Skip to content

Commit

Permalink
feat: 🎸 权限验证完成
Browse files Browse the repository at this point in the history
  • Loading branch information
jinji-hanbin committed May 13, 2022
1 parent af7e9b7 commit 5d6f3c7
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 14 deletions.
18 changes: 8 additions & 10 deletions arkid/core/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,16 +79,14 @@ def authenticate(self, request, token):
if token.expired(request.tenant):
raise Exception(_('Token has expired','秘钥已经过期'))

# operation_id = request.operation_id
# if operation_id:
# # 权限鉴定
# apipermission = ApiPermission.valid_objects.filter(
# operation_id=operation_id
# ).first()
# if apipermission:
# print('存在api权限')
# else:
# print('不存在api权限')
operation_id = request.operation_id
if operation_id:
from arkid.core.perm.permission_data import PermissionData
permissiondata = PermissionData()
if token.user and request.tenant:
result =permissiondata.api_system_permission_check(request.tenant, token.user, operation_id)
if result == True:
raise Exception(_('You do not have api permission','你没有这个接口的权限'))
except ExpiringToken.DoesNotExist:
logger.error(_("Invalid token","无效的秘钥"))
return
Expand Down
48 changes: 44 additions & 4 deletions arkid/core/perm/permission_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,34 @@ def get_platfrom_tenant(self):
)
return tenant

def api_system_permission_check(self, tenant, user, operation_id):
'''
检查api接口权限
'''
systempermission = SystemPermission.valid_objects.filter(tenant=None, is_system=True, operation_id=operation_id, category='api').first()
if systempermission:
sort_id = systempermission.sort_id
permission_result_arr = self.get_permission_result(tenant, user, None)
if permission_result_arr and len(permission_result_arr) > sort_id and int(permission_result_arr[sort_id]) == 0:
return False
return True

def get_permission_result(self, tenant, user, app):
'''
取得用户解码后的权限数组
'''
userpermissionresult = UserPermissionResult.valid_objects.filter(
user=user,
tenant=tenant,
app=app,
).first()
compress = Compress()
permission_result_arr = []
if userpermissionresult:
permission_result = compress.decrypt(userpermissionresult.result)
permission_result_arr = list(permission_result)
return permission_result_arr

def add_system_permission_to_user(self, tenant_id, user_id, permission_id):
'''
给某个用户增加系统权限
Expand All @@ -43,7 +71,19 @@ def add_system_permission_to_user(self, tenant_id, user_id, permission_id):
user = User.valid_objects.filter(id=user_id).first()
permission = SystemPermission.valid_objects.filter(id=permission_id).first()
if tenant and user:
self.update_arkid_single_user_permission(tenant, user, permission)
self.update_arkid_single_user_permission(tenant, user, permission, 1)
else:
print('不存在租户或者用户无法更新')

def remove_system_permission_to_user(self, tenant_id, user_id, permission_id):
'''
给某个用户删除系统权限
'''
tenant = Tenant.valid_objects.filter(id=tenant_id).first()
user = User.valid_objects.filter(id=user_id).first()
permission = SystemPermission.valid_objects.filter(id=permission_id).first()
if tenant and user:
self.update_arkid_single_user_permission(tenant, user, permission, 0)
else:
print('不存在租户或者用户无法更新')

Expand All @@ -54,7 +94,7 @@ def update_single_user_system_permission(self, tenant_id, user_id):
tenant = Tenant.valid_objects.filter(id=tenant_id).first()
user = User.valid_objects.filter(id=user_id).first()
if tenant and user:
self.update_arkid_single_user_permission(tenant, user, None)
self.update_arkid_single_user_permission(tenant, user, None, None)
else:
print('不存在租户或者用户无法更新')

Expand Down Expand Up @@ -265,7 +305,7 @@ def update_arkid_all_user_permission(self):
userpermissionresult.result = compress_str_result
userpermissionresult.save()

def update_arkid_single_user_permission(self, tenant, auth_user, pass_permission):
def update_arkid_single_user_permission(self, tenant, auth_user, pass_permission, permission_value):
'''
更新指定用户权限
'''
Expand Down Expand Up @@ -303,7 +343,7 @@ def update_arkid_single_user_permission(self, tenant, auth_user, pass_permission
if hasattr(data_item, 'is_pass') == True and data_item.is_pass == 1:
continue
if pass_permission != None and data_item.id == pass_permission.id:
data_item.is_pass = 1
data_item.is_pass = permission_value
continue
# 如果是超级管理员直接就通过
if auth_user.is_superuser:
Expand Down

0 comments on commit 5d6f3c7

Please sign in to comment.