60 ví dụ mã Python được tìm thấy liên quan đến "kiểm tra quyền". Bạn có thể bỏ phiếu cho những cái bạn thích hoặc bỏ phiếu cho những cái bạn không thích và chuyển đến dự án gốc hoặc tệp nguồn bằng cách nhấp vào các liên kết phía trên mỗi ví dụ
def use_check_permission[]: common.logger.info["Sorry, we haven't completed the check for use_check_permission yet. Check for updates soon."] ''' From Android Lint: UseCheckPermission ------------------ Summary: Using the result of check permission calls Priority: 6 / 10 Severity: Warning Category: Security You normally want to use the result of checking a permission; these methods return whether the permission is held; they do not throw an error if the permission is not granted. Code which does not do anything with the return value probably meant to be calling the enforce methods instead, e.g. rather than Context#checkCallingPermission it should call Context#enforceCallingPermission. ''' return
def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator def check_permission[self, permissions, logical_operator]:
"""
This method determines whether the requested Permission[s] are
collectively granted authorization. The Permission[s] associated with
the subject are evaluated to determine whether authorization is implied
for each Permission requested. Results are collectively evaluated using
the logical operation provided: either ANY or ALL.
This method is similar to is_permitted_collective except that it raises
an AuthorizationException if collectively False else does not return any
value.
:param permission_s: a collection of 1..N permissions, all of the same type
:type permission_s: List of authz_abcs.Permission object[s] or String[s]
:param logical_operator: any or all
:type logical_operator: function [stdlib]
:raises AuthorizationException: if the user does not have sufficient
permission
"""
pass def check_contest_permission[func]:
def wrapper[*args, **kwargs]:
info = args[func.__code__.co_varnames.index['info']]
pk = info.variable_values.get['pk']
contest = get_object_or_None[Contest, pk=pk]
usr = info.context.user
if not contest:
raise GraphQLError['No such contest']
else:
privilege = usr.has_perm['contest.view_contest']
member = None
if usr.is_authenticated:
member = get_object_or_None[ContestTeamMember, user=usr, contest_team__contest=contest, confirmed=True]
if privilege or contest.is_public[] or [
usr.is_authenticated and member and member.contest_team.approved]:
return func[*args, **kwargs]
else:
return None
return wrapper ________số 8
def check_permission[request, permission, context=None]:
"""Checks permissions
Custom implementation replacing aiohttp-security one. This one
adds the requested permissions to the request so they can
be presented in the error handler.
Raises:
HTTPForbidden
"""
await check_authorized[request]
allowed = await permits[request, permission, context]
if not allowed:
request['permission_required'] = permission
raise web.HTTPForbidden[] def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 0def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 1def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 2def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 3def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 4def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 5def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 6def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 7def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 8def check_permission[permission_codename, request]:
"""Checks if the current user has `permission_codename`
permissions.
"""
if request.user.is_superuser:
return True
# `view` permissions are project-centric, and we must treat them
# differently
if permission_codename == "view":
path_obj = None
if hasattr[request, "translation_project"]:
path_obj = request.translation_project
elif hasattr[request, "project"]:
path_obj = request.project
if path_obj is None:
return True # Always allow to view language pages
return path_obj.is_accessible_by[request.user]
return [
"administrate" in request.permissions
or permission_codename in request.permissions
] 9def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 0def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 1def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 2def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 3def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 4def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 5def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 6def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 7def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 8def check_permission_equipment[self, user, ids]:
# Check permission group equipments
for row in ids:
id_network, network_type = self.get_id_and_net_type[row]
if network_type == self.NETWORK_TYPE_V4:
equips_from_ipv4 = Equipamento.objects.filter[
ipequipamento__ip__networkipv4=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv4:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
else:
equips_from_ipv6 = Equipamento.objects.filter[
ipv6equipament__ip__networkipv6=id_network, equipamentoambiente__is_router=1]
for equip in equips_from_ipv6:
# User permission
if not has_perm[user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION]:
self.log.error[
u'User does not have permission to perform the operation.']
return False
return True 9def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 0def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 1def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 2def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 3def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 4def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 5def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 6def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 7def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 8def check_single_permission[user, permission, obj=None]:
if user.is_superuser:
return True
if obj is not None and obj.id is not None:
ctype_id = ContentType.objects.get_for_model[obj].id
obj_id = obj.id
else:
ctype_id = None
obj_id = None
perm_id = get_permission_id_by_name[permission]
if perm_id is None:
return False
query = "SELECT op.id FROM {permission_owners} WHERE {filter_condition} LIMIT 1"
query = query.format[
permission_owners=get_permission_owners_query[],
filter_condition=_generate_filter_condition[
user.id, perm_id, ctype_id, obj_id
]
]
cursor = connection.cursor[]
cursor.execute[query]
return len[cursor.fetchall[]] > 0 9def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 0def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 1def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 2def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 3def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 4def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 5def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 6def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 7def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 8def close_ticket_permission_check[cls, ticket_id: int, username: str]->tuple:
"""
用户是否有强制关闭工单的权限
:param ticket_id:
:param username:
:return:
"""
# 强制关闭工单需要对应工作流的管理员或者超级管理员 或者处于初始状态的工单由创建人直接关闭
flag, result = ticket_base_service_ins.ticket_admin_permission_check[ticket_id, username]
if flag is False:
# 判断是否属于初始状态 且用户为工单创建人
flag, ticket_result = cls.get_ticket_by_id[ticket_id]
if flag is False:
return False, ticket_result
flag, start_state_result = workflow_state_service_ins.get_workflow_start_state[ticket_id]
if flag is False:
return False, start_state_result
if ticket_result.creator == username and ticket_result.state_id == start_state_result.id:
return True, "ticket's creator can close ticket in start state"
else:
return False, "just ticket's creator can close ticket in start state or workflow_admin can close ticket in any state"
else:
return True, "ticket's workflow admin casn close ticket in any state" 9def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 0def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 1def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 2def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 3def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 4def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 5def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 6def manage_permission_check[permission=None]:
"""
manage permission check decorator
:param permission:
:return:
"""
def decorator[func]:
@wraps[func]
def _deco[view_class, request, *args, **kwargs]:
username = request.user.username
if permission == 'admin':
flag, result = account_base_service_ins.admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
elif permission == 'workflow_admin':
flag, result = account_base_service_ins.workflow_admin_permission_check[username]
if flag is False:
return api_response[-1, 'has no permission:{}'.format[result], {}]
return func[view_class, request, *args, **kwargs]
return _deco
return decorator 7
777 có nghĩa là gì trong chmod?
Lệnh chmod -R 777 / làm cho mọi tệp trên hệ thống dưới / [root] có quyền rwxrwxrwx . Điều này tương đương với việc cho phép TẤT CẢ người dùng đọc/ghi/thực thi quyền. Nếu các thư mục khác như home, media, v.v. nằm dưới quyền root thì những thư mục đó cũng sẽ bị ảnh hưởng.
Lệnh nào kiểm tra quyền truy cập tệp?
Để xem quyền của tất cả các tệp trong một thư mục, hãy sử dụng lệnh ls với các tùy chọn -la . Thêm các tùy chọn khác như mong muốn; . Trong ví dụ đầu ra ở trên, ký tự đầu tiên trong mỗi dòng cho biết đối tượng được liệt kê là tệp hay thư mục.