57 lines
1.8 KiB
Python
57 lines
1.8 KiB
Python
from appPublic.log import info, debug, exception
|
|
from ahserver.auth_api import AuthAPI
|
|
from appPublic.jsonConfig import getConfig
|
|
from appPublic.registerfunction import getRegisterFunctionByName
|
|
from sqlor.dbpools import DBPools
|
|
|
|
class MyAuthAPI(AuthAPI):
|
|
async def checkUserPermission(self, request, user, path):
|
|
config = getConfig()
|
|
if user is None:
|
|
user = 'anonymous_user'
|
|
# print(f'kboss check permission {user} for {path}')
|
|
|
|
'''
|
|
sql = """select distinct a.path, d.id
|
|
from permission a
|
|
left join rolepermission b on a.id = b.permid
|
|
left join userrole c on c.roleid = b.roleid
|
|
left join users d on d.id = c.userid
|
|
where a.path = ${path}$
|
|
and a.del_flg = '0'
|
|
and (b.del_flg = '0' or b.del_flg is NULL)
|
|
and (c.del_flg = '0' or c.del_flg is NULL)
|
|
and (d.del_flg = '0' or d.del_flg is NULL)
|
|
and (d.user_status = '0' or d.user_status is NULL)
|
|
-- and (d.id = ${user}$ or d.username is Null)
|
|
"""
|
|
'''
|
|
sql = """select distinct a.*, c.userid from
|
|
(select id, path from permission where path=${path}$ and del_flg='0') a
|
|
right join
|
|
rolepermission b on a.id = b.permid
|
|
right join userrole c on b.roleid = c.roleid
|
|
where c.userid = ${user}$
|
|
and b.del_flg='0'
|
|
and c.del_flg='0'"""
|
|
|
|
db = DBPools()
|
|
dbname = config.authdb or 'kboss'
|
|
print(f'database name is {dbname}')
|
|
async with db.sqlorContext(dbname) as sor:
|
|
perms = await sor.R('permission', {'path':path})
|
|
if len(perms) == 0:
|
|
debug(f'{path=} not found in permission, can access')
|
|
return True
|
|
|
|
recs = await sor.sqlExe(sql, {'path':path, 'user':user})
|
|
for r in recs:
|
|
id = r['id']
|
|
if id is not None:
|
|
debug(f'{user=} can access {path=}')
|
|
return True
|
|
debug(f'{user=} has not permission to call {path=}, {recs=}')
|
|
return False
|
|
debug(f'error happened {user}, {path}')
|
|
return False
|