improve rbac

2021-08-17 12:14:26 +03:00
parent 9618802c6b
commit b8b7854c4c
9 changed files with 132 additions and 62 deletions
--- a/orm/user.py
+++ b/orm/user.py
@@ -1,11 +1,19 @@
 from typing import List

-from sqlalchemy import Column, Integer, String, ForeignKey #, relationship
+from sqlalchemy import Column, Integer, String, ForeignKey
+from sqlalchemy.orm import relationship

 from orm import Permission
 from orm.base import Base, local_session


+class UserRole(Base):
+	__tablename__ = 'user_role'
+	
+	id = None
+	user_id: int = Column(ForeignKey("user.id"), primary_key = True)
+	role_id: int = Column(ForeignKey("role.id"), primary_key = True)
+
 class User(Base):
 	__tablename__ = 'user'

@@ -13,16 +21,19 @@ class User(Base):
 	username: str = Column(String, nullable=False, comment="Name")
 	password: str = Column(String, nullable=True, comment="Password")

-	role_id: list = Column(ForeignKey("role.id"), nullable=True, comment="Role")
-	# roles = relationship("Role") TODO: one to many, see schema.graphql
 	oauth_id: str = Column(String, nullable=True)

+	roles = relationship("Role", secondary=UserRole.__table__)
+
 	@classmethod
 	def get_permission(cls, user_id):
+		scope = {}
 		with local_session() as session:
-			perms: List[Permission] = session.query(Permission).join(User, User.role_id == Permission.role_id).filter(
-				User.id == user_id).all()
-		return {f"{p.operation_id}-{p.resource_id}" for p in perms}
+			user = session.query(User).filter(User.id == user_id).first()
+			for role in user.roles:
+				for p in role.permissions:
+					scope[p.resource_id] = p.operation_id
+		return scope


 if __name__ == '__main__':