python group/user management packages

拟墨画扇 提交于 2019-12-02 19:46:33

I literally just did this myself yesterday. I did it with a combination of

Flask-Login
Flask-Principal
Flask-SQLAlchemy

Basically the way it works is like this. Flask-Login is used for user authentication. On successful login, a signal is sent that you can intercept / use to add permissions

@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
    # Set the identity user object
    current_user = session.get('user', False)
    if not current_user:
        return False
    identity.user = current_user

    # Add the UserNeed to the identity
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    # Assuming the User model has a list of groups, update the
    # identity with the groups that the user provides
    if hasattr(current_user, 'groups'):
        groups = user.Group.query.filter(user.Group.users.any(id=current_user.id)).all()
        for group in groups:
            identity.provides.add(RoleNeed(group.name))

The models for the user and group look like this:

groups = db.Table('groups',
    db.Column('user_id', db.Integer, db.ForeignKey('user.id')),
    db.Column('group_id', db.Integer, db.ForeignKey('group.id'))
)

group_to_group = db.Table('group_to_group',
    db.Column('parent_id', db.Integer, db.ForeignKey('group.id'), primary_key=True),
    db.Column('child_id', db.Integer, db.ForeignKey('group.id'), primary_key=True)
)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(64), unique=True)
    email = db.Column(db.String(120), unique=True)
    display_name = db.Column(db.String(120))
    created_at = db.Column(db.DateTime)
    last_login = db.Column(db.DateTime, default=db.func.now())

    def __init__(self, name, email, display_name):
        self.name = name
        self.email = email
        self.display_name = display_name
        self.created_at = datetime.datetime.now()
        self.order_by = User.display_name

    def is_authenticated(self):
        return True

    def is_active(self):
        return True

    def is_anonymous(self):
        return False

    def get_id(self):
        return unicode(self.id)

    def __repr__(self):
        return self.display_name


class Group(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(64))
    users = db.relationship('User', 
                            secondary=groups,
                            backref=db.backref('groups',
                                               lazy='dynamic',
                                               order_by=name
                            )
    )
    parents = db.relationship('Group',
                              secondary=group_to_group, 
                              primaryjoin=id==group_to_group.c.parent_id,  
                              secondaryjoin=id==group_to_group.c.child_id, 
                              backref="children",
                              remote_side=[group_to_group.c.parent_id])

    def __repr__(self):
        return self.name

Then, it is just a matter of rolling some CRUD pages to take care of administering the groups.

I then set up some logic to create Principal Roles based on my group names so each new group is available.

When you want to restrict access to something, you just do it like...

@NameOfYourRole.require(http_exception=403)
@route("/something/special/people/can/do")
def super_cool(...):
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!