PagerMaid-Pyro/pagermaid/group_manager.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

104 lines
3.4 KiB
Python
Raw Normal View History

2022-06-27 13:42:24 +00:00
from logging import CRITICAL
2022-05-23 12:40:30 +00:00
from os import path as os_path
from os import sep
from re import findall
from shutil import copyfile
2022-05-23 12:40:30 +00:00
from typing import List
import casbin
from pagermaid import module_dir
from pagermaid.static import all_permissions
2022-05-23 12:40:30 +00:00
# init permissions
if not os_path.exists(f"data{os_path.sep}gm_policy.csv"):
2023-03-12 03:56:01 +00:00
copyfile(
f"{module_dir}{os_path.sep}assets{os_path.sep}gm_policy.csv",
f"data{os_path.sep}gm_policy.csv",
)
permissions = casbin.Enforcer(
f"pagermaid{sep}assets{sep}gm_model.conf", f"data{sep}gm_policy.csv"
)
2022-06-27 13:42:24 +00:00
permissions.logger.setLevel(CRITICAL)
2022-05-23 12:40:30 +00:00
class Permission:
def __init__(self, name: str):
self.name = name[1:] if name.startswith("-") else name
self.root = self.name.split(".")[0]
self.sub = self.name.split(".")[1] if len(self.name.split(".")) > 1 else ""
2022-06-20 13:55:14 +00:00
self.enable: bool = not name.startswith("-")
2022-05-23 12:40:30 +00:00
self.act: str = "access" if self.enable else "ejection"
def enforce_permission(user: int, permission: str):
data = permission.split(".")
if len(data) != 2:
raise ValueError("Invalid permission format")
2023-03-12 03:56:01 +00:00
if permissions.enforce(str(user), data[0], "access") and not permissions.enforce(
str(user), permission, "ejection"
):
2022-06-20 13:55:14 +00:00
return True
2023-03-12 03:56:01 +00:00
return bool(
permissions.enforce(str(user), permission, "access")
and not permissions.enforce(str(user), permission, "ejection")
)
2022-05-23 12:40:30 +00:00
def parse_pen(pen: Permission) -> List[Permission]:
if pen.name.count("*") != 1:
raise ValueError("Invalid permission format")
if pen.root not in ["modules", "system", "plugins", "plugins_root"]:
raise ValueError("Wildcard not allowed in root name")
datas = []
for i in all_permissions:
2023-03-12 03:56:01 +00:00
if (
pen.root == i.root
and len(findall(pen.sub.replace("*", r"([\s\S]*)"), i.sub)) > 0
and i not in datas
):
2022-05-23 12:40:30 +00:00
datas.append(i)
2022-06-20 13:55:14 +00:00
if not datas:
2022-05-23 12:40:30 +00:00
raise ValueError("No permission found")
return datas
def add_user_to_group(user: str, group: str):
if group not in permissions.get_roles_for_user(user):
permissions.add_role_for_user(user, group)
permissions.save_policy()
def remove_user_from_group(user: str, group: str):
if group in permissions.get_roles_for_user(user):
permissions.delete_role_for_user(user, group)
permissions.save_policy()
def add_permission_for_group(group: str, permission: Permission):
2022-06-20 13:55:14 +00:00
data = parse_pen(permission) if "*" in permission.name else [permission]
2022-05-23 12:40:30 +00:00
for i in data:
permissions.add_policy(group, i.name, permission.act, "allow")
permissions.save_policy()
def remove_permission_for_group(group: str, permission: Permission):
2022-06-20 13:55:14 +00:00
data = parse_pen(permission) if "*" in permission.name else [permission]
2022-05-23 12:40:30 +00:00
for i in data:
permissions.remove_policy(group, i.name, permission.act, "allow")
permissions.save_policy()
def add_permission_for_user(user: str, permission: Permission):
2022-06-20 13:55:14 +00:00
data = parse_pen(permission) if "*" in permission.name else [permission]
2022-05-23 12:40:30 +00:00
for i in data:
permissions.add_permission_for_user(user, i.name, permission.act, "allow")
permissions.save_policy()
def remove_permission_for_user(user: str, permission: Permission):
2022-06-20 13:55:14 +00:00
data = parse_pen(permission) if "*" in permission.name else [permission]
2022-05-23 12:40:30 +00:00
for i in data:
permissions.delete_permission_for_user(user, i.name, permission.act, "allow")
permissions.save_policy()