You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
200 lines
14 KiB
200 lines
14 KiB
#-*-coding utf-8-*- |
|
# Общественное достояние, 2023, Алексей Безбородов (Alexei Bezborodov) <AlexeiBv+mirocod_platform_bot@narod.ru> |
|
|
|
# Доступ пользователей |
|
|
|
from enum import Enum |
|
from bot_sys import config |
|
|
|
user_access_group_all = 'all' |
|
user_access_group_new = 'new' |
|
user_access_group_auth_users = 'authorize_users' |
|
|
|
user_access_readme = f''' |
|
Доступ к пользователям задаётся в виде строки |
|
`user1=daver;user2=av;Group1=v;Group2=-;Group3=+;other=-` |
|
Где через ';' располагаются различные варианты доступа |
|
user1 и user2 - id пользоватлей |
|
Group1, Group2, Group3 - Имена групп пользоватлей |
|
|
|
Типы доступа: |
|
VIEW = 'v' - чтение |
|
ADD = 'a' - добавление |
|
EDIT = 'e' - редактирование |
|
DELETE = 'd' - удаление |
|
ACCEES_EDIT = 'r' - изменение прав доступа |
|
'+' - всё включено |
|
'-' - всё выключено |
|
группа '{user_access_group_new}' - новые участники (все новые участники автоматически добавляются в эту группу) |
|
группа '{user_access_group_all}' - все |
|
''' |
|
|
|
# --------------------------------------------------------- |
|
# Типы уровня доступа |
|
|
|
class AccessMode(Enum): |
|
NONE = '-' |
|
VIEW = 'v' |
|
ADD = 'a' |
|
EDIT = 'e' |
|
DELETE = 'd' |
|
ACCEES_EDIT = 'r' |
|
ALL = '+' |
|
|
|
class UserGroups: |
|
def __init__(self, a_UserID : str, a_GroupNamesList : [str]): |
|
self.user_id = str(a_UserID) |
|
self.group_names_list = a_GroupNamesList |
|
|
|
# --------------------------------------------------------- |
|
# Функции работы с уровнем доступа пользователей |
|
|
|
def CheckAccessItem(a_AccessItem : str, a_AccessMode : AccessMode): |
|
if a_AccessItem == '+' or a_AccessMode.value in a_AccessItem: |
|
return True |
|
elif a_AccessItem == '-': |
|
return False |
|
return False |
|
|
|
# Возвращает возможность доступа пользователю a_UserGroups в элемент с правами a_AccessValue по режиму доступа a_AccessMode |
|
def CheckAccess(a_RootIDs, a_AccessValue : str, a_UserGroups : UserGroups, a_AccessMode : AccessMode): |
|
#print(a_RootIDs, a_AccessValue, a_UserGroups, a_AccessMode) |
|
if a_UserGroups.user_id in a_RootIDs: |
|
return True |
|
for i in a_AccessValue.split(';'): |
|
d = i.split('=') |
|
if len(d) != 2: |
|
continue |
|
name = d[0] |
|
access = d[1] |
|
if name == a_UserGroups.user_id or name in a_UserGroups.group_names_list or name == user_access_group_all: |
|
if CheckAccessItem(access, a_AccessMode): |
|
return True |
|
return False |
|
|
|
def Test(): |
|
assert '1234' in ['123', '1234'] |
|
assert not '1234' in ['123', '12345'] |
|
|
|
# root имеет полный доступ вне зависимости от a_AccessValue и a_UserGroups и a_AccessMode |
|
roots = ['1234'] |
|
for am in AccessMode.ADD, AccessMode.DELETE, AccessMode.EDIT, AccessMode.VIEW, AccessMode.ACCEES_EDIT: |
|
assert CheckAccess(roots, '1234=+', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '1234=-', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '1234=+;gr1=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '1234=-;gr1=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '1234=+', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '1234=-', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '1234=+;gr1=+', UserGroups('1234', ['gr']), am) |
|
assert CheckAccess(roots, '1234=-;gr1=+', UserGroups('1234', ['gr']), am) |
|
assert CheckAccess(roots, '1234=+;gr=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '1234=-;gr=+', UserGroups('1234', ['gr1']), am) |
|
|
|
assert CheckAccess(roots, '123=+', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '124=-', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '134=+;gr1=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '134=-;gr1=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '124=+', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '124=-', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '134=+;gr1=+', UserGroups('1234', ['gr']), am) |
|
assert CheckAccess(roots, '134=-;gr1=+', UserGroups('1234', ['gr']), am) |
|
assert CheckAccess(roots, '124=+;gr=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '124=-;gr=+', UserGroups('1234', ['gr1']), am) |
|
|
|
roots = ['12'] |
|
for am in AccessMode.ADD, AccessMode.DELETE, AccessMode.EDIT, AccessMode.VIEW, AccessMode.ACCEES_EDIT: |
|
assert CheckAccess(roots, '1234=+', UserGroups('1234', []), am) |
|
assert not CheckAccess(roots, '1234=-', UserGroups('1234', []), am) |
|
assert CheckAccess(roots, '1234=+;gr1=+', UserGroups('1234', ['gr1']), am) |
|
assert CheckAccess(roots, '1234=-;gr1=+', UserGroups('1234', ['gr1']), am) |
|
assert not CheckAccess(roots, '1234=+', UserGroups('123', []), am) |
|
assert not CheckAccess(roots, '1234=-', UserGroups('123', []), am) |
|
assert not CheckAccess(roots, '1234=+;gr1=+', UserGroups('123', ['gr']), am) |
|
assert not CheckAccess(roots, '1234=-;gr1=+', UserGroups('123', ['gr']), am) |
|
assert not CheckAccess(roots, '1234=+;gr=+', UserGroups('123', ['gr1']), am) |
|
assert not CheckAccess(roots, '1234=-;gr=+', UserGroups('123', ['gr1']), am) |
|
|
|
assert CheckAccess(roots, '123=-;1234=a', UserGroups('1234', []), AccessMode.ADD) |
|
assert CheckAccess(roots, '123=-;1234=d', UserGroups('1234', []), AccessMode.DELETE) |
|
assert CheckAccess(roots, '123=-;1234=e', UserGroups('1234', []), AccessMode.EDIT) |
|
assert CheckAccess(roots, '123=-;1234=r', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, '123=-;1234=v', UserGroups('1234', []), AccessMode.VIEW) |
|
assert CheckAccess(roots, '123=-;gr1=a', UserGroups('1234', ['gr1']), AccessMode.ADD) |
|
assert CheckAccess(roots, '123=-;gr1=d', UserGroups('1234', ['gr1']), AccessMode.DELETE) |
|
assert CheckAccess(roots, '123=-;gr1=e', UserGroups('1234', ['gr1']), AccessMode.EDIT) |
|
assert CheckAccess(roots, '123=-;gr1=r', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, '123=-;gr1=v', UserGroups('1234', ['gr1']), AccessMode.VIEW) |
|
assert CheckAccess(roots, '123=-;1234=daver', UserGroups('1234', []), AccessMode.ADD) |
|
assert CheckAccess(roots, '123=-;1234=dav', UserGroups('1234', []), AccessMode.DELETE) |
|
assert CheckAccess(roots, '123=-;1234=edv', UserGroups('1234', []), AccessMode.EDIT) |
|
assert CheckAccess(roots, '123=-;1234=rav', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, '123=-;1234=va', UserGroups('1234', []), AccessMode.VIEW) |
|
assert CheckAccess(roots, '123=-;gr1=avr', UserGroups('1234', ['gr1']), AccessMode.ADD) |
|
assert CheckAccess(roots, '123=-;gr1=daver', UserGroups('1234', ['gr1']), AccessMode.DELETE) |
|
assert CheckAccess(roots, '123=-;gr1=eva', UserGroups('1234', ['gr1']), AccessMode.EDIT) |
|
assert CheckAccess(roots, '123=-;gr1=re', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, '123=-;gr1=vad', UserGroups('1234', ['gr1']), AccessMode.VIEW) |
|
|
|
assert not CheckAccess(roots, '123=-;1234=d', UserGroups('1234', []), AccessMode.ADD) |
|
assert not CheckAccess(roots, '123=-;1234=a', UserGroups('1234', []), AccessMode.DELETE) |
|
assert not CheckAccess(roots, '123=-;1234=r', UserGroups('1234', []), AccessMode.EDIT) |
|
assert not CheckAccess(roots, '123=-;1234=v', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, '123=-;1234=e', UserGroups('1234', []), AccessMode.VIEW) |
|
assert not CheckAccess(roots, '123=-;gr1=d', UserGroups('1234', ['gr']), AccessMode.ADD) |
|
assert not CheckAccess(roots, '123=-;gr1=a', UserGroups('1234', ['gr']), AccessMode.DELETE) |
|
assert not CheckAccess(roots, '123=-;gr1=v', UserGroups('1234', ['gr']), AccessMode.EDIT) |
|
assert not CheckAccess(roots, '123=-;gr1=e', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, '123=-;gr1=r', UserGroups('1234', ['gr']), AccessMode.VIEW) |
|
assert not CheckAccess(roots, '123=-;1234=dver', UserGroups('1234', []), AccessMode.ADD) |
|
assert not CheckAccess(roots, '123=-;1234=av', UserGroups('1234', []), AccessMode.DELETE) |
|
assert not CheckAccess(roots, '123=-;1234=dv', UserGroups('1234', []), AccessMode.EDIT) |
|
assert not CheckAccess(roots, '123=-;1234=av', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, '123=-;1234=a', UserGroups('1234', []), AccessMode.VIEW) |
|
assert not CheckAccess(roots, '123=-;gr1=vr', UserGroups('1234', ['gr']), AccessMode.ADD) |
|
assert not CheckAccess(roots, '123=-;gr1=aver', UserGroups('1234', ['gr']), AccessMode.DELETE) |
|
assert not CheckAccess(roots, '123=-;gr1=va', UserGroups('1234', ['gr']), AccessMode.EDIT) |
|
assert not CheckAccess(roots, '123=-;gr1=ea', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, '123=-;gr1=ad', UserGroups('1234', ['gr']), AccessMode.VIEW) |
|
|
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', []), AccessMode.ADD) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=d', UserGroups('1234', []), AccessMode.DELETE) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=e', UserGroups('1234', []), AccessMode.EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=r', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=v', UserGroups('1234', []), AccessMode.VIEW) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', ['gr1']), AccessMode.ADD) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=d', UserGroups('1234', ['gr1']), AccessMode.DELETE) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=e', UserGroups('1234', ['gr1']), AccessMode.EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=r', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=v', UserGroups('1234', ['gr1']), AccessMode.VIEW) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=daver', UserGroups('1234', []), AccessMode.ADD) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=dav', UserGroups('1234', []), AccessMode.DELETE) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=edv', UserGroups('1234', []), AccessMode.EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=rav', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=va', UserGroups('1234', []), AccessMode.VIEW) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=avr', UserGroups('1234', ['gr1']), AccessMode.ADD) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=daver', UserGroups('1234', ['gr1']), AccessMode.DELETE) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=eva', UserGroups('1234', ['gr1']), AccessMode.EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=re', UserGroups('1234', ['gr1']), AccessMode.ACCEES_EDIT) |
|
assert CheckAccess(roots, f'123=-;{user_access_group_all}=vad', UserGroups('1234', ['gr1']), AccessMode.VIEW) |
|
|
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=d', UserGroups('1234', []), AccessMode.ADD) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', []), AccessMode.DELETE) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=r', UserGroups('1234', []), AccessMode.EDIT) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=v', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=e', UserGroups('1234', []), AccessMode.VIEW) |
|
assert not CheckAccess(roots, f'123=-;gr1=d;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.ADD) |
|
assert not CheckAccess(roots, f'123=-;gr1=a;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.DELETE) |
|
assert not CheckAccess(roots, f'123=-;gr1=v;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.EDIT) |
|
assert not CheckAccess(roots, f'123=-;gr1=e;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, f'123=-;gr1=r;{user_access_group_all}=-', UserGroups('1234', ['gr']), AccessMode.VIEW) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=dver', UserGroups('1234', []), AccessMode.ADD) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=av', UserGroups('1234', []), AccessMode.DELETE) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=dv', UserGroups('1234', []), AccessMode.EDIT) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=av', UserGroups('1234', []), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=a', UserGroups('1234', []), AccessMode.VIEW) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=vr', UserGroups('1234', ['gr']), AccessMode.ADD) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=aver', UserGroups('1234', ['gr']), AccessMode.DELETE) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=va', UserGroups('1234', ['gr']), AccessMode.EDIT) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=ea', UserGroups('1234', ['gr']), AccessMode.ACCEES_EDIT) |
|
assert not CheckAccess(roots, f'123=-;{user_access_group_all}=ad', UserGroups('1234', ['gr']), AccessMode.VIEW) |
|
|
|
|