| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244 |
- # -*- coding: utf-8 -*-
- # @Author : YY
- from functools import wraps
- from typing import Callable
- from flask_login import UserMixin
- from ruoyi_common.domain.entity import LoginUser
- from ruoyi_common.utils import security_util as SecurityUtil
- class PermissionService:
- """
- 菜单权限
- """
-
- # 所有权限标识
- ALL_PERMISSION = "*:*:*"
-
- # 管理员角色权限标识
- SUPER_ADMIN = "admin"
-
- ROLE_DELIMETER = ","
-
- PERMISSION_DELIMETER = ","
-
- @classmethod
- def has_perm(cls, permission:str) -> bool:
- """
- 验证用户是否具备某权限
-
- Args:
- permission (str): 权限标识
-
- Returns:
- bool: True:具备该权限,False:不具备该权限
- """
- if not permission:
- return False
- login_user:LoginUser = SecurityUtil.get_login_user()
- if not login_user:
- return False
- else:
- if not isinstance(login_user, UserMixin):
- return False
- user_authorities = login_user.permissions
- if not user_authorities: return False
- return cls.ALL_PERMISSION in user_authorities \
- or permission.strip() in user_authorities
-
- @classmethod
- def no_perm(cls, permission:str) -> bool:
- """
- 验证用户是否不具备某权限
-
- Args:
- permission (str): 权限标识
-
- Returns:
- bool: True:不具备该权限,False:具备该权限
- """
- return not cls.has_perm(permission)
-
- @classmethod
- def any_perm(cls, permissions:str) -> bool:
- """
- 验证用户是否具备某权限列表中的任意一个权限
-
- Args:
- permissions (str): 权限标识列表,多个权限标识以逗号分隔
-
- Returns:
- bool: True:具备任意一个权限,False:不具备任何一个权限
- """
- if not permissions: return False
- login_user:LoginUser = SecurityUtil.get_login_user()
- if not login_user:
- return False
- else:
- user_authorities = login_user.permissions
- if not user_authorities: return False
- for permission in permissions.split(cls.PERMISSION_DELIMETER):
- if permission.strip() in user_authorities:
- return True
- return False
-
- @classmethod
- def has_role(cls, role:str) -> bool:
- """
- 验证用户是否具备某角色
-
- Args:
- role (str): 角色标识
-
- Returns:
- bool: True:具备该权限,False:不具备该权限
- """
- if not role:
- return False
- login_user:LoginUser = SecurityUtil.get_login_user()
- if not login_user or not login_user.user.roles:
- return False
- for sys_role in login_user.user.roles:
- if sys_role.role_key == cls.SUPER_ADMIN \
- or sys_role.role_key == role.strip():
- return True
- return False
-
- @classmethod
- def no_role(cls, role:str) -> bool:
- """
- 验证用户是否不具备某角色
-
- Args:
- role (str): 角色标识
-
- Returns:
- bool: True:具备该权限,False:不具备该权限
- """
- return not cls.has_role(role)
-
- @classmethod
- def any_role(cls, roles:str) -> bool:
- """
- 验证用户是否具备某角色列表中的任意一个角色
-
- Args:
- roles (str): 角色标识列表,多个角色标识以逗号分隔
-
- Returns:
- bool: True:具备任意一个角色,False:不具备任何一个角色
- """
- if not roles: return False
- login_user:LoginUser = SecurityUtil.get_login_user()
- if not login_user or not login_user.user.roles:
- return False
- for role in roles.split(cls.ROLE_DELIMETER):
- for sys_role in login_user.user.roles:
- if sys_role.role_key == cls.SUPER_ADMIN \
- or sys_role.role_key == role.strip():
- return True
- return False
- class AuthorityCaller:
-
- def __init__(self, value:str) -> None:
- self._value = value
-
- def __call__(self) -> bool:
- NotImplementedError()
- def LoginRequired() -> bool:
- """
-
- 验证用户是否登录
-
- Returns:
- bool -- True:已登录,False:未登录
- """
- login_user:LoginUser = SecurityUtil.get_login_user()
- if not login_user:
- return False
- if not login_user.is_authenticated:
- return False
- return True
- class HasPerm(AuthorityCaller):
- """
-
- 验证用户是否具备某权限
-
- """
- def __call__(self) -> bool:
- return PermissionService.has_perm(self._value)
- class NoPerm(AuthorityCaller):
- """
-
- 验证用户是否不具备某权限
-
- """
- def __call__(self) -> bool:
- return PermissionService.no_perm(self._value)
- class AnyPerm(AuthorityCaller):
- """
-
- 验证用户是否具备某权限列表中的任意一个权限
-
- """
- def __call__(self) -> bool:
- return PermissionService.any_perm(self._value)
- class HasRole(AuthorityCaller):
- """
-
- 验证用户是否具备某角色
-
- """
- def __call__(self) -> bool:
- return PermissionService.has_role(self._value)
- class NoRole(AuthorityCaller):
- """
-
- 验证用户是否不具备某角色
-
- """
- def __call__(self) -> bool:
- return PermissionService.no_role(self._role)
- class AnyRole(AuthorityCaller):
- """
-
- 验证用户是否具备某角色列表中的任意一个角色
-
- """
- def __call__(self) -> bool:
- return PermissionService.any_role(self._role)
- class PreAuthorize:
-
- def __init__(self, auth:AuthorityCaller|Callable):
- self._auth = auth
-
- def __call__(self, func) -> Callable:
-
- @wraps(func)
- def wrapper(*args, **kwargs):
- if not callable(self._auth):
- raise Exception("权限验证器必须是可调用对象")
- if not self._auth():
- raise Exception("无访问权限")
- return func(*args, **kwargs)
- return wrapper
|
