diff --git a/demo/apps/apijson_demo/dbinit.py b/demo/apps/apijson_demo/dbinit.py
index b235176..4fdcb5f 100644
--- a/demo/apps/apijson_demo/dbinit.py
+++ b/demo/apps/apijson_demo/dbinit.py
@@ -75,6 +75,11 @@
"date" : "2018-11-6",
"content" : "test moment from c",
},
+ {
+ "username" : "admin",
+ "date" : "2018-11-7",
+ "content" : "test moment from admin",
+ },
]
comment_list = [
@@ -99,6 +104,13 @@
"date" : "2018-12-9",
"content" : "comment hoho",
},
+ {
+ "username" : "admin",
+ "to_username" : "usera",
+ "moment_id" : 4,
+ "date" : "2018-12-10",
+ "content" : "comment kaka",
+ },
]
for d in user_list:
diff --git a/demo/apps/settings.ini b/demo/apps/settings.ini
index bd4ea4f..8a4d3c9 100644
--- a/demo/apps/settings.ini
+++ b/demo/apps/settings.ini
@@ -17,6 +17,7 @@ INSTALLED_APPS = [
'uliweb_comui',
'uliweb_comapps.auth.login',
'uliweb_comapps.auth.user_admin',
+ 'uliweb_comapps.auth.rbac_admin',
'uliweb_apijson.apijson',
'apijson_demo',
'tables',
diff --git a/demo/apps/tables/config.ini b/demo/apps/tables/config.ini
new file mode 100644
index 0000000..f5dbe0e
--- /dev/null
+++ b/demo/apps/tables/config.ini
@@ -0,0 +1,4 @@
+[DEPENDS]
+REQUIRED_APPS = [
+ 'uliweb_apijson.tables',
+]
diff --git a/demo/apps/tables/settings.ini b/demo/apps/tables/settings.ini
index 4712b17..98ddebc 100644
--- a/demo/apps/tables/settings.ini
+++ b/demo/apps/tables/settings.ini
@@ -1,7 +1,11 @@
[APIJSON_TABLES]
-user = {
- "editable" : "auto",
-}
+user = {"model_name":"user", "tableui_name":"users"}
+role = {"model_name":"role", "tableui_name":"roles", "role":"ADMIN"}
+permission = {"model_name":"permission", "tableui_name":"permissions", "role":"ADMIN"}
+moment = {"role":"OWNER"}
+comment = {"role":"OWNER"}
+
+[APIJSON_TABLE_UI]
moment = {
"editable" : "auto",
"table_fields" : [
@@ -20,7 +24,6 @@ moment = {
{"title":"Content","key":"content","type":"textarea"},
],
}
-
comment = {
"editable" : "auto",
"table_fields" : [
diff --git a/demo/apps/tables/templates/Tables/list.html b/demo/apps/tables/templates/Tables/list.html
deleted file mode 100644
index f6dc9c2..0000000
--- a/demo/apps/tables/templates/Tables/list.html
+++ /dev/null
@@ -1,37 +0,0 @@
-{{extend "Tables/layout.html"}}
-
-{{block title}}uliweb-apijson demo: tables{{end title}}
-
-{{block content_wrapper}}
-{{include "vue/inc_apijson_table.html"}}
-
-
- {{if role!="ADMIN":}}
-
You should
login with user
admin to view all the tables
- {{pass #if}}
-
-
Add
-
+
@@ -47,15 +45,12 @@
- Confirm to delete #{delete_params.row&&delete_params.row.id} in table '{model_name}'?
+ Confirm to delete #{delete_params.row&&delete_params.row.id} in table '{table.model_name}'?
`,
data: function(){
var thisp = this
return {
- l_request_tag: null,
- role: "{{=role or ''}}",
-
loading: false,
modal_view: false,
viewedit_items: [],
@@ -105,7 +100,7 @@
if (thisp.config_editable) {
buttons.push(delete_button)
}
- return h('div', buttons);
+ return h('div', buttons)
}
}
},
@@ -126,7 +121,7 @@
},
tcolumns_init: false,
tlist:[],
- query_count: thisp.config ? (thisp.config.default_page_size || 10) : 10,
+ query_count: thisp.table.tableui ? (thisp.table.tableui.default_page_size || 10) : 10,
current_page: 1,
total: 0,
sort_key: "id",
@@ -181,10 +176,10 @@
var model_params = {
"@order":thisp.sort_key+thisp.sort_order
}
- if (thisp.role!="") {
- model_params["@role"] = thisp.role
+ if (thisp.table.role!=null && thisp.table.role!="") {
+ model_params["@role"] = thisp.table.role
}
- arr_params[thisp.model_name] = model_params
+ arr_params[thisp.table.model_name] = model_params
var params = {
"[]":arr_params,
"total@":"/[]/total"
@@ -201,7 +196,9 @@
if (data.code==200) {
var arr = data["[]"]
for (var i=0;i
@@ -25,8 +25,6 @@
`,
data: function(){
return {
- l_request_tag: null,
- role: "{{=role or ''}}",
loading: false,
row: {},
row_saved: {},
@@ -43,10 +41,11 @@
var model_params = {
"id":this.id
}
- if (this.role!='') {
- model_params["@role"] = this.role
+ var role = this.table.role
+ if (role!=null && role!='') {
+ model_params["@role"] = role
}
- params[this.model_name] = model_params
+ params[this.table.model_name] = model_params
var thisp = this
$.ajax({
type: "POST",
@@ -56,7 +55,7 @@
success: function (data) {
thisp.loading = false
if (data.code==200) {
- thisp.row = data[thisp.model_name]
+ thisp.row = data[thisp.table.model_name]
thisp.row_saved = thisp.row
thisp.viewedit_items = []
if (thisp.config_viewedit_fields!=null) {
@@ -70,7 +69,7 @@
}
else {
thisp.$Notice.error({
- title: 'error when get table '+thisp.table_name,
+ title: 'error when get table '+thisp.tableui_name,
desc: data.msg
})
}
@@ -84,7 +83,7 @@
},
save: function(){
var params = {
- "@tag": this.l_request_tag
+ "@tag": this.table.request_tag
}
var record_params = {}
//only save modified fields
@@ -95,10 +94,11 @@
this.row[d.key] = d.value
}
}
- if (this.role!='') {
- record_params["@role"] = this.role
+ var role = this.table.role
+ if (role!=null && role!='') {
+ record_params["@role"] = role
}
- params[this.l_request_tag] = record_params
+ params[this.table.request_tag] = record_params
params = this.ajax_hook("apijson_put","update",params)
var thisp = this
$.ajax({
@@ -110,15 +110,22 @@
if (data.code==200){
thisp.row_saved = thisp.row
thisp.$Notice.success({
- title: 'success update #'+thisp.row.id+' in table '+thisp.model_name,
+ title: 'success update #'+thisp.row.id+' in table '+thisp.table.model_name,
desc: data.msg
})
+ if(thisp.hook_ajax_post_result){
+ thisp.hook_ajax_post_result(true, params, thisp.row_saved)
+ }
}
else {
thisp.$Notice.error({
- title: 'error when update #'+thisp.row.id+' in table '+thisp.model_name,
+ title: 'error when update #'+thisp.row.id+' in table '+thisp.table.model_name,
desc: data.msg
})
+ if(thisp.hook_ajax_post_result){
+ thisp.hook_ajax_post_result(false, params, thisp.row_saved)
+ }
+
}
}
})
@@ -137,20 +144,14 @@
}
},
mounted: function(){
- if (this.request_tag==null) {
- this.l_request_tag = this.model_name
- }
- else {
- this.l_request_tag = this.request_tag
- }
//if not do this, the first notice will hide behind the navigation bar in uliweb apps
this.$Notice.config({top: 100,duration: 8});
if (this.hook_init!=null) {
this.hook_init(this)
}
- if (this.config!=null){
- this.config_editable = this.config.editable || false
- this.config_viewedit_fields = this.config.viewedit_fields || null
+ if (this.table.tableui!=null){
+ this.config_editable = this.table.tableui.editable || false
+ this.config_viewedit_fields = this.table.tableui.viewedit_fields || null
}
this.init_viewedit()
}
diff --git a/uliweb_apijson/apijson/views.py b/uliweb_apijson/apijson/views.py
index 5dc8a7e..e10b944 100644
--- a/uliweb_apijson/apijson/views.py
+++ b/uliweb_apijson/apijson/views.py
@@ -111,26 +111,39 @@ def _get_one(self,key):
if not GET:
return json({"code":400,"msg":"'%s' not accessible"%(model_name)})
+ user = getattr(request,"user", None)
roles = GET.get("roles")
permission_check_ok = False
- if not params_role:
- if hasattr(request,"user") and request.user:
- params_role = "LOGIN"
+ if roles:
+ if not params_role:
+ params_role = "LOGIN" if user else "UNKNOWN"
+ elif params_role != "UNKNOWN":
+ if not user:
+ return json({"code":400,"msg":"no login user for role '%s'"%(params_role)})
+ if params_role not in roles:
+ return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(model_name,params_role)})
+ if params_role == "UNKNOWN":
+ permission_check_ok = True
+ elif functions.has_role(user,params_role):
+ permission_check_ok = True
else:
- params_role = "UNKNOWN"
- elif params_role != "UNKNOWN":
- if not (hasattr(request,"user") and request.user):
- return json({"code":400,"msg":"no login user for role '%s'"%(params_role)})
- if params_role not in roles:
- return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(model_name,params_role)})
- if params_role == "UNKNOWN":
- permission_check_ok = True
- elif functions.has_role(request.user,params_role):
- permission_check_ok = True
- else:
- return json({"code":400,"msg":"user doesn't has role '%s'"%(params_role)})
+ return json({"code":400,"msg":"user doesn't has role '%s'"%(params_role)})
if not permission_check_ok:
- return json({"code":400,"msg":"no permission"})
+ perms = GET.get("permissions")
+ if perms:
+ if params_role:
+ role, msg = functions.has_permission_as_role(user, params_role, *perms)
+ if role:
+ permission_check_ok = True
+ else:
+ role = functions.has_permission(user, *perms)
+ if role:
+ role_name = getattr(role, "name")
+ if role_name:
+ permission_check_ok = True
+ params_role = role_name
+ if not permission_check_ok:
+ return json({"code":400,"msg":"no permission to access the data"})
if params_role=="OWNER":
owner_filtered,q = self._filter_owner(model,model_setting,q)
@@ -364,25 +377,35 @@ def _head(self,key):
roles = HEAD.get("roles")
permission_check_ok = False
- if not params_role:
- if hasattr(request,"user") and request.user:
- params_role = "LOGIN"
+ user = getattr(request, "user", None)
+ if roles:
+ if not params_role:
+ params_role = "LOGIN" if user else "UNKNOWN"
+ if params_role not in roles:
+ return json({"code":400,"msg":"role '%s' not have permission HEAD for '%s'"%(params_role,model_name)})
+ if functions.has_role(user, params_role):
+ permission_check_ok = True
else:
- params_role = "UNKNOWN"
- if params_role not in roles:
- return json({"code":400,"msg":"role '%s' not have permission HEAD for '%s'"%(params_role,model_name)})
- if params_role == "UNKNOWN":
- permission_check_ok = True
- elif not (hasattr(request,"user") and request.user):
- return json({"code":400,"msg":"no login user for role '%s'"%(params_role)})
- elif functions.has_role(request.user,params_role):
- permission_check_ok = True
+ return json({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})
else:
- return json({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})
+ perms = HEAD.get("permissions")
+ if perms:
+ if params_role:
+ role, msg = functions.has_permission_as_role(user, params_role, *perms)
+ if role:
+ permission_check_ok = True
+ else:
+ role = functions.has_permission(user, *perms)
+ if role:
+ role_name = getattr(role, "name")
+ if role_name:
+ permission_check_ok = True
+ params_role = role_name
+
#current implementation won't run here, but keep for safe
if not permission_check_ok:
return json({"code":400,"msg":"no permission"})
-
+
if params_role=="OWNER":
owner_filtered,q = self._filter_owner(model,model_setting,q)
if not owner_filtered:
@@ -394,7 +417,7 @@ def _head(self,key):
param = params[n]
if not hasattr(model.c,n):
return json({"code":400,"msg":"'%s' don't have field '%s'"%(model_name,n)})
- q = model.filter(getattr(model.c,n)==param)
+ q = q.filter(getattr(model.c,n)==param)
rdict = {
"code":200,
"msg":"success",
@@ -695,33 +718,23 @@ def _delete_one(self,key,tag):
return json({"code":400,"msg":"cannot find record id = '%s'"%(id_)})
permission_check_ok = False
+ msg = "'%s' not accessible by user"%(model_name)
DELETE = model_setting.get("DELETE")
if DELETE:
roles = DELETE.get("roles")
- if params_role:
- if not params_role in roles:
- return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(model_name,params_role)})
- roles = [params_role]
if roles:
- for role in roles:
- if role == "OWNER":
- if hasattr(request,"user") and request.user:
- if user_id_field:
- if obj.to_dict().get(user_id_field)==request.user.id:
- permission_check_ok = True
- break
- else:
- return json({"code":400,"msg":"need login user"})
- elif role == "UNKNOWN":
+ has, msg = functions.has_obj_role(getattr(request,"user",None), obj, user_id_field, params_role, *roles)
+ if has:
+ permission_check_ok = True
+ if not permission_check_ok:
+ perms = DELETE.get("permissions")
+ if perms:
+ has, msg = functions.has_obj_permission(getattr(request,"user",None), obj, user_id_field, *perms)
+ if has:
permission_check_ok = True
- break
- else:
- if functions.has_role(request.user,role):
- permission_check_ok = True
- break
if not permission_check_ok:
- return json({"code":400,"msg":"no permission"})
+ return json({"code":400,"msg":msg})
try:
obj.delete()
diff --git a/uliweb_apijson/tables/README.md b/uliweb_apijson/tables/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/uliweb_apijson/tables/__init__.py b/uliweb_apijson/tables/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/uliweb_apijson/tables/settings.ini b/uliweb_apijson/tables/settings.ini
new file mode 100644
index 0000000..e69de29
diff --git a/demo/apps/tables/static/readme.txt b/uliweb_apijson/tables/static/readme.txt
similarity index 100%
rename from demo/apps/tables/static/readme.txt
rename to uliweb_apijson/tables/static/readme.txt
diff --git a/uliweb_apijson/tables/templates/Tables/inc/table_config.html b/uliweb_apijson/tables/templates/Tables/inc/table_config.html
new file mode 100644
index 0000000..1eb0526
--- /dev/null
+++ b/uliweb_apijson/tables/templates/Tables/inc/table_config.html
@@ -0,0 +1,94 @@
+
diff --git a/demo/apps/tables/templates/Tables/layout.html b/uliweb_apijson/tables/templates/Tables/layout.html
similarity index 100%
rename from demo/apps/tables/templates/Tables/layout.html
rename to uliweb_apijson/tables/templates/Tables/layout.html
diff --git a/uliweb_apijson/tables/templates/Tables/list.html b/uliweb_apijson/tables/templates/Tables/list.html
new file mode 100644
index 0000000..fa9fc65
--- /dev/null
+++ b/uliweb_apijson/tables/templates/Tables/list.html
@@ -0,0 +1,54 @@
+{{extend "Tables/layout.html"}}
+
+{{block title}}uliweb-apijson: tables{{end title}}
+
+{{block other_use}}
+{{include "vue/inc_apijson_table.html"}}
+{{include "Tables/inc/table_config.html"}}
+{{end other_use}}
+
+{{block content_wrapper}}
+
+
+ {{if role!="ADMIN":}}
+
You should
login with user
admin to view all the tables
+ {{pass #if}}
+
+