PagerMaid-Pyro/pagermaid/group_manager.py

import casbin
from logging import CRITICAL
from shutil import copyfile
from os import path as os_path
from re import findall
from os import sep
from typing import List
from pagermaid import all_permissions, module_dir

# init permissions
if not os_path.exists(f"data{os_path.sep}gm_policy.csv"):
    copyfile(
        f"{module_dir}{os_path.sep}assets{os_path.sep}gm_policy.csv",
        f"data{os_path.sep}gm_policy.csv",
    )
permissions = casbin.Enforcer(
    f"pagermaid{sep}assets{sep}gm_model.conf", f"data{sep}gm_policy.csv"
)
permissions.logger.setLevel(CRITICAL)


class Permission:
    def __init__(self, name: str):
        self.name = name[1:] if name.startswith("-") else name
        self.root = self.name.split(".")[0]
        self.sub = self.name.split(".")[1] if len(self.name.split(".")) > 1 else ""
        self.enable: bool = not name.startswith("-")
        self.act: str = "access" if self.enable else "ejection"


def enforce_permission(user: int, permission: str):
    data = permission.split(".")
    if len(data) != 2:
        raise ValueError("Invalid permission format")
    if permissions.enforce(str(user), data[0], "access") and not permissions.enforce(
        str(user), permission, "ejection"
    ):
        return True
    return bool(
        permissions.enforce(str(user), permission, "access")
        and not permissions.enforce(str(user), permission, "ejection")
    )


def parse_pen(pen: Permission) -> List[Permission]:
    if pen.name.count("*") != 1:
        raise ValueError("Invalid permission format")
    if pen.root not in ["modules", "system", "plugins", "plugins_root"]:
        raise ValueError("Wildcard not allowed in root name")
    datas = []
    for i in all_permissions:
        if (
            pen.root == i.root
            and len(findall(pen.sub.replace("*", r"([\s\S]*)"), i.sub)) > 0
            and i not in datas
        ):
            datas.append(i)
    if not datas:
        raise ValueError("No permission found")
    return datas


def add_user_to_group(user: str, group: str):
    if group not in permissions.get_roles_for_user(user):
        permissions.add_role_for_user(user, group)
        permissions.save_policy()


def remove_user_from_group(user: str, group: str):
    if group in permissions.get_roles_for_user(user):
        permissions.delete_role_for_user(user, group)
        permissions.save_policy()


def add_permission_for_group(group: str, permission: Permission):
    data = parse_pen(permission) if "*" in permission.name else [permission]
    for i in data:
        permissions.add_policy(group, i.name, permission.act, "allow")
    permissions.save_policy()


def remove_permission_for_group(group: str, permission: Permission):
    data = parse_pen(permission) if "*" in permission.name else [permission]
    for i in data:
        permissions.remove_policy(group, i.name, permission.act, "allow")
    permissions.save_policy()


def add_permission_for_user(user: str, permission: Permission):
    data = parse_pen(permission) if "*" in permission.name else [permission]
    for i in data:
        permissions.add_permission_for_user(user, i.name, permission.act, "allow")
    permissions.save_policy()


def remove_permission_for_user(user: str, permission: Permission):
    data = parse_pen(permission) if "*" in permission.name else [permission]
    for i in data:
        permissions.delete_permission_for_user(user, i.name, permission.act, "allow")
    permissions.save_policy()
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`import casbin`
🔖 Update to v1.1.3 2022-06-27 13:42:24 +00:00			`from logging import CRITICAL`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`from shutil import copyfile`
			`from os import path as os_path`
			`from re import findall`
			`from os import sep`
			`from typing import List`
			`from pagermaid import all_permissions, module_dir`

			`# init permissions`
			`if not os_path.exists(f"data{os_path.sep}gm_policy.csv"):`
🔖 Update to v1.3.1 2023-03-12 03:56:01 +00:00			`copyfile(`
			`f"{module_dir}{os_path.sep}assets{os_path.sep}gm_policy.csv",`
			`f"data{os_path.sep}gm_policy.csv",`
			`)`
			`permissions = casbin.Enforcer(`
			`f"pagermaid{sep}assets{sep}gm_model.conf", f"data{sep}gm_policy.csv"`
			`)`
🔖 Update to v1.1.3 2022-06-27 13:42:24 +00:00			`permissions.logger.setLevel(CRITICAL)`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00

			`class Permission:`
			`def __init__(self, name: str):`
			`self.name = name[1:] if name.startswith("-") else name`
			`self.root = self.name.split(".")[0]`
			`self.sub = self.name.split(".")[1] if len(self.name.split(".")) > 1 else ""`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`self.enable: bool = not name.startswith("-")`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`self.act: str = "access" if self.enable else "ejection"`


			`def enforce_permission(user: int, permission: str):`
			`data = permission.split(".")`
			`if len(data) != 2:`
			`raise ValueError("Invalid permission format")`
🔖 Update to v1.3.1 2023-03-12 03:56:01 +00:00			`if permissions.enforce(str(user), data[0], "access") and not permissions.enforce(`
			`str(user), permission, "ejection"`
			`):`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`return True`
🔖 Update to v1.3.1 2023-03-12 03:56:01 +00:00			`return bool(`
			`permissions.enforce(str(user), permission, "access")`
			`and not permissions.enforce(str(user), permission, "ejection")`
			`)`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00

			`def parse_pen(pen: Permission) -> List[Permission]:`
			`if pen.name.count("*") != 1:`
			`raise ValueError("Invalid permission format")`
			`if pen.root not in ["modules", "system", "plugins", "plugins_root"]:`
			`raise ValueError("Wildcard not allowed in root name")`
			`datas = []`
			`for i in all_permissions:`
🔖 Update to v1.3.1 2023-03-12 03:56:01 +00:00			`if (`
			`pen.root == i.root`
			`and len(findall(pen.sub.replace("", r"([\s\S])"), i.sub)) > 0`
			`and i not in datas`
			`):`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`datas.append(i)`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`if not datas:`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`raise ValueError("No permission found")`
			`return datas`


			`def add_user_to_group(user: str, group: str):`
			`if group not in permissions.get_roles_for_user(user):`
			`permissions.add_role_for_user(user, group)`
			`permissions.save_policy()`


			`def remove_user_from_group(user: str, group: str):`
			`if group in permissions.get_roles_for_user(user):`
			`permissions.delete_role_for_user(user, group)`
			`permissions.save_policy()`


			`def add_permission_for_group(group: str, permission: Permission):`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`data = parse_pen(permission) if "*" in permission.name else [permission]`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`for i in data:`
			`permissions.add_policy(group, i.name, permission.act, "allow")`
			`permissions.save_policy()`


			`def remove_permission_for_group(group: str, permission: Permission):`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`data = parse_pen(permission) if "*" in permission.name else [permission]`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`for i in data:`
			`permissions.remove_policy(group, i.name, permission.act, "allow")`
			`permissions.save_policy()`


			`def add_permission_for_user(user: str, permission: Permission):`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`data = parse_pen(permission) if "*" in permission.name else [permission]`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`for i in data:`
			`permissions.add_permission_for_user(user, i.name, permission.act, "allow")`
			`permissions.save_policy()`


			`def remove_permission_for_user(user: str, permission: Permission):`
🔖 Update to v1.1.0 2022-06-20 13:55:14 +00:00			`data = parse_pen(permission) if "*" in permission.name else [permission]`
🔖 Update to v1.0.0 2022-05-23 12:40:30 +00:00			`for i in data:`
			`permissions.delete_permission_for_user(user, i.name, permission.act, "allow")`
			`permissions.save_policy()`