#-*-coding utf-8-*- # Общественное достояние, 2023, Алексей Безбородов (Alexei Bezborodov) # Доступ пользователей from enum import Enum from bot_sys import config user_access_group_all = 'all' user_access_group_new = 'new' user_access_readme = f''' Доступ к пользователям задаётся в виде строки `user1=daver;user2=av;Group1=v;Group2=-;Group3=+;other=-` Где через ';' располагаются различные варианты доступа user1 и user2 - id пользоватлей Group1, Group2, Group3 - Имена групп пользоватлей Типы доступа: VIEW = 'v' - чтение ADD = 'a' - добавление EDIT = 'e' - редактирование DELETE = 'd' - удаление ACCEES_EDIT = 'r' - изменение прав доступа '+' - всё включено '-' - всё выключено группа '{user_access_group_new}' - новые участники (все новые участники автоматически добавляются в эту группу) группа '{user_access_group_all}' - все ''' # --------------------------------------------------------- # Типы уровня доступа class AccessMode(Enum): VIEW = 'v' ADD = 'a' EDIT = 'e' DELETE = 'd' ACCEES_EDIT = 'r' class UserGroups: def __init__(self, a_UserID : str, a_GroupNamesList : [str]): self.user_id = str(a_UserID) self.group_names_list = a_GroupNamesList # --------------------------------------------------------- # Функции работы с уровнем доступа пользователей def CheckAccessItem(a_AccessItem : str, a_AccessMode : AccessMode): if a_AccessItem == '+' or a_AccessMode.value in a_AccessItem: return True elif a_AccessItem == '-': return False return False # Возвращает возможность доступа пользователю a_UserGroups в элемент с правами a_AccessValue по режиму доступа a_AccessMode def CheckAccess(a_RootIDs, a_AccessValue : str, a_UserGroups : UserGroups, a_AccessMode : AccessMode): if a_UserGroups.user_id in a_RootIDs: return True for i in a_AccessValue.split(';'): d = i.split('=') if len(d) != 2: continue name = d[0] access = d[1] if name == a_UserGroups.user_id or name in a_UserGroups.group_names_list or name == user_access_group_all: if CheckAccessItem(access, a_AccessMode): return True return False def Test(): assert '1234' in ['123', '1234'] assert not '1234' in ['123', '12345'] # root имеет полный доступ вне зависимости от a_AccessValue и a_UserGroups и a_AccessMode roots = ['1234'] for am in AccessMode.ADD, AccessMode.DELETE, AccessMode.EDIT, AccessMode.VIEW, AccessMode.ACCEES_EDIT: assert CheckAccess(roots, '1234=+', UserGroups('1234', []), am) assert CheckAccess(roots, '1234=-', UserGroups('1234', []), am) assert CheckAccess(roots, '1234=+;gr1=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '1234=-;gr1=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '1234=+', UserGroups('1234', []), am) assert CheckAccess(roots, '1234=-', UserGroups('1234', []), am) assert CheckAccess(roots, '1234=+;gr1=+', UserGroups('1234', ['gr']), am) assert CheckAccess(roots, '1234=-;gr1=+', UserGroups('1234', ['gr']), am) assert CheckAccess(roots, '1234=+;gr=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '1234=-;gr=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '123=+', UserGroups('1234', []), am) assert CheckAccess(roots, '124=-', UserGroups('1234', []), am) assert CheckAccess(roots, '134=+;gr1=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '134=-;gr1=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '124=+', UserGroups('1234', []), am) assert CheckAccess(roots, '124=-', UserGroups('1234', []), am) assert CheckAccess(roots, '134=+;gr1=+', UserGroups('1234', ['gr']), am) assert CheckAccess(roots, '134=-;gr1=+', UserGroups('1234', ['gr']), am) assert CheckAccess(roots, '124=+;gr=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '124=-;gr=+', UserGroups('1234', ['gr1']), am) roots = ['12'] for am in AccessMode.ADD, AccessMode.DELETE, AccessMode.EDIT, AccessMode.VIEW, AccessMode.ACCEES_EDIT: assert CheckAccess(roots, '1234=+', UserGroups('1234', []), am) assert not CheckAccess(roots, '1234=-', UserGroups('1234', []), am) assert CheckAccess(roots, '1234=+;gr1=+', UserGroups('1234', ['gr1']), am) assert CheckAccess(roots, '1234=-;gr1=+', UserGroups('1234', ['gr1']), am) assert not CheckAccess(roots, '1234=+', UserGroups('123', []), am) assert not CheckAccess(roots, '1234=-', UserGroups('123', []), am) assert not CheckAccess(roots, '1234=+;gr1=+', UserGroups('123', ['gr']), am) assert not CheckAccess(roots, '1234=-;gr1=+', UserGroups('123', ['gr']), am) assert not CheckAccess(roots, '1234=+;gr=+', UserGroups('123', ['gr1']), am) assert not CheckAccess(roots, '1234=-;gr=+', UserGroups('123', ['gr1']), am) assert CheckAccess(roots, '123=-;1234=a', UserGroups('1234', []), AccessMode.ADD) assert CheckAccess(roots, '123=-;1234=d', UserGroups('1234', []), AccessMode.DELETE) assert CheckAccess(roots, '123=-;1234=e', UserGroups('1234', []), AccessMode.EDIT) assert CheckAccess(roots, '123=-;1234=r', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, '123=-;1234=v', UserGroups('1234', []), AccessMode.VIEW) assert CheckAccess(roots, '123=-;gr1=a', UserGroups('1234', ['gr1']), AccessMode.ADD) assert CheckAccess(roots, '123=-;gr1=d', UserGroups('1234', ['gr1']), AccessMode.DELETE) assert CheckAccess(roots, '123=-;gr1=e', UserGroups('1234', ['gr1']), AccessMode.EDIT) assert CheckAccess(roots, '123=-;gr1=r', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, '123=-;gr1=v', UserGroups('1234', ['gr1']), AccessMode.VIEW) assert CheckAccess(roots, '123=-;1234=daver', UserGroups('1234', []), AccessMode.ADD) assert CheckAccess(roots, '123=-;1234=dav', UserGroups('1234', []), AccessMode.DELETE) assert CheckAccess(roots, '123=-;1234=edv', UserGroups('1234', []), AccessMode.EDIT) assert CheckAccess(roots, '123=-;1234=rav', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, '123=-;1234=va', UserGroups('1234', []), AccessMode.VIEW) assert CheckAccess(roots, '123=-;gr1=avr', UserGroups('1234', ['gr1']), AccessMode.ADD) assert CheckAccess(roots, '123=-;gr1=daver', UserGroups('1234', ['gr1']), AccessMode.DELETE) assert CheckAccess(roots, '123=-;gr1=eva', UserGroups('1234', ['gr1']), AccessMode.EDIT) assert CheckAccess(roots, '123=-;gr1=re', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, '123=-;gr1=vad', UserGroups('1234', ['gr1']), AccessMode.VIEW) assert not CheckAccess(roots, '123=-;1234=d', UserGroups('1234', []), AccessMode.ADD) assert not CheckAccess(roots, '123=-;1234=a', UserGroups('1234', []), AccessMode.DELETE) assert not CheckAccess(roots, '123=-;1234=r', UserGroups('1234', []), AccessMode.EDIT) assert not CheckAccess(roots, '123=-;1234=v', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, '123=-;1234=e', UserGroups('1234', []), AccessMode.VIEW) assert not CheckAccess(roots, '123=-;gr1=d', UserGroups('1234', ['gr']), AccessMode.ADD) assert not CheckAccess(roots, '123=-;gr1=a', UserGroups('1234', ['gr']), AccessMode.DELETE) assert not CheckAccess(roots, '123=-;gr1=v', UserGroups('1234', ['gr']), AccessMode.EDIT) assert not CheckAccess(roots, '123=-;gr1=e', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, '123=-;gr1=r', UserGroups('1234', ['gr']), AccessMode.VIEW) assert not CheckAccess(roots, '123=-;1234=dver', UserGroups('1234', []), AccessMode.ADD) assert not CheckAccess(roots, '123=-;1234=av', UserGroups('1234', []), AccessMode.DELETE) assert not CheckAccess(roots, '123=-;1234=dv', UserGroups('1234', []), AccessMode.EDIT) assert not CheckAccess(roots, '123=-;1234=av', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, '123=-;1234=a', UserGroups('1234', []), AccessMode.VIEW) assert not CheckAccess(roots, '123=-;gr1=vr', UserGroups('1234', ['gr']), AccessMode.ADD) assert not CheckAccess(roots, '123=-;gr1=aver', UserGroups('1234', ['gr']), AccessMode.DELETE) assert not CheckAccess(roots, '123=-;gr1=va', UserGroups('1234', ['gr']), AccessMode.EDIT) assert not CheckAccess(roots, '123=-;gr1=ea', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, '123=-;gr1=ad', UserGroups('1234', ['gr']), AccessMode.VIEW) assert CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', []), AccessMode.ADD) assert CheckAccess(roots, f'123=-;{user_access_group_all}=d', UserGroups('1234', []), AccessMode.DELETE) assert CheckAccess(roots, f'123=-;{user_access_group_all}=e', UserGroups('1234', []), AccessMode.EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=r', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=v', UserGroups('1234', []), AccessMode.VIEW) assert CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', ['gr1']), AccessMode.ADD) assert CheckAccess(roots, f'123=-;{user_access_group_all}=d', UserGroups('1234', ['gr1']), AccessMode.DELETE) assert CheckAccess(roots, f'123=-;{user_access_group_all}=e', UserGroups('1234', ['gr1']), AccessMode.EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=r', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=v', UserGroups('1234', ['gr1']), AccessMode.VIEW) assert CheckAccess(roots, f'123=-;{user_access_group_all}=daver', UserGroups('1234', []), AccessMode.ADD) assert CheckAccess(roots, f'123=-;{user_access_group_all}=dav', UserGroups('1234', []), AccessMode.DELETE) assert CheckAccess(roots, f'123=-;{user_access_group_all}=edv', UserGroups('1234', []), AccessMode.EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=rav', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=va', UserGroups('1234', []), AccessMode.VIEW) assert CheckAccess(roots, f'123=-;{user_access_group_all}=avr', UserGroups('1234', ['gr1']), AccessMode.ADD) assert CheckAccess(roots, f'123=-;{user_access_group_all}=daver', UserGroups('1234', ['gr1']), AccessMode.DELETE) assert CheckAccess(roots, f'123=-;{user_access_group_all}=eva', UserGroups('1234', ['gr1']), AccessMode.EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=re', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) assert CheckAccess(roots, f'123=-;{user_access_group_all}=vad', UserGroups('1234', ['gr1']), AccessMode.VIEW) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=d', UserGroups('1234', []), AccessMode.ADD) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', []), AccessMode.DELETE) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=r', UserGroups('1234', []), AccessMode.EDIT) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=v', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=e', UserGroups('1234', []), AccessMode.VIEW) assert not CheckAccess(roots, f'123=-;gr1=d;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.ADD) assert not CheckAccess(roots, f'123=-;gr1=a;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.DELETE) assert not CheckAccess(roots, f'123=-;gr1=v;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.EDIT) assert not CheckAccess(roots, f'123=-;gr1=e;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, f'123=-;gr1=r;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.VIEW) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=dver', UserGroups('1234', []), AccessMode.ADD) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=av', UserGroups('1234', []), AccessMode.DELETE) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=dv', UserGroups('1234', []), AccessMode.EDIT) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=av', UserGroups('1234', []), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', []), AccessMode.VIEW) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=vr', UserGroups('1234', ['gr']), AccessMode.ADD) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=aver', UserGroups('1234', ['gr']), AccessMode.DELETE) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=va', UserGroups('1234', ['gr']), AccessMode.EDIT) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=ea', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) assert not CheckAccess(roots, f'123=-;{user_access_group_all}=ad', UserGroups('1234', ['gr']), AccessMode.VIEW)