some perms work

This commit is contained in:
Daniel Tsvetkov 2021-12-22 09:44:45 +01:00
parent 356348aa1d
commit 8c8fbc9ced

View File

@ -337,7 +337,7 @@ SENSITIVE_PREFIX = "__SENSITIVE__."
DEFAULT_PERMISSION_PERMISSIONS = ['get', 'add_user', 'add_role', 'remove_user', 'remove_role'] DEFAULT_PERMISSION_PERMISSIONS = ['get', 'add_user', 'add_role', 'remove_user', 'remove_role']
DEFAULT_MODEL_PERMISSIONS = ['get', 'list', 'search', 'create', 'update', 'delete'] DEFAULT_MODEL_PERMISSIONS = ['get', 'list', 'table', 'search', 'create', 'update', 'delete']
DEFAULT_COLUMN_PERMISSIONS = ['read', 'write'] DEFAULT_COLUMN_PERMISSIONS = ['read', 'write']
DEFAULT_SUBJECTS = [('0', 'public'), ('1', 'logged')] DEFAULT_SUBJECTS = [('0', 'public'), ('1', 'logged')]
@ -355,6 +355,7 @@ def generate_permissions():
subjects = DEFAULT_SUBJECTS + [('1', 'owner')] if is_ownable else DEFAULT_SUBJECTS subjects = DEFAULT_SUBJECTS + [('1', 'owner')] if is_ownable else DEFAULT_SUBJECTS
f.write("role,1,permission.update,models.{},,1\n".format(model)) f.write("role,1,permission.update,models.{},,1\n".format(model))
f.write("role,1,permission.remove_user_self,models.{},,1\n".format(model)) f.write("role,1,permission.remove_user_self,models.{},,1\n".format(model))
model_acls = model_view.definitions['acls']
for perm, subject in subjects: for perm, subject in subjects:
for permission in DEFAULT_PERMISSION_PERMISSIONS: for permission in DEFAULT_PERMISSION_PERMISSIONS:
f.write("{},,permission.{},models.{},,0\n".format(subject, permission, model)) f.write("{},,permission.{},models.{},,0\n".format(subject, permission, model))
@ -367,7 +368,9 @@ def generate_permissions():
else: else:
f.write("{},,permission.change_owner,models.{},,0\n".format(subject, model)) f.write("{},,permission.change_owner,models.{},,0\n".format(subject, model))
for permission in DEFAULT_MODEL_PERMISSIONS: for permission in DEFAULT_MODEL_PERMISSIONS:
f.write("{},,model.{},models.{},,{}\n".format(subject, permission, model, perm)) # TODO: TEST AND FIX THIS - VERY NAIVE RIGHT NOW!!!
this_perm = int(not model_acls.get(permission)['authn'])
f.write("{},,model.{},models.{},,{}\n".format(subject, permission, model, this_perm))
for column in model_view.definitions.get('columns'): for column in model_view.definitions.get('columns'):
column_name = column.get('name') column_name = column.get('name')
for permission in DEFAULT_COLUMN_PERMISSIONS: for permission in DEFAULT_COLUMN_PERMISSIONS: