wangwei/OA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新 APP/authorization.py

Browse Source
This commit is contained in:
wangwei 2024-10-14 15:38:41 +08:00
parent 342a6c4f99
commit e97b456c4d
1 changed files with 148 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
APP/authorization.py
View File

@ -1,16 +1,33 @@
from functools import wraps from functools import wraps
from flask import jsonify, request, current_app from flask import jsonify, request, current_app
from flask_jwt_extended import get_jwt_identity, verify_jwt_in_request from flask_jwt_extended import get_jwt_identity, verify_jwt_in_request
from app.models import User, Permission from app.models import User, Permission, Department, Role
from .extensions import db from .extensions import db
def department_and_role_required(department_name, role_names):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
verify_jwt_in_request()
current_user_id = get_jwt_identity()
user = User.query.get(current_user_id)
if not user:
return jsonify({"message": "User not found"}), 404
if user.primary_department and user.primary_department.name == department_name:
user_roles = [role.name for role in user.roles]
if any(role in user_roles for role in role_names):
return f(*args, **kwargs)
return jsonify({"message": "Permission denied"}), 403
return decorated_function
return decorator
class Authorization: class Authorization:
@staticmethod @staticmethod
def check_permission(required_permission): def check_permission(required_permission):
def decorator(f): def decorator(f):
@wraps(f) @wraps(f)
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
from .models import User # 在函数内部导入以避免循环导入
current_user_id = get_jwt_identity() current_user_id = get_jwt_identity()
user = User.query.get(current_user_id) user = User.query.get(current_user_id)
if not user: if not user:
@ -75,6 +92,42 @@ class Authorization:
return decorated_function return decorated_function
return decorator return decorator
@staticmethod
def department_required(department_name):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
verify_jwt_in_request()
current_user_id = get_jwt_identity()
user = User.query.get(current_user_id)
if not user:
return jsonify({"message": "User not found"}), 404
if user.primary_department and user.primary_department.name == department_name:
return f(*args, **kwargs)
return jsonify({"message": "Permission denied"}), 403
return decorated_function
return decorator
@staticmethod
def role_required(role_names):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
verify_jwt_in_request()
current_user_id = get_jwt_identity()
user = User.query.get(current_user_id)
if not user:
return jsonify({"message": "User not found"}), 404
user_roles = [role.name for role in user.roles]
if any(role in user_roles for role in role_names):
return f(*args, **kwargs)
return jsonify({"message": "Permission denied"}), 403
return decorated_function
return decorator
def init_permissions(): def init_permissions():
from .models import Permission # 在函数内部导入以避免循环导入 from .models import Permission # 在函数内部导入以避免循环导入
# 这个函数可以在应用启动时调用,用于初始化或更新权限 # 这个函数可以在应用启动时调用,用于初始化或更新权限