如何将flask-RBAC模型添加到现有SQLAlchemy数据库 [英] How to add flask-RBAC models to existing SQLAlchemy database

问题描述

我正在尝试在现有的烧瓶应用程序中添加 RBAC 有2个模型分别描述用户模型和帖子模型.这是我的代码:

I'm trying to add RBAC to my existing flask application where I already have 2 models which describe User and Post model respectively. Here is my code:

# models.py

from datetime import datetime
from rpd_site import db, login_manager
from flask_login import UserMixin


# []
@login_manager.user_loader
def load_user(user_id):
    return User.query.get(int(user_id))


# Main site account table
class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(20), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    image_file = db.Column(db.String(20), nullable=False, default='default.jpg')
    password = db.Column(db.String(60), nullable=False)
    confirmed = db.Column(db.Boolean, nullable=False, default=0)
    posts = db.relationship('Post', backref='author', lazy=True)

    def __repr__(self):
        return f"User('{self.username}', '{self.email}', '{self.confirmed}')"


# Posts table
class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(100), nullable=False)
    date_posted = db.Column(db.DateTime, nullable=False, default=datetime.now) # current local time instead of .utcnow
    content = db.Column(db.Text, nullable=False)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
    image_file = db.Column(db.String(20), nullable=False, default='default_post.png')

    def __repr__(self):
        return f"Post('{self.title}', '{self.date_posted}', '{self.content[:15]}')"

当我尝试从此处添加所有缺少的代码时，我遇到了很多错误.特别是我不确定是否应该从flask_rbac或flask_login导入UserMixin.

When I tried add all missing code from here I faced with lots of errors. Especially I'm not sure if I should import UserMixin from flask_rbac or from flask_login.

帮助我了解如何使用RBAC功能升级数据库.

Help me to understand how can I upgrade my DB with RBAC functionality.

推荐答案

这是一个非常广泛的问题，我将尝试为您提供最少的代码，以便您可以实现RBAC.下面的示例使用Flask-security.

This is a very broad question, I'll try to give you a minimum code so that you can achieve RBAC. Below example uses Flask-security.

from app import db
from flask_security import RoleMixin, UserMixin

# may to many association table between User and Role
roles_users = db.Table(
    'roles_users',
    db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
    db.Column('role_id', db.Integer(), db.ForeignKey('role.id'))
)

class Role(db.Model, RoleMixin):

    __tablename__ = 'role'

    id = db.Column(db.Integer(), primary_key=True)
    name = db.Column(db.String(50), unique=True)

    def __str__(self):
        return self.name

class User(db.Model, UserMixin):

    __tablename__ = 'user'

    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(50), unique=True)
    password = db.Column(db.String(255))
    roles = db.relationship('Role', secondary=roles_users,
                            backref=db.backref('users', lazy='joined'))
    def __str__(self):
        return self.email

您可以基于上述模型迁移或创建数据库.以上内容足以为RDBC或在视图级别执行后端操作. 然后，您可以使用下面的链接轻松地为每个用户分配角色.

You either migrate or create the DB based on above Models. The above will be sufficient for you to either perform back-end operation for RDBC or at view level. You can then assign roles to each user easily using below link.

烧瓶安全性创建角色，用户，并将user_id链接到role_id

如果要在视图上执行RBAC，请遵循以下步骤.

If you want to perform RBAC at view, follow below.

from flask_security import login_required, roles_accepted
@app.route('/a_restricted_view/')
@login_required
@roles_accepted('role_one', 'role_two')
def a_restricted_view():
    return "I am only visible to users with role_one and role_two"

这篇关于如何将flask-RBAC模型添加到现有SQLAlchemy数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！