@ def _put_one(self,key,tag):
347364
tag=tagorkey
348365
modelname=key
349366
params=self.request_data[key]
367+
params_role=params.get("@role")
350368

351369
try:
352370
model=getattr(models,modelname)
@@ -359,9 +377,14 @@ def _put_one(self,key,tag):
359377

360378
request_setting_model=request_setting_tag.get(modelname,{})
361379
request_setting_PUT=request_setting_model.get("PUT",{})
362-
ADD=request_setting_PUT.get("ADD")
363380
permission_check_ok=False
364381

382+
ADD=request_setting_PUT.get("ADD")
383+
ifADD:
384+
ADD_role=ADD.get("@role")
385+
ifADD_roleandnotparams_role:
386+
params_role=ADD_role
387+
365388
try:
366389
id_=params.get("id")
367390
ifnotid_:
@@ -371,17 +394,28 @@ def _put_one(self,key,tag):
371394
returnjson({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))})
372395
obj=model.get(id_)
373396

374-
ifADD:
375-
roles=ADD.get("roles")
397+
PUT=model_setting.get("PUT")
398+
ifPUT:
399+
roles=PUT.get("roles")
400+
ifparams_role:
401+
ifnotparams_roleinroles:
402+
returnjson({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})
403+
roles= [params_role]
376404
ifroles:
377-
forrinroles:
378-
ifr=="OWNER":
405+
forroleinroles:
406+
ifrole=="OWNER":
379407
ifrequest.user:
380408
ifuser_id_field:
381-
ifgetattr(obj,user_id_field)!=request.user.id:
409+
ifobj.to_dict().get(user_id_field)==request.user.id:
382410
permission_check_ok=True
411+
break
383412
else:
384413
returnjson({"code":400,"msg":"need login user"})
414+
else:
415+
iffunctions.has_role(request.user,role):
416+
permission_check_ok=True
417+
break
418+
385419
ifnotpermission_check_ok:
386420
returnjson({"code":400,"msg":"no permission"})
387421

@@ -409,3 +443,6 @@ def _put_one(self,key,tag):
409443
self.rdict["code"]=400
410444
self.rdict["message"]="fail"
411445
self.rdict[key]=obj_dict
446+
447+
defdelete(self):
448+
returnjson(self.rdict)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp