changes
This commit is contained in:
parent
40f98edd5b
commit
93cc224371
|
@ -6,7 +6,7 @@ from sqlalchemy.orm import Session
|
|||
from AppUser.Crud import RoleCrud
|
||||
from AppUser.Model import RoleModel
|
||||
from AppUser.Schemas import RoleSchema
|
||||
from Utils.AccessControl.AccessUtil import login_ac
|
||||
from Utils.AccessControl.AccessUtil import ac
|
||||
|
||||
from Utils.DataBase.SqlAlchemyUtils import get_db, engine
|
||||
|
||||
|
|
|
@ -1,68 +1,57 @@
|
|||
import re
|
||||
import os
|
||||
import casbin
|
||||
import requests
|
||||
import pandas as pd
|
||||
|
||||
from typing import Optional
|
||||
from fastapi import HTTPException, Header, Request
|
||||
|
||||
from Utils.Authentication.TokenUtil import decode_token
|
||||
from Utils.UniqueCoder.TimeSerialNumUtils import create_time_serial_num
|
||||
|
||||
|
||||
def get_user_info_from_token(token: str):
|
||||
def get_user_info(token: str):
|
||||
"""
|
||||
从token中解析用户信息
|
||||
"""
|
||||
user_info = decode_token(token).get("user_info")
|
||||
if not user_info:
|
||||
raise HTTPException(status_code=400, detail="Invalid Token")
|
||||
return user_info
|
||||
|
||||
|
||||
def match_req_url(regex: str, request: Request):
|
||||
req_url = request.url.__str__()
|
||||
m = re.search(regex, req_url)
|
||||
if not m:
|
||||
raise HTTPException(status_code=400, detail="Invalid Request")
|
||||
return m
|
||||
|
||||
|
||||
def get_rap_by_name(name):
|
||||
def get_role_access_policy(name):
|
||||
"""
|
||||
获取用户的访问权限
|
||||
"""
|
||||
url = "http://test.fecribd.com/api/user/role/role_access_policy/view?name={}"
|
||||
url = url.format(name)
|
||||
res = requests.post(url=url)
|
||||
return res.json()
|
||||
|
||||
|
||||
def ac(token: Optional[str] = Header(...)):
|
||||
get_user_info(token)
|
||||
return True
|
||||
|
||||
|
||||
def rbac(request: Request, token: Optional[str] = Header(...)):
|
||||
|
||||
user_info = get_user_info_from_token(token)
|
||||
sub = user_info.get("role")
|
||||
raps = get_rap_by_name(name=sub)
|
||||
req_url = request.url.__str__()
|
||||
# 获取用户角色
|
||||
user_info = get_user_info(token)
|
||||
role = user_info.get("role")
|
||||
|
||||
if sub == "管理员":
|
||||
# 管理员权限
|
||||
if role == "管理员":
|
||||
return True
|
||||
|
||||
# 获取角色权限
|
||||
raps = get_role_access_policy(name=role)
|
||||
|
||||
# 权限匹配成功
|
||||
for rap in raps:
|
||||
regex = rap.get("obj")
|
||||
m = re.search(regex, req_url)
|
||||
p_obj = rap.get("obj")
|
||||
r_obj = request.url.__str__()
|
||||
m = re.search(p_obj, r_obj)
|
||||
if m:
|
||||
df = pd.json_normalize(raps)
|
||||
policy_file = create_time_serial_num(prefix="policy", suffix="")
|
||||
df.to_csv(r".\Utils\AccessControl\{}.csv".format(policy_file), header=False, index=False)
|
||||
e = casbin.Enforcer(
|
||||
os.getcwd() + r"\Utils\AccessControl\model.conf",
|
||||
os.getcwd() + r"\Utils\AccessControl\{}.csv".format(policy_file)
|
||||
)
|
||||
os.remove(r".\Utils\AccessControl\{}.csv".format(policy_file))
|
||||
obj = rap.get("obj")
|
||||
act = rap.get("act")
|
||||
if not e.enforce(sub, obj, act):
|
||||
raise HTTPException(status_code=202, detail="No Access")
|
||||
return True
|
||||
raise HTTPException(status_code=400, detail="Invalid Request")
|
||||
|
||||
|
||||
def login_ac(request: Request, token: Optional[str] = Header(...)):
|
||||
get_user_info_from_token(token)
|
||||
return True
|
||||
# 权限匹配失败
|
||||
raise HTTPException(status_code=400, detail="No Access")
|
||||
|
|
Loading…
Reference in New Issue