@@ -44,45 +44,30 @@ def _get_one(self,key):
4444 model_column_set = None
4545 q = model .all ()
4646
47- GET = model_setting .get ("GET" ,{} )
47+ GET = model_setting .get ("GET" )
4848 if not GET :
49- return json ({"code" :401 ,"msg" :"'%s' not accessible" % (modelname )})
49+ return json ({"code" :400 ,"msg" :"'%s' not accessible" % (modelname )})
5050
5151 roles = GET .get ("roles" )
52- perms = GET .get ("perms" )
5352 permission_check_ok = False
54- user_role = None
55- if params_role :
56- if params_role not in roles :
57- return json ({"code" :401 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
58- if functions .has_role (request .user ,params_role ):
59- permission_check_ok = True
60- user_role = params_role
53+ if not params_role :
54+ if request .user :
55+ params_role = "LOGIN"
6156 else :
62- return json ({"code" :401 ,"msg" :"user doesn't have role '%s'" % (params_role )})
63- if not permission_check_ok and roles :
64- for role in roles :
65- if functions .has_role (request .user ,role ):
66- permission_check_ok = True
67- user_role = role
68- break
69-
70- if not permission_check_ok and perms :
71- for perm in perms :
72- if functions .has_permission (request .user ,perm ):
73- permission_check_ok = True
74- break
75-
57+ params_role = "UNKNOWN"
58+ if params_role not in roles :
59+ return json ({"code" :400 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
60+ if functions .has_role (request .user ,params_role ):
61+ permission_check_ok = True
62+ else :
63+ return json ({"code" :400 ,"msg" :"user doesn't have role '%s'" % (params_role )})
7664 if not permission_check_ok :
77- return json ({"code" :401 ,"msg" :"no permission" })
78-
79- filtered = False
65+ return json ({"code" :400 ,"msg" :"no permission" })
8066
81- if user_role == "OWNER" :
67+ if params_role == "OWNER" :
8268 owner_filtered ,q = self ._filter_owner (model ,model_setting ,q )
8369 if not owner_filtered :
84- return json ({"code" :401 ,"msg" :"'%s' cannot filter with owner" % (modelname )})
85- filtered = True
70+ return json ({"code" :400 ,"msg" :"'%s' cannot filter with owner" % (modelname )})
8671
8772 params = self .request_data [key ]
8873 if isinstance (params ,dict ):
@@ -92,12 +77,8 @@ def _get_one(self,key):
9277 model_column_set = set (params [n ].split ("," ))
9378 elif hasattr (model ,n ):
9479 q = q .filter (getattr (model .c ,n )== params [n ])
95- filtered = True
9680 else :
9781 return json ({"code" :400 ,"msg" :"'%s' have no attribute '%s'" % (modelname ,n )})
98- #default filter is trying to filter with owner
99- if not filtered and request .user :
100- owner_filtered ,q = self ._filter_owner (model ,model_setting ,q )
10182 o = q .one ()
10283 if o :
10384 o = o .to_dict ()
@@ -166,45 +147,32 @@ def _get_array(self,key):
166147
167148 q = model .all ()
168149
169- #rbac check begin
170- GET = model_setting .get ("GET" ,{})
150+ GET = model_setting .get ("GET" )
171151 if not GET :
172- return json ({"code" :401 ,"msg" :"'%s' not accessible by apijson" % (modelname )})
152+ return json ({"code" :400 ,"msg" :"'%s' not accessible by apijson" % (modelname )})
173153
174154 roles = GET .get ("roles" )
175- perms = GET .get ("perms" )
176- params_role = params .get ("@role" )
155+ params_role = model_param .get ("@role" )
177156 permission_check_ok = False
178- user_role = None
179- if params_role :
180- if params_role not in roles :
181- return json ({"code" :401 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
182- if functions .has_role (request .user ,params_role ):
183- permission_check_ok = True
184- user_role = params_role
157+ if not params_role :
158+ if request .user :
159+ params_role = "LOGIN"
185160 else :
186- return json ({"code" :401 ,"msg" :"user doesn't have role '%s'" % (params_role )})
187- if not permission_check_ok and roles :
188- for role in roles :
189- if functions .has_role (request .user ,role ):
190- permission_check_ok = True
191- user_role = role
192- break
193-
194- if not permission_check_ok and perms :
195- for perm in perms :
196- if functions .has_permission (request .user ,perm ):
197- permission_check_ok = True
198- break
161+ params_role = "UNKNOWN"
162+ if params_role not in roles :
163+ return json ({"code" :400 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
164+ if functions .has_role (request .user ,params_role ):
165+ permission_check_ok = True
166+ else :
167+ return json ({"code" :400 ,"msg" :"user doesn't have role '%s'" % (params_role )})
199168
200169 if not permission_check_ok :
201- return json ({"code" :401 ,"msg" :"no permission" })
202- #rbac check end
170+ return json ({"code" :400 ,"msg" :"no permission" })
203171
204- if user_role == "OWNER" :
172+ if params_role == "OWNER" :
205173 owner_filtered ,q = self ._filter_owner (model ,model_setting ,q )
206174 if not owner_filtered :
207- return json ({"code" :401 ,"msg" :"'%s' cannot filter with owner" % (modelname )})
175+ return json ({"code" :400 ,"msg" :"'%s' cannot filter with owner" % (modelname )})
208176
209177 if query_count :
210178 if query_page :
@@ -271,9 +239,9 @@ def _head(self,key):
271239
272240 q = model .all ()
273241
274- HEAD = model_setting .get ("HEAD" ,{} )
242+ HEAD = model_setting .get ("HEAD" )
275243 if not HEAD :
276- return json ({"code" :401 ,"msg" :"'%s' not accessible" % (modelname )})
244+ return json ({"code" :400 ,"msg" :"'%s' not accessible" % (modelname )})
277245
278246 roles = HEAD .get ("roles" )
279247 permission_check_ok = False
@@ -283,11 +251,14 @@ def _head(self,key):
283251 else :
284252 params_role = "UNKNOWN"
285253 if params_role not in roles :
286- return json ({"code" :401 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
254+ return json ({"code" :400 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
287255 if functions .has_role (request .user ,params_role ):
288256 permission_check_ok = True
289257 else :
290- return json ({"code" :401 ,"msg" :"user doesn't have role '%s'" % (params_role )})
258+ return json ({"code" :400 ,"msg" :"user doesn't have role '%s'" % (params_role )})
259+ if not permission_check_ok :
260+ return json ({"code" :400 ,"msg" :"no permission" })
261+
291262 if params_role == "OWNER" :
292263 owner_filtered ,q = self ._filter_owner (model ,model_setting ,q )
293264 if not owner_filtered :
@@ -352,7 +323,7 @@ def _post_one(self,key,tag):
352323 roles = POST .get ("roles" )
353324 if params_role :
354325 if not params_role in roles :
355- return json ({"code" :401 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
326+ return json ({"code" :400 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
356327 roles = [params_role ]
357328
358329 if roles :
@@ -462,7 +433,7 @@ def _put_one(self,key,tag):
462433 roles = PUT .get ("roles" )
463434 if params_role :
464435 if not params_role in roles :
465- return json ({"code" :401 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
436+ return json ({"code" :400 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
466437 roles = [params_role ]
467438 if roles :
468439 for role in roles :
@@ -560,7 +531,7 @@ def _delete_one(self,key,tag):
560531 roles = DELETE .get ("roles" )
561532 if params_role :
562533 if not params_role in roles :
563- return json ({"code" :401 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
534+ return json ({"code" :400 ,"msg" :"'%s' not accessible by role '%s'" % (modelname ,params_role )})
564535 roles = [params_role ]
565536 if roles :
566537 for role in roles :
0 commit comments