leguadmin/xbackend
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
mongo
xbackend/utils/casbin/distributed_enforcer.py
wuaho 182799e6f7 casbin多租户模型
2021-05-15 15:38:02 +08:00

132 lines
4.8 KiB
Python
Raw Permalink Blame History

from utils.casbin import SyncedEnforcer
import logging
from utils.casbin.persist import batch_adapter
from utils.casbin.model.policy_op import PolicyOp
from utils.casbin.persist.adapters import update_adapter
class DistributedEnforcer(SyncedEnforcer):
"""DistributedEnforcer wraps SyncedEnforcer for dispatcher."""
def __init__(self, model=None, adapter=None):
self.logger = logging.getLogger()
SyncedEnforcer.__init__(self, model, adapter)
def add_policy_self(self, should_persist, sec, ptype, rules):
"""
AddPolicySelf provides a method for dispatcher to add authorization rules to the current policy.
The function returns the rules affected and error.
"""
no_exists_policy = []
for rule in rules:
if not self.get_model().has_policy(sec, ptype, rule):
no_exists_policy.append(rule)
if should_persist:
try:
if isinstance(self.adapter, batch_adapter):
self.adapter.add_policies(sec, ptype, rules)
except Exception as e:
self.logger.log("An error occurred: " + e)
self.get_model().add_policies(sec, ptype, no_exists_policy)
if sec == "g":
try:
self.build_incremental_role_links(PolicyOp.Policy_add, ptype, no_exists_policy)
except Exception as e:
self.logger.log("An exception occurred: " + e)
return no_exists_policy
return no_exists_policy
def remove_policy_self(self, should_persist, sec, ptype, rules):
"""
remove_policy_self provides a method for dispatcher to remove policies from current policy.
The function returns the rules affected and error.
"""
if(should_persist):
try:
if(isinstance(self.adapter, batch_adapter)):
self.adapter.remove_policy(sec, ptype, rules)
except Exception as e:
self.logger.log("An exception occurred: " + e)
effected = self.get_model().remove_policies_with_effected(sec, ptype, rules)
if sec == "g":
try:
self.build_incremental_role_links(PolicyOp.Policy_remove, ptype, rules)
except Exception as e:
self.logger.log("An exception occurred: " + e)
return effected
return effected
def remove_filtered_policy_self(self, should_persist, sec, ptype, field_index, *field_values):
"""
remove_filtered_policy_self provides a method for dispatcher to remove an authorization
rule from the current policy,field filters can be specified.
The function returns the rules affected and error.
"""
if should_persist:
try:
self.adapter.remove_filtered_policy(sec, ptype, field_index, field_values)
except Exception as e:
self.logger.log("An exception occurred: " + e)
effects = self.get_model().remove_filtered_policy_returns_effects(sec, ptype, field_index, field_values)
if sec == "g":
try:
self.build_incremental_role_links(PolicyOp.Policy_remove, ptype, effects)
except Exception as e:
self.logger.log("An exception occurred: " + e)
return effects
return effects
def clear_policy_self(self, should_persist):
"""
clear_policy_self provides a method for dispatcher to clear all rules from the current policy.
"""
if should_persist:
try:
self.adapter.save_policy(None)
except Exception as e:
self.logger.log("An exception occurred: " + e)
self.get_model().clear_policy()
def update_policy_self(self, should_persist, sec, ptype, old_rule, new_rule):
"""
update_policy_self provides a method for dispatcher to update an authorization rule from the current policy.
"""
if should_persist:
try:
if isinstance(self.adapter, update_adapter):
self.adapter.update_policy(sec, ptype, old_rule, new_rule)
except Exception as e:
self.logger.log("An exception occurred: " + e)
return False
rule_updated = self.get_model().update_policy(sec, ptype, old_rule, new_rule)
if not rule_updated:
return False
if sec == "g":
try:
self.build_incremental_role_links(PolicyOp.Policy_remove, ptype, [old_rule])
except Exception as e:
return False
try:
self.build_incremental_role_links(PolicyOp.Policy_add, ptype, [new_rule])
except Exception as e:
return False
return True
Reference in New Issue View Git Blame Copy Permalink