Skip to content

Commit bf023f6

Browse files
zhangchunlinzhangchunlin
committed
modify rbac_get to GET; add apijson put support
1 parent 04b85da commit bf023f6

File tree

5 files changed

+166
-34
lines changed

5 files changed

+166
-34
lines changed

demo/apps/apijson_demo/settings.ini

Lines changed: 20 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -6,36 +6,39 @@ moment = 'apijson_demo.models.Moment'
66
[APIJSON_MODELS]
77
moment = {
88
"user_id_field" : "user_id",
9-
"rbac_get" : {
9+
"GET" : {
1010
"roles" : ["OWNER"]
1111
},
12-
"rbac_post" : {
13-
"roles" : ["OWNER"]
14-
}
12+
1513
}
1614
comment = {
1715
"user_id_field" : "user_id",
18-
"rbac_get" : {
16+
"GET" : {
1917
"roles" : ["OWNER"]
2018
},
21-
"rbac_post" : {
22-
"roles" : ["OWNER"]
23-
}
2419
}
2520

2621
[APIJSON_REQUESTS]
2722
moment = {
28-
"moment": {
29-
"ADD" :{"@role": ["OWNER"]},
30-
"DISALLOW" : ["id"],
31-
"NECESSARY" : ["content"]
32-
}
23+
"moment": {
24+
"POST" :{
25+
"ADD":{"roles": ["OWNER"]},
26+
"DISALLOW" : ["id"],
27+
"NECESSARY" : ["content"],
28+
},
29+
"PUT" :{
30+
"ADD":{"roles": ["OWNER"]},
31+
"NECESSARY" : ["content"],
32+
},
33+
}
3334
}
3435

3536
comment = {
36-
"comment": {
37-
"ADD" :{"@role": ["OWNER"]},
38-
"DISALLOW" : ["id"],
39-
"NECESSARY" : ["content"]
37+
"comment": {
38+
"POST" :{
39+
"ADD" :{"roles": ["OWNER"]},
40+
"DISALLOW" : ["id"],
41+
"NECESSARY" : ["content"]
42+
}
4043
}
4144
}

demo/apps/apijson_demo/templates/index.html

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,19 @@
4545
</i-col>
4646
</Row>
4747

48+
<Row v-if="tab_current==='tab_put'">
49+
<i-col span="3"><div align="center">PUT URL</div></i-col>
50+
<i-col span="8"><i-input value="/apijson/put" readonly/></i-col>
51+
</Row>
52+
<Row v-if="tab_current==='tab_put'">
53+
<i-col span="3"><div align="center"><strong>apijson put</strong> request examples</div></i-col>
54+
<i-col span="8">
55+
<i-select v-model="request_data">
56+
<i-option v-for="item in request_put" :value="item.value" :key="item.value">{ item.label }</i-option>
57+
</i-select>
58+
</i-col>
59+
</Row>
60+
4861
<Row>
4962
<i-col span="3"><div align="center">request data</div></i-col>
5063
<i-col span="8"><i-input v-model="request_data" type="textarea" :autosize="{minRows: 3,maxRows: 15}" placeholder="request data" /></i-col>
@@ -62,13 +75,15 @@
6275
data: {
6376
request_get : {{=request_get_json}},
6477
request_post : {{=request_post_json}},
78+
request_put : {{=request_put_json}},
6579
request_data : "",
6680
can_post : true,
6781
response_data : "",
6882
tab_current : "tab_get",
6983
tab2url : {
7084
"tab_get":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.get')}}",
71-
"tab_post":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.post')}}"
85+
"tab_post":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.post')}}",
86+
"tab_put":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.put')}}"
7287
}
7388
},
7489
methods: {
@@ -102,6 +117,9 @@
102117
else if (n=="tab_post") {
103118
vm.request_data = vm.request_post[0].value
104119
}
120+
else if (n=="tab_put") {
121+
vm.request_data = vm.request_put[0].value
122+
}
105123
vm.response_data = ""
106124
}
107125
}

demo/apps/apijson_demo/views.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,8 +84,22 @@ def index():
8484
},
8585
]
8686

87+
request_put = [
88+
{
89+
"label":"Modify moment",
90+
"value":'''{
91+
"moment": {
92+
"id": 1,
93+
"content": "modify moment content"
94+
},
95+
"tag": "moment"
96+
}''',
97+
},
98+
]
99+
87100
return {
88101
"user_info":user_info,
89102
"request_get_json":dumps(request_get),
90103
"request_post_json":dumps(request_post),
104+
"request_put_json":dumps(request_put),
91105
}

uliweb_apijson/apijson/settings.ini

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ OWNER = _('APIJSON OWNER'), 'uliweb.contrib.rbac.trusted', True
1010
user = {
1111
"user_id_field" : "id",
1212
"secret_fields" : ["password"],
13-
"rbac_get" : {
13+
"GET" : {
1414
"roles" : ["ADMIN","OWNER"]
1515
}
1616
}

uliweb_apijson/apijson/views.py

Lines changed: 112 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,12 @@ def _get_one(self,key):
4444
q = model.all()
4545

4646
#rbac check begin
47-
rbac_get = model_setting.get("rbac_get",{})
48-
if not rbac_get:
47+
GET = model_setting.get("GET",{})
48+
if not GET:
4949
return json({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})
5050

51-
roles = rbac_get.get("roles")
52-
perms = rbac_get.get("perms")
51+
roles = GET.get("roles")
52+
perms = GET.get("perms")
5353
params_role = params.get("@role")
5454
permission_check_ok = False
5555
user_role = None
@@ -169,12 +169,12 @@ def _get_array(self,key):
169169
q = model.all()
170170

171171
#rbac check begin
172-
rbac_get = model_setting.get("rbac_get",{})
173-
if not rbac_get:
172+
GET = model_setting.get("GET",{})
173+
if not GET:
174174
return json({"code":401,"msg":"'%s' not accessible by apijson"%(modelname)})
175175

176-
roles = rbac_get.get("roles")
177-
perms = rbac_get.get("perms")
176+
roles = GET.get("roles")
177+
perms = GET.get("perms")
178178
params_role = params.get("@role")
179179
permission_check_ok = False
180180
user_role = None
@@ -277,38 +277,135 @@ def _post_one(self,key,tag):
277277
except ModelNotFound as e:
278278
log.error("try to find model '%s' but not found: '%s'"%(modelname,e))
279279
return json({"code":400,"msg":"model '%s' not found"%(modelname)})
280-
281280

282-
request_setting = request_setting_tag.get(modelname,{})
283-
ADD = request_setting.get("ADD")
281+
request_setting_model = request_setting_tag.get(modelname,{})
282+
request_setting_POST = request_setting_model.get("POST",{})
283+
ADD = request_setting_POST.get("ADD")
284284
permission_check_ok = False
285285
if ADD:
286-
_role = ADD.get("@role")
287-
if _role:
288-
for r in _role:
286+
roles = ADD.get("roles")
287+
if roles:
288+
for r in roles:
289289
if r == "OWNER":
290290
if request.user:
291291
permission_check_ok = True
292292
if user_id_field:
293293
params[user_id_field] = request.user.id
294+
else:
295+
#need OWNER, but don't know how to set user id
296+
return json({"code":400,"msg":"no permission"})
294297
if not permission_check_ok:
295298
return json({"code":400,"msg":"no permission"})
296299

297-
DISALLOW = request_setting.get("DISALLOW")
300+
DISALLOW = request_setting_POST.get("DISALLOW")
298301
if DISALLOW:
299302
for field in DISALLOW:
300303
if field in params:
301304
log.error("request '%s' disallow '%s'"%(tag,field))
302305
return json({"code":400,"msg":"request '%s' disallow '%s'"%(tag,field)})
303306

307+
NECESSARY = request_setting_POST.get("NECESSARY")
308+
if NECESSARY:
309+
for field in NECESSARY:
310+
if field not in params:
311+
log.error("request '%s' don't have necessary field '%s'"%(tag,field))
312+
return json({"code":400,"msg":"request '%s' don't have necessary field '%s'"%(tag,field)})
313+
304314
obj = model(**params)
305315
ret = obj.save()
306316
obj_dict = obj.to_dict(convert=False)
317+
secret_fields = model_setting.get("secret_fields")
318+
if secret_fields:
319+
for k in secret_fields:
320+
del obj_dict[k]
321+
307322
if ret:
308323
obj_dict["code"] = 200
309324
obj_dict["message"] = "success"
310325
else:
311326
obj_dict["code"] = 400
312327
obj_dict["message"] = "fail"
328+
self.rdict["code"] = 400
329+
self.rdict["message"] = "fail"
330+
331+
self.rdict[key] = obj_dict
332+
333+
def put(self):
334+
tag = self.request_data.get("@tag")
335+
for key in self.request_data:
336+
if key[0]!="@":
337+
rsp = self._put_one(key,tag)
338+
if rsp:
339+
return rsp
340+
else:
341+
#only accept one table
342+
return json(self.rdict)
343+
344+
return json(self.rdict)
345+
346+
def _put_one(self,key,tag):
347+
tag = tag or key
348+
modelname = key
349+
params = self.request_data[key]
350+
351+
try:
352+
model = getattr(models,modelname)
353+
model_setting = settings.APIJSON_MODELS.get(modelname,{})
354+
request_setting_tag = settings.APIJSON_REQUESTS.get(tag,{})
355+
user_id_field = model_setting.get("user_id_field")
356+
except ModelNotFound as e:
357+
log.error("try to find model '%s' but not found: '%s'"%(modelname,e))
358+
return json({"code":400,"msg":"model '%s' not found"%(modelname)})
359+
360+
request_setting_model = request_setting_tag.get(modelname,{})
361+
request_setting_PUT = request_setting_model.get("PUT",{})
362+
ADD = request_setting_PUT.get("ADD")
363+
permission_check_ok = False
364+
365+
try:
366+
id_ = params.get("id")
367+
if not id_:
368+
return json({"code":400,"msg":"id param needed"})
369+
id_ = int(id_)
370+
except ValueError as e:
371+
return json({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))})
372+
obj = model.get(id_)
313373

374+
if ADD:
375+
roles = ADD.get("roles")
376+
if roles:
377+
for r in roles:
378+
if r == "OWNER":
379+
if request.user:
380+
if user_id_field:
381+
if getattr(obj,user_id_field)!=request.user.id:
382+
permission_check_ok = True
383+
else:
384+
return json({"code":400,"msg":"need login user"})
385+
if not permission_check_ok:
386+
return json({"code":400,"msg":"no permission"})
387+
388+
if not obj:
389+
return json({"code":400,"msg":"cannot find record id '%s'"%(id_)})
390+
kwargs = {}
391+
for k in params:
392+
if k=="id":
393+
continue
394+
elif hasattr(obj,k):
395+
kwargs[k] = params[k]
396+
else:
397+
return json({"code":400,"msg":"'%s' don't have field '%s'"%(modelname,k)})
398+
obj.update(**kwargs)
399+
ret = obj.save()
400+
obj_dict = {"id":id_}
401+
if ret:
402+
obj_dict["code"] = 200
403+
obj_dict["message"] = "success"
404+
obj_dict["count"] = 1
405+
else:
406+
obj_dict["code"] = 400
407+
obj_dict["message"] = "fail"
408+
obj_dict["count"] = 0
409+
self.rdict["code"] = 400
410+
self.rdict["message"] = "fail"
314411
self.rdict[key] = obj_dict

0 commit comments

Comments
 (0)