diff options
Diffstat (limited to 'src/py/tojauth.py')
| -rw-r--r-- | src/py/tojauth.py | 126 |
1 files changed, 74 insertions, 52 deletions
diff --git a/src/py/tojauth.py b/src/py/tojauth.py index 11877ff..701095b 100644 --- a/src/py/tojauth.py +++ b/src/py/tojauth.py @@ -10,9 +10,16 @@ class TOJAuth(Auth): ACCESS_SETPER = 0x10 ACCESS_EXECUTE = 0x20 + ROLETYPE_USER = 1 + ROLETYPE_3RD = 2 + ROLETYPE_MOD = 3 + ROLETYPE_TOJ = 4 + ROLETYPE_GROUP = 5 + ROLETYPE_GUEST = 6 + auth_accessid = 1 - def __init__(self,pubkey,privkey = None): + def __init__(self, pubkey, privkey = None): super().__init__() self.set_verifykey(pubkey) @@ -20,18 +27,21 @@ class TOJAuth(Auth): self.set_signkey(privkey) TOJAuth.instance = self - TOJAuth.db = AsyncDB(config.CORE_DBNAME,config.CORE_DBUSER, + TOJAuth.db = AsyncDB(config.CORE_DBNAME, config.CORE_DBUSER, config.CORE_DBPASSWORD) - def create_iden(self,linkclass,linkid,idenid): - iden = { - 'linkclass':linkclass, - 'linkid':linkid, - 'idenid':idenid - } + def create_iden(self, linkclass, linkid, idenid, roletype, payload = {}): + iden = payload + iden.update({ + 'linkclass' : linkclass, + 'linkid' : linkid, + 'idenid' : idenid, + 'roletype' : roletype + }) + return self.sign_iden(iden) - def get_iden(self,conn_linkclass,conn_linkid,idendesc): + def get_iden(self, conn_linkclass, conn_linkid, idendesc): iden = super().get_iden(idendesc) if iden == None: return None @@ -41,46 +51,51 @@ class TOJAuth(Auth): return iden - def check_access(self, accessid, access_mask): + @staticmethod + def check_access(accessid, access_mask): def wrapper(f): - idenid = self.current_iden['idenid'] - ok = False - - cur = self.db.cursor() - - if not ok: - sqlstr = ('SELECT "owner_idenid" FROM "ACCESS" WHERE ' - '"accessid"=%s;') - sqlarr = (accessid, ) - cur.execute(sqlstr, sqlarr) - for data in cur: - owner_idenid = data[0] - if owner_idenid == idenid: - ok = True - - if not ok: - sqlstr = ('SELECT "ACCESS_ROLE"."permission" FROM "ACCESS_ROLE"' - ' INNER JOIN "IDEN_ROLE" ON "ACCESS_ROLE"."roleid" = ' - '"IDEN_ROLE"."roleid" WHERE "ACCESS_ROLE"."accessid"=%s' - ' AND "IDEN_ROLE"."idenid"=%s;') - sqlarr = (accessid, idenid) - cur.execute(sqlstr, sqlarr) - - for data in cur: - permission = data[0] - if (permission & access_mask) == access_mask: - ok = True - break - - if ok: - return f - else: - raise Exception('TOJAuth.check_access() : PERMISSION DENIED') + def wrapfunc(*args): + idenid = TOJAuth.get_current_iden()['idenid'] + ok = False + + cur = TOJAuth.instance.db.cursor() + + if not ok: + sqlstr = ('SELECT "owner_idenid" FROM "ACCESS" WHERE ' + '"accessid"=%s;') + sqlarr = (accessid, ) + cur.execute(sqlstr, sqlarr) + for data in cur: + owner_idenid = data[0] + if owner_idenid == idenid: + ok = True + + if not ok: + sqlstr = ('SELECT "ACCESS_ROLE"."permission" FROM "ACCESS_ROLE"' + ' INNER JOIN "IDEN_ROLE" ON "ACCESS_ROLE"."roleid" = ' + '"IDEN_ROLE"."roleid" WHERE "ACCESS_ROLE"."accessid"=%s' + ' AND "IDEN_ROLE"."idenid"=%s;') + sqlarr = (accessid, idenid) + cur.execute(sqlstr, sqlarr) + + for data in cur: + permission = data[0] + if (permission & access_mask) == access_mask: + ok = True + break + + if ok: + return f(*args); + else: + raise Exception('TOJAuth.check_access() : PERMISSION DENIED') + + return wrapfunc return wrapper def create_access(self, owner_idenid): - self.check_access(self.auth_accessid, self.ACCESS_EXECUTE)(0) + self.check_access( + self.auth_accessid, self.ACCESS_EXECUTE)(lambda x:x)(0) cur = self.db.cursor() sqlstr = ('INSERT INTO "ACCESS" ("owner_idenid") VALUES (%s) ' @@ -93,7 +108,7 @@ class TOJAuth(Auth): return accessid def set_access_list(self, accessid, roleid, permission): - self.check_access(accessid, self.ACCESS_SETPER)(0) + self.check_access(accessid, self.ACCESS_SETPER)(lambda x:x)(0) cur = self.db.cursor() table = 'ACCESS_ROLE' @@ -107,7 +122,7 @@ class TOJAuth(Auth): cur.upsert(table, cond, value) def del_access_list(self, accessid, roleid): - self.check_access(accessid, self.ACCESS_SETPER)(0) + self.check_access(accessid, self.ACCESS_SETPER)(lambda x:x)(0) cur = self.db.cursor() sqlstr = ('DELETE FROM "ACCESS_ROLE" WHERE "accessid"=%s ' @@ -116,19 +131,25 @@ class TOJAuth(Auth): cur.execute(sqlstr, sqlarr) def create_role(self, rolename, roletype): - self.check_access(self.auth_accessid, self.ACCESS_EXECUTE)(0) + self.check_access( + self.auth_accessid, self.ACCESS_EXECUTE)(lambda x:x)(0) cur = self.db.cursor() - sqlstr = ('INSERT INTO "ROLE" ("rolename") VALUES (%s)' + sqlstr = ('INSERT INTO "ROLE" ("rolename", "roletype") VALUES (%s, %s)' ' RETURNING "roleid";') - sqlarr = (rolename, ) + sqlarr = (rolename, roletype) cur.execute(sqlstr, sqlarr) for data in cur: roleid = data[0] + + if(roleid != None): + self.set_role_relation(roleid, roleid) + return roleid def set_role_relation(self, idenid, roleid): - self.check_access(self.auth_accessid, self.ACCESS_EXECUTE)(0) + self.check_access( + self.auth_accessid, self.ACCESS_EXECUTE)(lambda x:x)(0) cur = self.db.cursor() table = 'IDEN_ROLE' @@ -139,7 +160,8 @@ class TOJAuth(Auth): cur.upsert(table, cond) def del_role_relation(self, idenid, roleid): - self.check_access(self.auth_accessid, self.ACCESS_EXECUTE)(0) + self.check_access( + self.auth_accessid, self.ACCESS_EXECUTE)(lambda x:x)(0) cur = self.db.cursor() sqlstr = ('DELETE FROM "IDEN_ROLE" WHERE "idenid"=%s ' @@ -148,7 +170,7 @@ class TOJAuth(Auth): cur.execute(sqlstr, sqlarr) def set_owner(self, idenid, accessid): - self.check_access(accessid, self.ACCESS_SETPER)(0) + self.check_access(accessid, self.ACCESS_SETPER)(lambda x:x)(0) cur = self.db.cursor() sqlstr = ('UPDATE "ACCESS" SET "owner_idenid"=%s WHERE "accessid"=%s;') |