Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb9dba54

Browse files
committed
for apijson get, support case when setting inAPIJSON_MODELS only define permissions no roles
1 parent2a4357c commitb9dba54

File tree

3 files changed

+44
-16
lines changed

3 files changed

+44
-16
lines changed

‎tests/demo/apps/apijson_demo/settings.ini

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ comment = {
4747
"PUT" : {"roles" : ["OWNER","ADMIN"] },
4848
"DELETE" : {"roles" : ["OWNER","ADMIN"] },
4949
}
50+
# only define permissions, no roles
5051
comment2 = {
5152
"user_id_field" :"user_id",
5253
"GET" : {"permissions":["get_comment2"] },

‎tests/test.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1764,6 +1764,17 @@ def test_apijson_permission():
17641764
>>> print(d)
17651765
{'code': 200, 'msg': 'success', 'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}
17661766
1767+
>>> #apijson get, query array
1768+
>>> data ='''{
1769+
... "[]":{
1770+
... "comment2": {"@role":"ADMIN"}
1771+
... }
1772+
... }'''
1773+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("admin"), middlewares=[])
1774+
>>> d = json_loads(r.data)
1775+
>>> print(d)
1776+
{'code': 200, 'msg': 'success', '[]': [{'comment2': {'user_id': 1, 'to_id': 3, 'moment_id': 1, 'date': '2018-11-01 00:00:00', 'content': 'comment from admin', 'id': 1}}, {'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}, {'comment2': {'user_id': 3, 'to_id': 2, 'moment_id': 2, 'date': '2018-12-02 00:00:00', 'content': 'comment from userb to usera', 'id': 3}}, {'comment2': {'user_id': 4, 'to_id': 2, 'moment_id': 3, 'date': '2018-12-09 00:00:00', 'content': 'comment from userc to usera', 'id': 4}}]}
1777+
17671778
>>> #apijson head
17681779
>>> data ='''{
17691780
... "comment2": {

‎uliweb_apijson/apijson/__init__.py

Lines changed: 32 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -88,23 +88,39 @@ def _check_GET_permission(self):
8888

8989
roles=GET.get("roles")
9090
params_role=self.params.get("@role")
91-
92-
ifnotparams_role:
93-
ifhasattr(request,"user"):
94-
params_role="LOGIN"
91+
user=getattr(request,"user",None)
92+
93+
ifroles:
94+
ifnotparams_role:
95+
ifuser:
96+
params_role="LOGIN"
97+
else:
98+
params_role="UNKNOWN"
99+
elifparams_role!="UNKNOWN":
100+
ifnotuser:
101+
raiseUliwebError("no login user for role '%s'"% (params_role))
102+
ifparams_rolenotinroles:
103+
raiseUliwebError("'%s' not accessible by role '%s'"% (self.name,params_role))
104+
ifparams_role=="UNKNOWN":
105+
self.permission_check_ok=True
106+
eliffunctions.has_role(user,params_role):
107+
self.permission_check_ok=True
95108
else:
96-
params_role="UNKNOWN"
97-
elifparams_role!="UNKNOWN":
98-
ifnothasattr(request,"user"):
99-
raiseUliwebError("no login user for role '%s'"%(params_role))
100-
ifparams_rolenotinroles:
101-
raiseUliwebError("'%s' not accessible by role '%s'"%(self.name,params_role))
102-
ifparams_role=="UNKNOWN":
103-
self.permission_check_ok=True
104-
eliffunctions.has_role(request.user,params_role):
105-
self.permission_check_ok=True
106-
else:
107-
raiseUliwebError("user doesn't have role '%s'"%(params_role))
109+
raiseUliwebError("user doesn't have role '%s'"% (params_role))
110+
ifnotself.permission_check_ok:
111+
perms=GET.get("permissions")
112+
ifperms:
113+
ifparams_role:
114+
role,msg=functions.has_permission_as_role(user,params_role,*perms)
115+
ifrole:
116+
self.permission_check_ok=True
117+
else:
118+
role=functions.has_permission(user,*perms)
119+
ifrole:
120+
role_name=getattr(role,"name")
121+
ifrole_name:
122+
self.permission_check_ok=True
123+
params_role=role_name
108124

109125
ifnotself.permission_check_ok:
110126
raiseUliwebError("no permission")

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp