Skip to content

同步代码 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TommyLemon merged 4 commits into from
Dec 14, 2018
Merged

同步代码 #1

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3f75150
refractor apijson models settings, add apijson style roles
zhangchunlin Dec 14, 2018
14d8d16
refactor _get_array to new apijson model settings
zhangchunlin Dec 14, 2018
6eed78b
update document and screenshot
zhangchunlin Dec 14, 2018
ef703f3
fix document
zhangchunlin Dec 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
refactor _get_array to new apijson model settings
  • Loading branch information
@zhangchunlin
zhangchunlin committed Dec 14, 2018
commit 14d8d16ae93488058260c2fbb9eff22e6aa6b92a
8 changes: 4 additions & 4 deletions demo/apps/apijson_demo/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,17 @@ def index():
user_info = "not login, you can login with username 'admin/usera/userb/userc', and password '123'"
request_get = [
{
"label":"Single record query: with id as parameter",
"label":"Single record query: no parameter",
"value":'''{
"user":{
"id":1
}
}''',
},
{
"label":"Single record query: no parameter",
"label":"Single record query: with id as parameter",
"value":'''{
"user":{
"id":1
}
}''',
},
Expand All @@ -33,7 +33,7 @@ def index():
}''',
},
{
"label":"Array query: private data",
"label":"Array query",
"value":'''{
"[]":{
"@count":2,
Expand Down
58 changes: 47 additions & 11 deletions uliweb_apijson/apijson/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def __begin__(self):
def get(self):
for key in self.request_data:
if key[-2:]=="[]":
rsp = self._query_array(key)
rsp = self._get_array(key)
else:
rsp = self._get_one(key)
if rsp: return rsp
Expand All @@ -42,6 +42,8 @@ def _get_one(self,key):
return json({"code":400,"msg":"model '%s' not found"%(modelname)})
model_column_set = None
q = model.all()

#rbac check begin
rbac_get = model_setting.get("rbac_get",{})
if not rbac_get:
return json({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})
Expand Down Expand Up @@ -74,6 +76,7 @@ def _get_one(self,key):

if not permission_check_ok:
return json({"code":401,"msg":"no permission"})
#rbac check end

filtered = False

Expand Down Expand Up @@ -111,7 +114,7 @@ def _get_one(self,key):
del o[k]
self.rdict[key] = o

def _query_array(self,key):
def _get_array(self,key):
params = self.request_data[key]
query_count = None
query_page = None
Expand Down Expand Up @@ -146,9 +149,8 @@ def _query_array(self,key):
return json({"code":400,"msg":"no model found in array query"})

#model settings
model_setting = settings.APIJSON_MODEL.get(modelname,{})
model_setting = settings.APIJSON_MODELS.get(modelname,{})
secret_fields = model_setting["secret_fields"]
public = model_setting.get("public",False)

#model params
#column
Expand All @@ -165,6 +167,47 @@ def _query_array(self,key):
model_order = model_param.get("@order")

q = model.all()

#rbac check begin
rbac_get = model_setting.get("rbac_get",{})
if not rbac_get:
return json({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})

roles = rbac_get.get("roles")
perms = rbac_get.get("perms")
params_role = params.get("@role")
permission_check_ok = False
user_role = None
if params_role:
if params_role not in roles:
return json({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})
if functions.has_role(request.user,params_role):
permission_check_ok = True
user_role = params_role
else:
return json({"code":401,"msg":"user doesn't have role '%s'"%(params_role)})
if not permission_check_ok and roles:
for role in roles:
if functions.has_role(request.user,role):
permission_check_ok = True
user_role = role
break

if not permission_check_ok and perms:
for perm in perms:
if functions.has_permission(request.user,perm):
permission_check_ok = True
break

if not permission_check_ok:
return json({"code":401,"msg":"no permission"})
#rbac check end

if user_role == "OWNER":
owner_filtered,q = self._filter_owner(model,model_setting,q)
if not owner_filtered:
return json({"code":401,"msg":"'%s' cannot filter with owner"%(modelname)})

if query_count:
if query_page:
q = q.offset(query_page*query_count)
Expand All @@ -183,13 +226,6 @@ def _query_array(self,key):
column = getattr(model.c,sort_key)
q = q.order_by(getattr(column,sort_order)())

if not public:
if not request.user:
return json({"code":401,"msg":"'%s' not accessable for unauthorized request"%(modelname)})
owner_filtered,q = self._filter_owner(model,model_setting,q)
if not owner_filtered:
return json({"code":401,"msg":"'%s' not accessable because not public"%(modelname)})

def _get_info(i):
d = i.to_dict()
if secret_fields:
Expand Down