changes

2022-11-08 14:01:11 +08:00 · 2022-11-08 14:01:11 +08:00 · 807b2b2056
parent b0b8d08aad
commit 807b2b2056
1 changed files with 30 additions and 43 deletions
--- a/Utils/AccessControl/AccessUtil.py
+++ b/Utils/AccessControl/AccessUtil.py
@ -1,71 +1,58 @@
 import re
-import os
-import casbin
 import requests
-import pandas as pd

 from typing import Optional
 from fastapi import HTTPException, Header, Request

 from Utils.Authentication.TokenUtil import decode_token
-from Utils.UniqueCoder.TimeSerialNumUtils import create_time_serial_num


-def get_user_info_from_token(token: str):
+def get_user_info(token: str):
+    """
+    从token中解析用户信息
+    """
    user_info = decode_token(token).get("user_info")
    if not user_info:
        raise HTTPException(status_code=400, detail="Invalid Token")
    return user_info


-def match_req_url(regex: str, request: Request):
-    req_url = request.url.__str__()
-    m = re.search(regex, req_url)
-    if not m:
-        raise HTTPException(status_code=400, detail="Invalid Request")
-    return m
-
-
-def get_rap_by_name(name):
-    url = "http://127.0.0.1:8000/api/user/role/role_access_policy/view?name={}"
+def get_role_access_policy(name: str, token: str):
+    """
+    获取用户的访问权限
+    """
+    url = "http://test.fecribd.com/api/user/role/role_access_policy/view?name={}"
    url = url.format(name)
-    res = requests.post(url=url)
+    headers = {"token": token}
+    res = requests.post(url=url, headers=headers)
    return res.json()


+def ac(token: Optional[str] = Header(...)):
+    get_user_info(token)
+    return True
+
+
 def rbac(request: Request, token: Optional[str] = Header(...)):

-    user_info = get_user_info_from_token(token)
+    # 获取用户角色
+    user_info = get_user_info(token)
+    role = user_info.get("role")

-    sub = user_info.get("role")
+    # 管理员权限
+    if role == "管理员":
+        return True

-    raps = get_rap_by_name(name=sub)
-
-    req_url = request.url.__str__()
+    # 获取角色权限
+    raps = get_role_access_policy(name=role, token=token)

+    # 权限匹配成功
    for rap in raps:
-
-        regex = rap.get("obj")
-        m = re.search(regex, req_url)
-
+        p_obj = rap.get("obj")
+        r_obj = request.url.__str__()
+        m = re.search(p_obj, r_obj)
        if m:
-            df = pd.json_normalize(raps)
-            policy_file = create_time_serial_num(prefix="policy", suffix="")
-            df.to_csv(r".\Utils\AccessControl\{}.csv".format(policy_file), header=False, index=False)
-
-            e = casbin.Enforcer(
-                os.getcwd() + r"\Utils\AccessControl\model.conf",
-                os.getcwd() + r"\Utils\AccessControl\{}.csv".format(policy_file)
-            )
-
-            os.remove(r".\Utils\AccessControl\{}.csv".format(policy_file))
-
-            obj = rap.get("obj")
-            act = rap.get("act")
-
-            if not e.enforce(sub, obj, act):
-                raise HTTPException(status_code=202, detail="No Access")
-
            return True

-    raise HTTPException(status_code=400, detail="Invalid Request")
+    # 权限匹配失败
+    raise HTTPException(status_code=400, detail="No Access")