Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class User(UserMixin, SurrogatePK, Model):
- """A user of the app."""
- __tablename__ = 'users'
- username = Column(db.String(80), unique=True, nullable=False)
- first_name = Column(db.String(80))
- last_name = Column(db.String(80))
- mobile_number = Column(db.String(80))
- created_on = Column(db.DateTime, default=dt.datetime.now())
- last_update = Column(db.DateTime, onupdate=dt.datetime.now())
- is_deleted = Column(db.Boolean, default=False)
- email_verified = Column(db.Boolean, default=False)
- email = Column(db.String(80), unique=True, nullable=False)
- #: The hashed password
- password = Column(db.Binary(128), nullable=True)
- roles = relationship("Role",
- secondary=rel_users_roles,
- backref="users")
- def __init__(self, password=None, **kwargs):
- """Create instance."""
- db.Model.__init__(self, **kwargs)
- if password:
- self.set_password(password)
- else:
- self.password = None
- # internal flag
- self.permission_types = []
- def traverse_up_tree_from_node(self, starting_node):
- for role in starting_node.roles:
- for user in role.users:
- if user == self and role.name in self.permission_types:
- print(user, 'has permission')
- return True
- if starting_node.parent:
- self.traverse_up_tree_from_node(starting_node.parent)
- else:
- return False
- @property
- def can(self):
- self.permission_types = []
- return self
- @property
- def view(self):
- self.permission_types = ['READ', 'READ-WRITE', 'ADMIN']
- return self
- @property
- def modify(self):
- self.permission_types = ['READ-WRITE', 'ADMIN']
- return self
- @property
- def delete(self):
- self.permission_types = ['ADMIN']
- return self
- def user_id(self, _user_id):
- """If a user has no roles for any scope they are 'free-floating' users
- and anyone should be able to edit them or view them. If a user has at least
- one role then we can look at all of their roles and check to see that we have
- permission in at least one of those roles to do the requested action."""
- user = self.query.filter_by(_user_id).first()
- roles_with_permission = []
- for role in user.roles:
- if self.traverse_up_tree_from_node(role.scope):
- roles_with_permission.append(role.scope)
- return True if roles_with_permission else False
- def role_id(self, _role_id):
- """Start with the role to be modified, and use the attached scope as
- the starting scope for determining permission to modify the role."""
- role = Role.query.filter_by(id=_role_id).first()
- return self.traverse_up_tree_from_node(role.scope)
- def scope_id(self, _scope_id):
- """Start with the scope to be read/modified/deleted and go up the tree
- looking for permissions on the target scope or any parent."""
- scope = Scope.query.filter_by(id=_scope_id).first()
- return self.traverse_up_tree_from_node(scope)
- def category_id(self, _category_id):
- """The approach here is to find every scope that is being used by the
- category in question. The user would have to have the right permission
- on every scope attached to the category in orer to modify/read/delete
- the category."""
- category = Category.query.filter_by(id=_category_id).first()
- scopes_with_permission = []
- for scope in category.scopes:
- if self.traverse_up_tree_from_node(scope):
- scopes_with_permission.append(scope)
- return len(scopes_with_permission == len(category.scopes))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement