forked from leancloud/python-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathacl.py
More file actions
104 lines (80 loc) · 3.56 KB
/
Copy pathacl.py
File metadata and controls
104 lines (80 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# coding: utf-8
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
import six
import leancloud
__author__ = 'asaka <lan@leancloud.rocks>'
PUBLIC_KEY = '*'
class ACL(object):
def __init__(self, permissions_by_id=None):
self.permissions_by_id = permissions_by_id or {}
def dump(self):
return self.permissions_by_id
def _set_access(self, access_type, user_id, allowed):
if isinstance(user_id, leancloud.User):
user_id = user_id.id
elif isinstance(user_id, leancloud.Role):
user_id = 'role:' + user_id.get_name()
permissions = self.permissions_by_id.get(user_id)
if permissions is None:
if not allowed:
return
permissions = {}
self.permissions_by_id[user_id] = permissions
if allowed:
self.permissions_by_id[user_id][access_type] = True
elif access_type in self.permissions_by_id[user_id]:
del self.permissions_by_id[user_id][access_type]
if not self.permissions_by_id[user_id]:
del self.permissions_by_id[user_id]
def _get_access(self, access_type, user_id):
if isinstance(user_id, leancloud.User):
user_id = user_id.id
elif isinstance(user_id, leancloud.Role):
user_id = 'role:' + user_id.get_name()
permissions = self.permissions_by_id.get(user_id)
if not permissions:
return False
return permissions.get(access_type, False)
def set_read_access(self, user_id, allowed):
return self._set_access('read', user_id, allowed)
def get_read_access(self, user_id):
return self._get_access('read', user_id)
def set_write_access(self, user_id, allowed):
return self._set_access('write', user_id, allowed)
def get_write_access(self, user_id):
return self._get_access('write', user_id)
def set_public_read_access(self, allowed):
return self.set_read_access(PUBLIC_KEY, allowed)
def get_public_read_access(self):
return self.get_read_access(PUBLIC_KEY)
def set_public_write_access(self, allowed):
return self.set_write_access(PUBLIC_KEY, allowed)
def get_public_write_access(self):
return self.get_write_access(PUBLIC_KEY)
def set_role_read_access(self, role, allowed):
if isinstance(role, leancloud.Role):
role = role.get_name()
if not isinstance(role, six.string_types):
raise TypeError('role must be a leancloud.Role or str')
self.set_read_access('role:{0}'.format(role), allowed)
def get_role_read_access(self, role):
if isinstance(role, leancloud.Role):
role = role.get_name()
if not isinstance(role, six.string_types):
raise TypeError('role must be a leancloud.Role or str')
return self.get_read_access('role:{0}'.format(role))
def set_role_write_access(self, role, allowed):
if isinstance(role, leancloud.Role):
role = role.get_name()
if not isinstance(role, six.string_types):
raise TypeError('role must be a leancloud.Role or str')
self.set_write_access('role:{0}'.format(role), allowed)
def get_role_write_access(self, role):
if isinstance(role, leancloud.Role):
role = role.get_name()
if not isinstance(role, six.string_types):
raise TypeError('role must be a leancloud.Role or str')
return self.get_write_access('role:{0}'.format(role))