# coding: utf-8 from flask import request, g from functools import wraps from flask import abort, session, redirect, url_for, flash from .models import Topic, Attachment from . import roles def require_visitor(func): """仅允许非登陆用户访问,如signin页面""" @wraps(func) def decorator(*args, **kwargs): if g.current_user: return redirect(url_for('forum.index')) return func(*args, **kwargs) return decorator class Permission(object): def __init__(self, role, extra=True, super_extra=True): """extra用于在同级别user中筛选,super_extra用于允许高级别用户获取此权限""" self.role = role self.extra = extra self.super_extra = super_extra def __call__(self, func): @wraps(func) def decorator(*args, **kwargs): if not self.check(): return self.deny() return func(*args, **kwargs) return decorator def check(self): """判断是否满足权限条件""" if g.current_role < self.role: return False elif g.current_role == self.role: return self.extra return self.super_extra def deny(self, next_url=""): """针对不同的role进行不同的处理""" if g.current_role == roles.VisitorRole: flash('此操作需要登录账户') return redirect(url_for('account.signin', next=next_url or request.url)) elif g.current_role == roles.NewUserRole: flash('请登录邮箱激活账户') return redirect(url_for('forum.index')) abort(403) new_user_permission = Permission(roles.NewUserRole) user_permission = Permission(roles.UserRole) admin_permission = Permission(roles.AdminRole) super_admin_permission = Permission(roles.SuperAdminRole) class TopicOwnerPermission(Permission): def __init__(self, topic_id): can = g.current_user and Topic.query.filter(Topic.id == topic_id).filter( Topic.user_id == g.current_user.id).count() > 0 Permission.__init__(self, roles.UserRole, can) class AttachmentOwnerPermission(Permission): def __init__(self, attachment_id): can = g.current_user and Attachment.query.filter(Attachment.id == attachment_id).filter( Attachment.user_id == g.current_user.id).count() > 0 Permission.__init__(self, roles.UserRole, can)