Created
August 17, 2016 08:23
-
-
Save klinkin/cfd9f1d91f8d33a5e049ba6487cb18d5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| AVAILABLE_ROLES = [ | |
| # STAFF | |
| ADMIN, HEAD_MANAGER, MANAGER, | |
| PAYMASTER, SECURITY, ANALYST, | |
| SUPPORT, CONTENT_MANAGER, | |
| # Partner | |
| PARTNER_ADMIN, PARTNER_STAFF, | |
| # Brand | |
| BRAND_ADMIN, BRAND_STAFF | |
| ] | |
| # теперь при логине юзера наполняем его доступными пермишенами из needs роли | |
| @identity_loaded.connect | |
| def on_post_identity_loaded(sender, identity): | |
| user_roles = set(i.name for i in current_user.roles) | |
| for role in AVAILABLE_ROLES: | |
| if role['name'] in user_roles and role['condition']() is True: | |
| identity.provides.update(role['needs']) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from functools import partial | |
| from flask.ext.principal import ActionNeed | |
| # Админка | |
| # гранты для users | |
| UserListNeed = partial(ActionNeed, 'user_list') | |
| UserShowNeed = partial(ActionNeed, 'user_show') | |
| UserCreateNeed = partial(ActionNeed, 'user_create') | |
| UserEditNeed = partial(ActionNeed, 'user_edit') | |
| UserDeleteNeed = partial(ActionNeed, 'user_delete') | |
| # гранты для roles | |
| RoleListNeed = partial(ActionNeed, 'role_list') | |
| RoleShowNeed = partial(ActionNeed, 'role_show') | |
| RoleCreateNeed = partial(ActionNeed, 'role_create') | |
| RoleEditNeed = partial(ActionNeed, 'role_edit') | |
| RoleDeleteNeed = partial(ActionNeed, 'role_delete') | |
| # описание роли SECURITY | |
| # needs это пермишены | |
| SECURITY = { | |
| 'name': 'SECURITY', | |
| 'condition': lambda: True, | |
| 'needs': [ | |
| UserListNeed(), | |
| UserShowNeed(), | |
| UserCreateNeed(), | |
| UserEditNeed(), | |
| UserDeleteNeed(), | |
| RoleListNeed(), | |
| RoleShowNeed(), | |
| RoleCreateNeed(), | |
| RoleEditNeed(), | |
| RoleDeleteNeed(), | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # и теперь можем в любом месте делать проверки есть у текущего юзера нужный need (пермишен) | |
| class UserAdminView(ModelView): | |
| model = models.User | |
| def is_visible(self): | |
| return Permission(UserListNeed()).can() | |
| @property | |
| def can_show(self): | |
| return Permission(UserShowNeed()).can() | |
| @property | |
| def can_create(self): | |
| return Permission(UserCreateNeed()).can() | |
| @property | |
| def can_edit(self): | |
| return Permission(UserEditNeed()).can() | |
| @property | |
| def can_delete(self): | |
| return Permission(UserDeleteNeed()).can() | |
| def get_optional_permissions(self): | |
| return [ | |
| Permission(UserListNeed()), | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment