128 lines
3.7 KiB
Python
128 lines
3.7 KiB
Python
'''Classes for calculating user permissions
|
|
|
|
Examples::
|
|
|
|
>>> req = Permission('foo') & Permission('bar')
|
|
>>> req.check(PermissionContainer(['foo', 'baz'], ['bar']))
|
|
True
|
|
|
|
>>> req = Permission('login')
|
|
>>> req.check(['login'])
|
|
True
|
|
|
|
>>> req = Permission('login') | Permission('admin')
|
|
>>> req.check(['none'])
|
|
False
|
|
'''
|
|
|
|
class PermissionContainer(object):
|
|
'''Container object for user and group permissions
|
|
|
|
:param list user_perms: List of permissions held by the user itself
|
|
:param list group_perms: List of permissions held by the groups to
|
|
which the user belongs
|
|
|
|
Iterating over :py:class:`PermissionContainer` objects results in
|
|
a flattened representation of all permissions.
|
|
'''
|
|
|
|
def __init__(self, user_perms=[], group_perms=[]):
|
|
self._user_perms = user_perms
|
|
self._group_perms = group_perms
|
|
|
|
def __iter__(self):
|
|
for perm in self._user_perms:
|
|
yield perm
|
|
for perm in self._group_perms:
|
|
yield perm
|
|
|
|
def __in__(self, perm):
|
|
return perm in self._user_perms or perm in self._group_perms
|
|
|
|
|
|
class BasePermission(object):
|
|
'''Base class for permissions and requirements
|
|
|
|
Complex permission requirements can be created using the bitwise
|
|
``and`` and ``or`` operators::
|
|
|
|
login_and_view = Permission('login') & Permission('view')
|
|
admin_or_root = Permission('admin') | Permission('root')
|
|
|
|
complex = Permission('login') & Permission('view') | Permission('admin')
|
|
'''
|
|
|
|
def __and__(self, other):
|
|
assert isinstance(other, BasePermission)
|
|
return PermissionRequirementAll(self, other)
|
|
|
|
def __or__(self, other):
|
|
assert isinstance(other, BasePermission)
|
|
return PermissionRequirementAny(self, other)
|
|
|
|
class Permission(BasePermission):
|
|
'''Simple permission implementation
|
|
|
|
:param str name: Name of the permission
|
|
|
|
Permissions must implement a ``check`` method that accepts an
|
|
iterable and returns ``True`` if the permission is present or
|
|
``False`` otherwise.
|
|
'''
|
|
|
|
def __init__(self, name):
|
|
self.name = name
|
|
|
|
def __unicode__(self):
|
|
if isinstance(self.name, unicode):
|
|
return self.name
|
|
else:
|
|
return self.name.decode('utf-8')
|
|
|
|
def __str__(self):
|
|
if isinstance(self.name, str):
|
|
return self.name
|
|
else:
|
|
return self.name.encode('utf-8')
|
|
|
|
def __eq__(self, other):
|
|
return self is other or str(self) == str(other)
|
|
|
|
def check(self, perms):
|
|
'''Check if the permission is held
|
|
|
|
This method can be overridden to provide more robust
|
|
support, but this implementation is simple::
|
|
|
|
return self in perms
|
|
'''
|
|
|
|
return self in perms
|
|
|
|
class PermissionRequirement(BasePermission):
|
|
'''Base class for complex permission requirements'''
|
|
|
|
def __init__(self, *requirements):
|
|
self.requirements = requirements
|
|
|
|
def __str__(self):
|
|
return unicode(self).encode('utf-8')
|
|
|
|
class PermissionRequirementAll(PermissionRequirement):
|
|
'''Complex permission requirement needing all given permissions'''
|
|
|
|
def check(self, perms):
|
|
for req in self.requirements:
|
|
if not req.check(perms):
|
|
return False
|
|
return True
|
|
|
|
class PermissionRequirementAny(PermissionRequirement):
|
|
'''Complex permission requirement needing any given permissions'''
|
|
|
|
def check(self, perms):
|
|
for req in self.requirements:
|
|
if req.check(perms):
|
|
return True
|
|
return False
|