Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitbf023f6

Browse files
committed
modify rbac_get to GET; add apijson put support
1 parent04b85da commitbf023f6

File tree

5 files changed

+166
-34
lines changed

5 files changed

+166
-34
lines changed

‎demo/apps/apijson_demo/settings.ini

Lines changed: 20 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -6,36 +6,39 @@ moment = 'apijson_demo.models.Moment'
66
[APIJSON_MODELS]
77
moment = {
88
"user_id_field" :"user_id",
9-
"rbac_get" : {
9+
"GET" : {
1010
"roles" : ["OWNER"]
1111
},
12-
"rbac_post" : {
13-
"roles" : ["OWNER"]
14-
}
12+
1513
}
1614
comment = {
1715
"user_id_field" :"user_id",
18-
"rbac_get" : {
16+
"GET" : {
1917
"roles" : ["OWNER"]
2018
},
21-
"rbac_post" : {
22-
"roles" : ["OWNER"]
23-
}
2419
}
2520

2621
[APIJSON_REQUESTS]
2722
moment = {
28-
"moment": {
29-
"ADD" :{"@role": ["OWNER"]},
30-
"DISALLOW" : ["id"],
31-
"NECESSARY" : ["content"]
32-
}
23+
"moment": {
24+
"POST" :{
25+
"ADD":{"roles": ["OWNER"]},
26+
"DISALLOW" : ["id"],
27+
"NECESSARY" : ["content"],
28+
},
29+
"PUT" :{
30+
"ADD":{"roles": ["OWNER"]},
31+
"NECESSARY" : ["content"],
32+
},
33+
}
3334
}
3435

3536
comment = {
36-
"comment": {
37-
"ADD" :{"@role": ["OWNER"]},
38-
"DISALLOW" : ["id"],
39-
"NECESSARY" : ["content"]
37+
"comment": {
38+
"POST" :{
39+
"ADD" :{"roles": ["OWNER"]},
40+
"DISALLOW" : ["id"],
41+
"NECESSARY" : ["content"]
42+
}
4043
}
4144
}

‎demo/apps/apijson_demo/templates/index.html

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,19 @@
4545
</i-col>
4646
</Row>
4747

48+
<Rowv-if="tab_current==='tab_put'">
49+
<i-colspan="3"><divalign="center">PUT URL</div></i-col>
50+
<i-colspan="8"><i-inputvalue="/apijson/put"readonly/></i-col>
51+
</Row>
52+
<Rowv-if="tab_current==='tab_put'">
53+
<i-colspan="3"><divalign="center"><strong>apijson put</strong> request examples</div></i-col>
54+
<i-colspan="8">
55+
<i-selectv-model="request_data">
56+
<i-optionv-for="item in request_put":value="item.value":key="item.value">{ item.label }</i-option>
57+
</i-select>
58+
</i-col>
59+
</Row>
60+
4861
<Row>
4962
<i-colspan="3"><divalign="center">request data</div></i-col>
5063
<i-colspan="8"><i-inputv-model="request_data"type="textarea":autosize="{minRows: 3,maxRows: 15}"placeholder="request data"/></i-col>
@@ -62,13 +75,15 @@
6275
data:{
6376
request_get :{{=request_get_json}},
6477
request_post :{{=request_post_json}},
78+
request_put :{{=request_put_json}},
6579
request_data :"",
6680
can_post :true,
6781
response_data :"",
6882
tab_current :"tab_get",
6983
tab2url :{
7084
"tab_get":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.get')}}",
71-
"tab_post":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.post')}}"
85+
"tab_post":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.post')}}",
86+
"tab_put":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.put')}}"
7287
}
7388
},
7489
methods:{
@@ -102,6 +117,9 @@
102117
elseif(n=="tab_post"){
103118
vm.request_data=vm.request_post[0].value
104119
}
120+
elseif(n=="tab_put"){
121+
vm.request_data=vm.request_put[0].value
122+
}
105123
vm.response_data=""
106124
}
107125
}

‎demo/apps/apijson_demo/views.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,8 +84,22 @@ def index():
8484
},
8585
]
8686

87+
request_put= [
88+
{
89+
"label":"Modify moment",
90+
"value":'''{
91+
"moment": {
92+
"id": 1,
93+
"content": "modify moment content"
94+
},
95+
"tag": "moment"
96+
}''',
97+
},
98+
]
99+
87100
return {
88101
"user_info":user_info,
89102
"request_get_json":dumps(request_get),
90103
"request_post_json":dumps(request_post),
104+
"request_put_json":dumps(request_put),
91105
}

‎uliweb_apijson/apijson/settings.ini

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ OWNER = _('APIJSON OWNER'), 'uliweb.contrib.rbac.trusted', True
1010
user = {
1111
"user_id_field" :"id",
1212
"secret_fields" : ["password"],
13-
"rbac_get" : {
13+
"GET" : {
1414
"roles" : ["ADMIN","OWNER"]
1515
}
1616
}

‎uliweb_apijson/apijson/views.py

Lines changed: 112 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,12 @@ def _get_one(self,key):
4444
q=model.all()
4545

4646
#rbac check begin
47-
rbac_get=model_setting.get("rbac_get",{})
48-
ifnotrbac_get:
47+
GET=model_setting.get("GET",{})
48+
ifnotGET:
4949
returnjson({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})
5050

51-
roles=rbac_get.get("roles")
52-
perms=rbac_get.get("perms")
51+
roles=GET.get("roles")
52+
perms=GET.get("perms")
5353
params_role=params.get("@role")
5454
permission_check_ok=False
5555
user_role=None
@@ -169,12 +169,12 @@ def _get_array(self,key):
169169
q=model.all()
170170

171171
#rbac check begin
172-
rbac_get=model_setting.get("rbac_get",{})
173-
ifnotrbac_get:
172+
GET=model_setting.get("GET",{})
173+
ifnotGET:
174174
returnjson({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})
175175

176-
roles=rbac_get.get("roles")
177-
perms=rbac_get.get("perms")
176+
roles=GET.get("roles")
177+
perms=GET.get("perms")
178178
params_role=params.get("@role")
179179
permission_check_ok=False
180180
user_role=None
@@ -277,38 +277,135 @@ def _post_one(self,key,tag):
277277
exceptModelNotFoundase:
278278
log.error("try to find model '%s' but not found: '%s'"%(modelname,e))
279279
returnjson({"code":400,"msg":"model '%s' not found"%(modelname)})
280-
281280

282-
request_setting=request_setting_tag.get(modelname,{})
283-
ADD=request_setting.get("ADD")
281+
request_setting_model=request_setting_tag.get(modelname,{})
282+
request_setting_POST=request_setting_model.get("POST",{})
283+
ADD=request_setting_POST.get("ADD")
284284
permission_check_ok=False
285285
ifADD:
286-
_role=ADD.get("@role")
287-
if_role:
288-
forrin_role:
286+
roles=ADD.get("roles")
287+
ifroles:
288+
forrinroles:
289289
ifr=="OWNER":
290290
ifrequest.user:
291291
permission_check_ok=True
292292
ifuser_id_field:
293293
params[user_id_field]=request.user.id
294+
else:
295+
#need OWNER, but don't know how to set user id
296+
returnjson({"code":400,"msg":"no permission"})
294297
ifnotpermission_check_ok:
295298
returnjson({"code":400,"msg":"no permission"})
296299

297-
DISALLOW=request_setting.get("DISALLOW")
300+
DISALLOW=request_setting_POST.get("DISALLOW")
298301
ifDISALLOW:
299302
forfieldinDISALLOW:
300303
iffieldinparams:
301304
log.error("request '%s' disallow '%s'"%(tag,field))
302305
returnjson({"code":400,"msg":"request '%s' disallow '%s'"%(tag,field)})
303306

307+
NECESSARY=request_setting_POST.get("NECESSARY")
308+
ifNECESSARY:
309+
forfieldinNECESSARY:
310+
iffieldnotinparams:
311+
log.error("request '%s' don't have necessary field '%s'"%(tag,field))
312+
returnjson({"code":400,"msg":"request '%s' don't have necessary field '%s'"%(tag,field)})
313+
304314
obj=model(**params)
305315
ret=obj.save()
306316
obj_dict=obj.to_dict(convert=False)
317+
secret_fields=model_setting.get("secret_fields")
318+
ifsecret_fields:
319+
forkinsecret_fields:
320+
delobj_dict[k]
321+
307322
ifret:
308323
obj_dict["code"]=200
309324
obj_dict["message"]="success"
310325
else:
311326
obj_dict["code"]=400
312327
obj_dict["message"]="fail"
328+
self.rdict["code"]=400
329+
self.rdict["message"]="fail"
330+
331+
self.rdict[key]=obj_dict
332+
333+
defput(self):
334+
tag=self.request_data.get("@tag")
335+
forkeyinself.request_data:
336+
ifkey[0]!="@":
337+
rsp=self._put_one(key,tag)
338+
ifrsp:
339+
returnrsp
340+
else:
341+
#only accept one table
342+
returnjson(self.rdict)
343+
344+
returnjson(self.rdict)
345+
346+
def_put_one(self,key,tag):
347+
tag=tagorkey
348+
modelname=key
349+
params=self.request_data[key]
350+
351+
try:
352+
model=getattr(models,modelname)
353+
model_setting=settings.APIJSON_MODELS.get(modelname,{})
354+
request_setting_tag=settings.APIJSON_REQUESTS.get(tag,{})
355+
user_id_field=model_setting.get("user_id_field")
356+
exceptModelNotFoundase:
357+
log.error("try to find model '%s' but not found: '%s'"%(modelname,e))
358+
returnjson({"code":400,"msg":"model '%s' not found"%(modelname)})
359+
360+
request_setting_model=request_setting_tag.get(modelname,{})
361+
request_setting_PUT=request_setting_model.get("PUT",{})
362+
ADD=request_setting_PUT.get("ADD")
363+
permission_check_ok=False
364+
365+
try:
366+
id_=params.get("id")
367+
ifnotid_:
368+
returnjson({"code":400,"msg":"id param needed"})
369+
id_=int(id_)
370+
exceptValueErrorase:
371+
returnjson({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))})
372+
obj=model.get(id_)
313373

374+
ifADD:
375+
roles=ADD.get("roles")
376+
ifroles:
377+
forrinroles:
378+
ifr=="OWNER":
379+
ifrequest.user:
380+
ifuser_id_field:
381+
ifgetattr(obj,user_id_field)!=request.user.id:
382+
permission_check_ok=True
383+
else:
384+
returnjson({"code":400,"msg":"need login user"})
385+
ifnotpermission_check_ok:
386+
returnjson({"code":400,"msg":"no permission"})
387+
388+
ifnotobj:
389+
returnjson({"code":400,"msg":"cannot find record id '%s'"%(id_)})
390+
kwargs= {}
391+
forkinparams:
392+
ifk=="id":
393+
continue
394+
elifhasattr(obj,k):
395+
kwargs[k]=params[k]
396+
else:
397+
returnjson({"code":400,"msg":"'%s' don't have field '%s'"%(modelname,k)})
398+
obj.update(**kwargs)
399+
ret=obj.save()
400+
obj_dict= {"id":id_}
401+
ifret:
402+
obj_dict["code"]=200
403+
obj_dict["message"]="success"
404+
obj_dict["count"]=1
405+
else:
406+
obj_dict["code"]=400
407+
obj_dict["message"]="fail"
408+
obj_dict["count"]=0
409+
self.rdict["code"]=400
410+
self.rdict["message"]="fail"
314411
self.rdict[key]=obj_dict

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp