for apijson get, support case when setting inAPIJSON_MODELS only define permissions no roles

zhangchunlin · zhangchunlin · commit b9dba5425277 · 2022-03-25T16:18:28.000+08:00
diff --git a/tests/demo/apps/apijson_demo/settings.ini b/tests/demo/apps/apijson_demo/settings.ini
@@ -47,6 +47,7 @@ comment = {
     "PUT" : { "roles" : ["OWNER","ADMIN"] },
     "DELETE" : { "roles" : ["OWNER","ADMIN"] },
 }
+# only define permissions, no roles
 comment2 = {
     "user_id_field" : "user_id",
     "GET" : { "permissions":["get_comment2"] },
diff --git a/tests/test.py b/tests/test.py
@@ -1764,6 +1764,17 @@ def test_apijson_permission():
     >>> print(d)
     {'code': 200, 'msg': 'success', 'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}
 
+    >>> #apijson get, query array
+    >>> data ='''{
+    ... "[]":{
+    ...         "comment2": {"@role":"ADMIN"}
+    ...     }
+    ... }'''
+    >>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("admin"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 200, 'msg': 'success', '[]': [{'comment2': {'user_id': 1, 'to_id': 3, 'moment_id': 1, 'date': '2018-11-01 00:00:00', 'content': 'comment from admin', 'id': 1}}, {'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}, {'comment2': {'user_id': 3, 'to_id': 2, 'moment_id': 2, 'date': '2018-12-02 00:00:00', 'content': 'comment from userb to usera', 'id': 3}}, {'comment2': {'user_id': 4, 'to_id': 2, 'moment_id': 3, 'date': '2018-12-09 00:00:00', 'content': 'comment from userc to usera', 'id': 4}}]}
+
     >>> #apijson head
     >>> data ='''{
     ...     "comment2": {
diff --git a/uliweb_apijson/apijson/__init__.py b/uliweb_apijson/apijson/__init__.py
@@ -88,23 +88,39 @@ def _check_GET_permission(self):
     
         roles = GET.get("roles")
         params_role = self.params.get("@role")
-        
-        if not params_role:
-            if hasattr(request,"user"):
-                params_role = "LOGIN"
+        user = getattr(request, "user", None)
+
+        if roles:
+            if not params_role:
+                if user:
+                    params_role = "LOGIN"
+                else:
+                    params_role = "UNKNOWN"
+            elif params_role != "UNKNOWN":
+                if not user:
+                    raise UliwebError("no login user for role '%s'" % (params_role))
+            if params_role not in roles:
+                raise UliwebError("'%s' not accessible by role '%s'" % (self.name, params_role))
+            if params_role == "UNKNOWN":
+                self.permission_check_ok = True
+            elif functions.has_role(user, params_role):
+                self.permission_check_ok = True
             else:
-                params_role = "UNKNOWN"
-        elif params_role != "UNKNOWN":
-            if not hasattr(request,"user"):
-                raise UliwebError("no login user for role '%s'"%(params_role))
-        if params_role not in roles:
-            raise UliwebError("'%s' not accessible by role '%s'"%(self.name,params_role))
-        if params_role == "UNKNOWN":
-            self.permission_check_ok = True
-        elif functions.has_role(request.user,params_role):
-            self.permission_check_ok = True
-        else:
-            raise UliwebError("user doesn't have role '%s'"%(params_role))
+                raise UliwebError("user doesn't have role '%s'" % (params_role))
+        if not self.permission_check_ok:
+            perms = GET.get("permissions")
+            if perms:
+                if params_role:
+                    role, msg = functions.has_permission_as_role(user, params_role, *perms)
+                    if role:
+                        self.permission_check_ok = True
+                else:
+                    role = functions.has_permission(user, *perms)
+                    if role:
+                        role_name = getattr(role, "name")
+                        if role_name:
+                            self.permission_check_ok = True
+                            params_role = role_name
 
         if not self.permission_check_ok:
             raise UliwebError("no permission")

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ comment = {`
`47`	`47`	`"PUT" : { "roles" : ["OWNER","ADMIN"] },`
`48`	`48`	`"DELETE" : { "roles" : ["OWNER","ADMIN"] },`
`49`	`49`	`}`
	`50`	`+# only define permissions, no roles`
`50`	`51`	`comment2 = {`
`51`	`52`	`"user_id_field" : "user_id",`
`52`	`53`	`"GET" : { "permissions":["get_comment2"] },`