myapp-full/myapp/models/acl.py

#!/usr/bin/env python3
# -*- coding: UTF-8 -*-

__author__ = 'RemiZOffAlex'
__copyright__ = '(c) RemiZOffAlex'
__license__ = 'MIT'
__email__ = 'remizoffalex@mail.ru'
__url__ = 'http://remizoffalex.ru'

import datetime
from sqlalchemy import (
    Table,
    Column,
    Boolean,
    Integer,
    ForeignKey,
    String,
    DateTime,
    Enum
)
from sqlalchemy.orm import relationship

from . import Base


class ObjectPermission(Base):
    """
    Объекты доступа: процедура и содержащий процедуру модуль
    """
    __tablename__ = "object_permission"

    id = Column(Integer, primary_key=True)
    funcname = Column(String)
    modulename = Column(String)

    # Связи
    user_permissions = relationship(
        "UserPermission",
        primaryjoin="ObjectPermission.id==UserPermission.object_id"
    )
    ip_permissions = relationship(
        "IPPermission",
        primaryjoin="ObjectPermission.id==IPPermission.object_id"
    )

    def __init__(self, modulename, funcname):
        self.funcname = funcname
        self.modulename = modulename

    def __repr__(self):
        return "<ObjectPermission('%s': '%s')>" % (self.funcname,
            self.modulename)


class RolePermission(Base):
    """Роли доступа"""
    __tablename__ = "role_permission"

    id = Column(Integer, primary_key=True)
    name = Column(String)
    description = Column(String, default='')

    # Связи
    set_objects = relationship(
        "RoleSetPermission",
        primaryjoin="RolePermission.id==RoleSetPermission.role_id"
    )
    users = relationship(
        "UserRole",
        primaryjoin="RolePermission.id==UserRole.role_id"
    )

    def __init__(self, name):
        self.name = name


class RoleSetPermission(Base):
    """Набор прав доступа для роли"""
    __tablename__ = "role_set_permission"

    id = Column(Integer, primary_key=True)
    role_id = Column(Integer, ForeignKey('role_permission.id'))
    object_id = Column(Integer, ForeignKey('object_permission.id'))
    permission = Column(Enum('allow', 'deny')) # Разрешение

    # Связи
    role = relationship(
        "RolePermission",
        primaryjoin="RoleSetPermission.role_id==RolePermission.id",
        uselist=False
    )
    object_permission = relationship(
        "ObjectPermission",
        primaryjoin="RoleSetPermission.object_id==ObjectPermission.id",
        uselist=False
    )

    def __init__(self, role_permission, object_permission, permission):
        self.role_id = role_permission.id
        self.object_id = object_permission.id
        self.permission = permission


class UserPermission(Base):
    """Права доступа пользователя"""
    __tablename__ = "user_permission"

    id = Column(Integer, primary_key=True)
    object_id = Column(Integer, ForeignKey('object_permission.id'))
    user_id = Column(Integer, ForeignKey('user.id'))
    permission = Column(Enum('allow', 'deny')) # Разрешение

    # Связи
    user = relationship(
        "User",
        primaryjoin="UserPermission.user_id==User.id",
        uselist=False
    )
    object_permission = relationship(
        "ObjectPermission",
        primaryjoin="UserPermission.object_id==ObjectPermission.id",
        uselist=False
    )

    def __init__(self, object_permission, user, permission):
        assert type(object_permission).__name__=='ObjectPermission', app.logger.info('Не передан объект ObjectPermission')
        assert type(user).__name__=='User', app.logger.info('Не передан объект User')
        self.object_id = object_permission.id
        self.user_id = user.id
        self.permission = permission


class UserRole(Base):
    """Роль пользователя"""
    __tablename__ = "user_role"

    id = Column(Integer, primary_key=True)
    role_id = Column(Integer, ForeignKey('role_permission.id'))
    user_id = Column(Integer, ForeignKey('user.id'))

    # Связи
    user = relationship(
        "User",
        primaryjoin="UserRole.user_id==User.id",
        uselist=False
    )
    role_permission = relationship(
        "RolePermission",
        primaryjoin="UserRole.role_id==RolePermission.id",
        uselist=False
    )

    def __init__(self, role_permission, user):
        assert type(role_permission).__name__=='RolePermission', app.logger.info('Не передан объект RolePermission')
        assert type(user).__name__=='User', app.logger.info('Не передан объект User')
        self.role_id = role_permission.id
        self.user_id = user.id


class IPPermission(Base):
    """
    Права доступа для IP
    """
    __tablename__ = "ip_permission"

    id = Column(Integer, primary_key=True)
    object_id = Column(Integer, ForeignKey('object_permission.id'))
    ip_id = Column(Integer, ForeignKey('ip.id'))
    permission = Column(Enum('allow', 'deny')) # Разрешение

    # Связи
    ip = relationship("IP", primaryjoin="IPPermission.ip_id==IP.id", uselist=False)
    object_permission = relationship("ObjectPermission", primaryjoin="IPPermission.object_id==ObjectPermission.id", uselist=False)

    def __init__(self, object_permission, ip, permission):
        assert type(object_permission).__name__=='ObjectPermission', app.logger.info('Не передан объект ObjectPermission')
        assert type(ip).__name__=='IP', app.logger.info('Не передан объект IP')
        self.object_id = object_permission.id
        self.ip_id = ip.id
        self.permission = permission