181 lines
5.5 KiB
Python
181 lines
5.5 KiB
Python
#!/usr/bin/env python3
|
||
# -*- coding: UTF-8 -*-
|
||
|
||
__author__ = 'RemiZOffAlex'
|
||
__copyright__ = '(c) RemiZOffAlex'
|
||
__license__ = 'MIT'
|
||
__email__ = 'remizoffalex@mail.ru'
|
||
__url__ = 'http://remizoffalex.ru'
|
||
|
||
import datetime
|
||
from sqlalchemy import (
|
||
Table,
|
||
Column,
|
||
Boolean,
|
||
Integer,
|
||
ForeignKey,
|
||
String,
|
||
DateTime,
|
||
Enum
|
||
)
|
||
from sqlalchemy.orm import relationship
|
||
|
||
from . import Base
|
||
|
||
|
||
class ObjectPermission(Base):
|
||
"""
|
||
Объекты доступа: процедура и содержащий процедуру модуль
|
||
"""
|
||
__tablename__ = "object_permission"
|
||
|
||
id = Column(Integer, primary_key=True)
|
||
funcname = Column(String)
|
||
modulename = Column(String)
|
||
|
||
# Связи
|
||
user_permissions = relationship(
|
||
"UserPermission",
|
||
primaryjoin="ObjectPermission.id==UserPermission.object_id"
|
||
)
|
||
ip_permissions = relationship(
|
||
"IPPermission",
|
||
primaryjoin="ObjectPermission.id==IPPermission.object_id"
|
||
)
|
||
|
||
def __init__(self, modulename, funcname):
|
||
self.funcname = funcname
|
||
self.modulename = modulename
|
||
|
||
def __repr__(self):
|
||
return "<ObjectPermission('%s': '%s')>" % (self.funcname,
|
||
self.modulename)
|
||
|
||
|
||
class RolePermission(Base):
|
||
"""Роли доступа"""
|
||
__tablename__ = "role_permission"
|
||
|
||
id = Column(Integer, primary_key=True)
|
||
name = Column(String)
|
||
description = Column(String, default='')
|
||
|
||
# Связи
|
||
set_objects = relationship(
|
||
"RoleSetPermission",
|
||
primaryjoin="RolePermission.id==RoleSetPermission.role_id"
|
||
)
|
||
users = relationship(
|
||
"UserRole",
|
||
primaryjoin="RolePermission.id==UserRole.role_id"
|
||
)
|
||
|
||
def __init__(self, name):
|
||
self.name = name
|
||
|
||
|
||
class RoleSetPermission(Base):
|
||
"""Набор прав доступа для роли"""
|
||
__tablename__ = "role_set_permission"
|
||
|
||
id = Column(Integer, primary_key=True)
|
||
role_id = Column(Integer, ForeignKey('role_permission.id'))
|
||
object_id = Column(Integer, ForeignKey('object_permission.id'))
|
||
permission = Column(Enum('allow', 'deny')) # Разрешение
|
||
|
||
# Связи
|
||
role = relationship(
|
||
"RolePermission",
|
||
primaryjoin="RoleSetPermission.role_id==RolePermission.id",
|
||
uselist=False
|
||
)
|
||
object_permission = relationship(
|
||
"ObjectPermission",
|
||
primaryjoin="RoleSetPermission.object_id==ObjectPermission.id",
|
||
uselist=False
|
||
)
|
||
|
||
def __init__(self, role_permission, object_permission, permission):
|
||
self.role_id = role_permission.id
|
||
self.object_id = object_permission.id
|
||
self.permission = permission
|
||
|
||
|
||
class UserPermission(Base):
|
||
"""Права доступа пользователя"""
|
||
__tablename__ = "user_permission"
|
||
|
||
id = Column(Integer, primary_key=True)
|
||
object_id = Column(Integer, ForeignKey('object_permission.id'))
|
||
user_id = Column(Integer, ForeignKey('user.id'))
|
||
permission = Column(Enum('allow', 'deny')) # Разрешение
|
||
|
||
# Связи
|
||
user = relationship(
|
||
"User",
|
||
primaryjoin="UserPermission.user_id==User.id",
|
||
uselist=False
|
||
)
|
||
object_permission = relationship(
|
||
"ObjectPermission",
|
||
primaryjoin="UserPermission.object_id==ObjectPermission.id",
|
||
uselist=False
|
||
)
|
||
|
||
def __init__(self, object_permission, user, permission):
|
||
assert type(object_permission).__name__=='ObjectPermission', app.logger.info('Не передан объект ObjectPermission')
|
||
assert type(user).__name__=='User', app.logger.info('Не передан объект User')
|
||
self.object_id = object_permission.id
|
||
self.user_id = user.id
|
||
self.permission = permission
|
||
|
||
|
||
class UserRole(Base):
|
||
"""Роль пользователя"""
|
||
__tablename__ = "user_role"
|
||
|
||
id = Column(Integer, primary_key=True)
|
||
role_id = Column(Integer, ForeignKey('role_permission.id'))
|
||
user_id = Column(Integer, ForeignKey('user.id'))
|
||
|
||
# Связи
|
||
user = relationship(
|
||
"User",
|
||
primaryjoin="UserRole.user_id==User.id",
|
||
uselist=False
|
||
)
|
||
role_permission = relationship(
|
||
"RolePermission",
|
||
primaryjoin="UserRole.role_id==RolePermission.id",
|
||
uselist=False
|
||
)
|
||
|
||
def __init__(self, role_permission, user):
|
||
assert type(role_permission).__name__=='RolePermission', app.logger.info('Не передан объект RolePermission')
|
||
assert type(user).__name__=='User', app.logger.info('Не передан объект User')
|
||
self.role_id = role_permission.id
|
||
self.user_id = user.id
|
||
|
||
|
||
class IPPermission(Base):
|
||
"""
|
||
Права доступа для IP
|
||
"""
|
||
__tablename__ = "ip_permission"
|
||
|
||
id = Column(Integer, primary_key=True)
|
||
object_id = Column(Integer, ForeignKey('object_permission.id'))
|
||
ip_id = Column(Integer, ForeignKey('ip.id'))
|
||
permission = Column(Enum('allow', 'deny')) # Разрешение
|
||
|
||
# Связи
|
||
ip = relationship("IP", primaryjoin="IPPermission.ip_id==IP.id", uselist=False)
|
||
object_permission = relationship("ObjectPermission", primaryjoin="IPPermission.object_id==ObjectPermission.id", uselist=False)
|
||
|
||
def __init__(self, object_permission, ip, permission):
|
||
assert type(object_permission).__name__=='ObjectPermission', app.logger.info('Не передан объект ObjectPermission')
|
||
assert type(ip).__name__=='IP', app.logger.info('Не передан объект IP')
|
||
self.object_id = object_permission.id
|
||
self.ip_id = ip.id
|
||
self.permission = permission
|