yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of git.opencomputing.cn:yumoqing/rbac

Browse Source
This commit is contained in:
yumoqing 2025-08-01 17:38:45 +08:00
commit 0166e1bd09
8 changed files with 20 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
json/organization.json
View File

@ -1,7 +1,4 @@
{ {
"models_dir": "${HOME}$/py/rbac/models",
"output_dir": "${HOME}$/py/sage/wwwroot/_a/organization",
"dbname": "sage",
"tblname": "organization", "tblname": "organization",
"title":"Organization", "title":"Organization",
"params": { "params": {

3
json/orgtypes.json
View File

@ -1,7 +1,4 @@
{ {
"models_dir": "${HOME}$/py/rbac/models",
"output_dir": "${HOME}$/py/sage/wwwroot/_a/orgtypes",
"dbname": "sage",
"tblname": "orgtypes", "tblname": "orgtypes",
"title":"Org. type", "title":"Org. type",
"params": { "params": {

3
json/role.json
View File

@ -1,7 +1,4 @@
{ {
"models_dir": "${HOME}$/py/rbac/models",
"output_dir": "${HOME}$/py/sage/wwwroot/_a/role",
"dbname": "sage",
"tblname": "role", "tblname": "role",
"title":"角色", "title":"角色",
"params": { "params": {

3
json/rolepermission.json
View File

@ -1,7 +1,4 @@
{ {
"models_dir": "${HOME}$/py/rbac/models",
"output_dir": "${HOME}$/py/sage/wwwroot/_a/rolepermission",
"dbname": "sage",
"tblname": "rolepermission", "tblname": "rolepermission",
"title":"用户", "title":"用户",
"params": { "params": {

3
json/userdepartment.json
View File

@ -1,7 +1,4 @@
{ {
"models_dir": "${HOME}$/py/rbac/models",
"output_dir": "${HOME}$/py/sage/wwwroot/_a/userdepartment",
"dbname": "sage",
"tblname": "userdepartment", "tblname": "userdepartment",
"title":"用户", "title":"用户",
"params": { "params": {

38
rbac/check_perm.py
View File

@ -17,7 +17,7 @@ async def get_user_roles(userid):
sql = "select concat(b.orgtypeid, '.', b.name) as name from userrole a, role b where a.userid=${userid}$ and a.roleid = b.id" sql = "select concat(b.orgtypeid, '.', b.name) as name from userrole a, role b where a.userid=${userid}$ and a.roleid = b.id"
db = DBPools() db = DBPools()
roles = [] roles = []
dbname = await get_dbname() dbname = get_dbname()
async with db.sqlorContext(dbname) as sor: async with db.sqlorContext(dbname) as sor:
recs = await sor.sqlExe(sql, {'userid':userid}) recs = await sor.sqlExe(sql, {'userid':userid})
if len(recs) < 1: if len(recs) < 1:
@ -57,7 +57,7 @@ async def create_user(sor, ns, roles=[]):
} }
] ]
for rt in roles: for rt in roles:
sql = "select * from role where orgtypeid = ${otid}$ and name in ${roles}$)" sql = "select * from role where orgtypeid = ${otid}$ and name in ${roles}$"
recs = await sor.sqlExe(sql, { recs = await sor.sqlExe(sql, {
'otid': rt['orgtypeid'], 'otid': rt['orgtypeid'],
'roles': rt['roles'] 'roles': rt['roles']
@ -82,14 +82,15 @@ async def register_user(sor, ns):
await create_user(sor, ns) await create_user(sor, ns)
return id return id
async def get_dbname(): def get_dbname():
rf = RegisterFunction() f = get_serverenv('get_module_dbname')
dbname = await rf.exe('get_module_dbname', 'rbac') if f is None:
return dbname return None
return f('rbac')
async def checkUserPassword(request, username, password): async def checkUserPassword(request, username, password):
db = DBPools() db = DBPools()
dbname = await get_dbname() dbname = get_dbname()
async with db.sqlorContext(dbname) as sor: async with db.sqlorContext(dbname) as sor:
sql = "select * from users where username=${username}$ and password=${password}$" sql = "select * from users where username=${username}$ and password=${password}$"
recs = await sor.sqlExe(sql, {'username':username, 'password':password}) recs = await sor.sqlExe(sql, {'username':username, 'password':password})
@ -101,7 +102,8 @@ async def checkUserPassword(request, username, password):
return True return True
return False return False
async def basic_auth(sor, auth): async def basic_auth(sor, request):
auth = request.headers.get('Authentication')
auther = BasicAuth('x') auther = BasicAuth('x')
m = auther.decode(auth) m = auther.decode(auth)
username = m.login username = m.login
@ -111,26 +113,17 @@ async def basic_auth(sor, auth):
if len(recs) < 1: if len(recs) < 1:
return None return None
await user_login(request, recs[0].id, await user_login(request, recs[0].id,
username=recs[0].username,
userorgid=recs[0].orgid)
return recs[0].id return recs[0].id
async def bearer_auth(sor, auth):
# apikey = get_apikey_from_token(auth[7:])
apikey = auth[7:]
if apikey is None:
return None
sql = "select * from userapp where apikey=${apikey}$ and expired_date > ${today}$"
recs = await sor.sqlExe(sql, {"apikey":apikey, 'today': curDateString()})
if len(recs) < 1:
return None
return recs[0].userid
async def getAuthenticationUserid(sor, request): async def getAuthenticationUserid(sor, request):
auth = request.headers.get('Authentication') auth = request.headers.get('Authentication')
if auth is None: if auth is None:
return None return None
for h,f in registered_auth_methods.items(): for h,f in registered_auth_methods.items():
if auth.startswith(h): if auth.startswith(h):
return await f(auth) return await f(sor, request)
return None return None
async def objcheckperm(obj, request, userid, path): async def objcheckperm(obj, request, userid, path):
@ -143,7 +136,7 @@ right join userrole c on b.roleid = c.roleid
where c.userid = ${userid}$ where c.userid = ${userid}$
""" """
dbname = await get_dbname() dbname = get_dbname()
db = DBPools() db = DBPools()
async with db.sqlorContext(dbname) as sor: async with db.sqlorContext(dbname) as sor:
if userid is None: if userid is None:
@ -168,8 +161,7 @@ where c.userid = ${userid}$
return False return False
registered_auth_methods = { registered_auth_methods = {
"Basic ": basic_auth, "Basic ": basic_auth
"Bearer ": bearer_auth
} }
def register_auth_method(heading, func): def register_auth_method(heading, func):

4
wwwroot/user/register.dspy
View File

@ -1,10 +1,12 @@
debug(f'{params_kw=}') debug(f'{params_kw=}')
db = DBPools() db = DBPools()
dbname = await rfexe('get_module_dbname', 'sage') dbname = get_module_dbname('rbac')
async with db.sqlorContext(dbname) as sor: async with db.sqlorContext(dbname) as sor:
orgid = await register_user(sor, params_kw) orgid = await register_user(sor, params_kw)
openCustomerAccounts = globals().get('openCustomerAccounts')
if get_owner_orgid and openCustomerAccounts: if get_owner_orgid and openCustomerAccounts:
ownerid = await get_owner_orgid(sor, orgid) ownerid = await get_owner_orgid(sor, orgid)
if openCustomerAccounts:
await openCustomerAccounts(sor, ownerid, orgid) await openCustomerAccounts(sor, ownerid, orgid)
return UiMessage(title="Success", message="register success") return UiMessage(title="Success", message="register success")
return UiError(title='Error', message="register failed") return UiError(title='Error', message="register failed")

2
wwwroot/user/up_login.dspy
View File

@ -7,7 +7,7 @@ ns = {
info(f'{ns=}') info(f'{ns=}')
db = DBPools() db = DBPools()
dbname = await rfexe('get_module_dbname', 'rbac') dbname = get_module_dbname('rbac')
async with db.sqlorContext(dbname) as sor: async with db.sqlorContext(dbname) as sor:
r = await sor.sqlExe('select * from users where username=${username}$ and password=${password}$', ns.copy()) r = await sor.sqlExe('select * from users where username=${username}$ and password=${password}$', ns.copy())
if len(r) == 0: if len(r) == 0: