2025-04-15 12:37:38 +00:00
|
|
|
|
# coding=utf-8
|
|
|
|
|
|
"""
|
|
|
|
|
|
@project: MaxKB
|
|
|
|
|
|
@Author:虎虎
|
|
|
|
|
|
@file: authentication.py
|
|
|
|
|
|
@date:2025/4/15 20:12
|
|
|
|
|
|
@desc:
|
|
|
|
|
|
"""
|
|
|
|
|
|
from typing import List
|
|
|
|
|
|
|
|
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
|
|
|
|
|
|
|
|
from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants, \
|
2025-06-11 07:21:01 +00:00
|
|
|
|
Permission, Role
|
2025-04-15 12:37:38 +00:00
|
|
|
|
from common.exception.app_exception import AppUnauthorizedFailed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def exist_permissions_by_permission_constants(user_permission: List[PermissionConstants],
|
|
|
|
|
|
permission_list: List[PermissionConstants]):
|
|
|
|
|
|
"""
|
|
|
|
|
|
用户是否拥有 permission_list的权限
|
|
|
|
|
|
:param user_permission: 用户权限
|
|
|
|
|
|
:param permission_list: 需要的权限
|
|
|
|
|
|
:return: 是否拥有
|
|
|
|
|
|
"""
|
|
|
|
|
|
return any(list(map(lambda up: permission_list.__contains__(up), user_permission)))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def exist_role_by_role_constants(user_role: List[RoleConstants],
|
|
|
|
|
|
role_list: List[RoleConstants]):
|
|
|
|
|
|
"""
|
|
|
|
|
|
用户是否拥有这个角色
|
|
|
|
|
|
:param user_role: 用户角色
|
|
|
|
|
|
:param role_list: 需要拥有的角色
|
|
|
|
|
|
:return: 是否拥有
|
|
|
|
|
|
"""
|
2025-06-16 06:05:08 +00:00
|
|
|
|
return any([True for role in role_list if user_role.__contains__(role.value.__str__())])
|
2025-04-15 12:37:38 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def exist_permissions_by_view_permission(user_role: List[RoleConstants],
|
|
|
|
|
|
user_permission: List[PermissionConstants | object],
|
|
|
|
|
|
permission: ViewPermission, request, **kwargs):
|
|
|
|
|
|
"""
|
|
|
|
|
|
用户是否存在这些权限
|
|
|
|
|
|
:param request:
|
|
|
|
|
|
:param user_role: 用户角色
|
|
|
|
|
|
:param user_permission: 用户权限
|
|
|
|
|
|
:param permission: 所属权限
|
|
|
|
|
|
:return: 是否存在 True False
|
|
|
|
|
|
"""
|
2025-07-03 10:19:26 +00:00
|
|
|
|
|
2025-07-11 13:45:08 +00:00
|
|
|
|
role_list = [user_r(request, kwargs) if callable(user_r) else user_r for user_r in
|
|
|
|
|
|
permission.roleList]
|
2025-07-03 10:19:26 +00:00
|
|
|
|
role_ok = any(list(map(lambda up: role_list.__contains__(up),
|
2025-07-11 13:45:08 +00:00
|
|
|
|
user_role)))
|
2025-04-15 12:37:38 +00:00
|
|
|
|
permission_list = [user_p(request, kwargs) if callable(user_p) else user_p for user_p in
|
|
|
|
|
|
permission.permissionList
|
|
|
|
|
|
]
|
|
|
|
|
|
permission_ok = any(list(map(lambda up: permission_list.__contains__(up),
|
|
|
|
|
|
user_permission)))
|
|
|
|
|
|
return role_ok | permission_ok if permission.compare == CompareConstants.OR else role_ok & permission_ok
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def exist_permissions(user_role: List[RoleConstants], user_permission: List[PermissionConstants], permission, request,
|
|
|
|
|
|
**kwargs):
|
|
|
|
|
|
if isinstance(permission, ViewPermission):
|
|
|
|
|
|
return exist_permissions_by_view_permission(user_role, user_permission, permission, request, **kwargs)
|
|
|
|
|
|
if isinstance(permission, RoleConstants):
|
|
|
|
|
|
return exist_role_by_role_constants(user_role, [permission])
|
|
|
|
|
|
if isinstance(permission, PermissionConstants):
|
|
|
|
|
|
return exist_permissions_by_permission_constants(user_permission, [permission])
|
|
|
|
|
|
if isinstance(permission, Permission):
|
|
|
|
|
|
return user_permission.__contains__(permission)
|
2025-06-11 07:21:01 +00:00
|
|
|
|
if isinstance(permission, Role):
|
|
|
|
|
|
return user_role.__contains__(permission.__str__())
|
2025-04-15 12:37:38 +00:00
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def exist(user_role: List[RoleConstants], user_permission: List[PermissionConstants], permission, request, **kwargs):
|
|
|
|
|
|
if callable(permission):
|
|
|
|
|
|
p = permission(request, kwargs)
|
2025-07-11 13:45:08 +00:00
|
|
|
|
return exist_permissions(user_role, user_permission, p, request, **kwargs)
|
2025-04-15 12:37:38 +00:00
|
|
|
|
return exist_permissions(user_role, user_permission, permission, request, **kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-07-11 13:45:08 +00:00
|
|
|
|
def get_is_permissions(request, **kwargs):
|
|
|
|
|
|
def is_permissions(*permission, compare=CompareConstants.OR):
|
|
|
|
|
|
exit_list = list(
|
|
|
|
|
|
map(lambda p: exist(request.auth.role_list, request.auth.permission_list, p, request, **kwargs),
|
|
|
|
|
|
permission))
|
|
|
|
|
|
return any(exit_list) if compare == CompareConstants.OR else all(exit_list)
|
|
|
|
|
|
|
|
|
|
|
|
return is_permissions
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-04-15 12:37:38 +00:00
|
|
|
|
def has_permissions(*permission, compare=CompareConstants.OR):
|
|
|
|
|
|
"""
|
|
|
|
|
|
权限 role or permission
|
|
|
|
|
|
:param compare: 比较符号
|
|
|
|
|
|
:param permission: 如果是角色 role:roleId
|
|
|
|
|
|
:return: 权限装饰器函数,用于判断用户是否有权限访问当前接口
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
|
|
def inner(func):
|
|
|
|
|
|
def run(view, request, **kwargs):
|
|
|
|
|
|
exit_list = list(
|
2025-04-28 05:03:54 +00:00
|
|
|
|
map(lambda p: exist(request.auth.role_list, request.auth.permission_list, p, request, **kwargs),
|
2025-04-15 12:37:38 +00:00
|
|
|
|
permission))
|
|
|
|
|
|
# 判断是否有权限
|
|
|
|
|
|
if any(exit_list) if compare == CompareConstants.OR else all(exit_list):
|
|
|
|
|
|
return func(view, request, **kwargs)
|
|
|
|
|
|
raise AppUnauthorizedFailed(403, _('No permission to access'))
|
|
|
|
|
|
|
|
|
|
|
|
return run
|
|
|
|
|
|
|
|
|
|
|
|
return inner
|
