Update docs

Migrate Sphinx conf.py to python3 Improve perfomance of _setup_acl method
shonenada · Jan 7, 2021 · a56ac44 · a56ac44
1 parent ca4dfb4
commit a56ac44
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 27 deletions.
diff --git a/docs/conf.py b/docs/conf.py
@@ -43,8 +43,8 @@
 master_doc = 'index'
 
 # General information about the project.
-project = u'Flask-RBAC'
-copyright = u'2014, shonenada'
+project = 'Flask-RBAC'
+copyright = '2014, shonenada'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
@@ -199,8 +199,8 @@
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-  ('index', 'Flask-RBAC.tex', u'Flask-RBAC Documentation',
-   u'shonenada', 'manual'),
+  ('index', 'Flask-RBAC.tex', 'Flask-RBAC Documentation',
+   'shonenada', 'manual'),
 ]
 
 # The name of an image file (relative to this directory) to place at the top of
@@ -229,8 +229,8 @@
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
 man_pages = [
-    ('index', 'flask-rbac', u'Flask-RBAC Documentation',
-     [u'shonenada'], 1)
+    ('index', 'flask-rbac', 'Flask-RBAC Documentation',
+     ['shonenada'], 1)
 ]
 
 # If true, show URL addresses after external links.
@@ -243,8 +243,8 @@
 # (source start file, target name, title, author,
 #  dir menu entry, description, category)
 texinfo_documents = [
-  ('index', 'Flask-RBAC', u'Flask-RBAC Documentation',
-   u'shonenada', 'Flask-RBAC', 'One line description of project.',
+  ('index', 'Flask-RBAC', 'Flask-RBAC Documentation',
+   'shonenada', 'Flask-RBAC', 'One line description of project.',
    'Miscellaneous'),
 ]
 
@@ -264,13 +264,13 @@
 # fall back if theme is not there
 try:
     __import__('flask_theme_support')
-except ImportError, e:
-    print '-' * 74
-    print 'Warning: Flask themes unavailable.  Building with default theme'
-    print 'If you want the Flask themes, run this command and build again:'
-    print
-    print '  git submodule update --init'
-    print '-' * 74
+except ImportError as e:
+    print('-' * 74)
+    print('Warning: Flask themes unavailable.  Building with default theme')
+    print('If you want the Flask themes, run this command and build again:')
+    print()
+    print('  git submodule update --init')
+    print('-' * 74)
 
     pygments_style = 'tango'
     html_theme = 'default'

diff --git a/docs/quickstart.rst.inc b/docs/quickstart.rst.inc
@@ -26,18 +26,20 @@ or you can configuration using factory method::
 
         return app
 
-
 Mode Setting
 ------------
 
 There are two modes for Flask-RBAC, `RBAC_USE_WHITE` decide whether use
 white list to check the permission. And it set `False` to default.
 
 ============================ ================================================
- `RBAC_USE_WHITE = True`     Only allowing rules can access the resources.  
-                             This means, all deny rules and rules           
+ `RBAC_USE_WHITE = True`     Only allowing rules can access the resources.
+                             This means, all deny rules and rules
                              you did not add cannot access the resources.
  `RBAC_USE_WHITE = False`    Only denying rules cannot access the resources.
+                             In case you set an allow rule, denying rules will
+                             also be automatically created for existing
+                             non-added roles in this route.
 ============================ ================================================
 
 Change it using::
@@ -85,7 +87,7 @@ the Role class to adapt your application, here is an example::
             self.name = name
 
         def add_parent(self, parent):
-            # You don't need to add this role to parent's children set, 
+            # You don't need to add this role to parent's children set,
             # relationship between roles would do this work automatically
             self.parents.append(parent)
 
@@ -154,7 +156,7 @@ Well, if your application works under SQLAlchemy::
                 yield role
 
 Same as role model, you should add user model to Flask-RBAC::
-     
+
     rbac.set_user_model(User)
 
 Or using decorator::
@@ -168,7 +170,7 @@ Set User Loader
 ---------------
 
 Flask-RBAC need to know who is current user, so it requires you to provide a
-function which tells it who is current user. 
+function which tells it who is current user.
 
 Flask-RBAC will load current user from `Flask-Login`_ if you have install it
 by default.
@@ -212,10 +214,28 @@ You can use `allow` and `deny` to add rules to Flask-RBAC::
 The code above adding two rules:
 
 - Allows user of *anonymous* role to *GET* /.
+
 - Deny user of *logged_user* role to *GET* and *POST* */account/signin*.
 
+`Flask`_ itself assumes the name of the view function as the endpoint for the
+registered URL rule, that's why in rules validation by default we use the decorated function
+name to check against the endpoint of the input request. But, in case you specified
+a different endpoint or you use the decorators inside a blueprint or
+abstracted blueprints extensions like `Flask-Admin`_ you can directly specify to the decorator
+the endpoint used in your route.
+
+.. code-block:: python
+
+    @app.route('/signin', methods=['GET', 'POST'], endpoint='account.signin')
+    @rbac.deny(['logged_user'], methods=['GET', 'POST'],
+        endpoint='account.signin')
+    def signin():
+        # show sign in page or handle sign in request.
+        pass
 
 
 .. _RoleMixin: api.html#flask-ext-rbac-model-rolemixin
 .. _UserMixin: api.html#flask-ext-rbac-model-usermixin
 .. _Flask-Login: https://flask-login.readthedocs.org/en/latest/
+.. _Flask: https://flask-admin.readthedocs.io/en/latest/introduction/?highlight=endpoint#generating-urls
+.. _Flask-Admin: https://flask-admin.readthedocs.io/en/latest/introduction/?highlight=endpoint#generating-urls
diff --git a/flask_rbac/__init__.py b/flask_rbac/__init__.py
@@ -401,7 +401,7 @@ def _check_permission(self, roles, method, resource):
             if self.acl.is_denied(r.get_name(), m, res):
                 return False
 
-            if is_allowed != True and self.acl.is_allowed(r.get_name(), m, res):
+            if not is_allowed and self.acl.is_allowed(r.get_name(), m, res):
                 is_allowed = True
                 break
 
@@ -435,11 +435,11 @@ def _setup_acl(self):
             for role, method, resource, with_children in self.before_acl['allow']:
                 to_deny_map[(resource, role, with_children)].append(method)
             for k, methods in to_deny_map.items():
-                v, role, with_children, = k
-                for r in all_roles - {role}:
-                    for m in methods:
-                        if (r, m, v, with_children) not in self.before_acl['allow']:
-                            self.before_acl['deny'].append((r, m, v, with_children))
+                view, role, with_children, = k
+                for r, m in itertools.product(all_roles - {role}, methods):
+                    rule = (r, m, view, with_children)
+                    if rule not in self.before_acl['allow']:
+                        self.before_acl['deny'].append(rule)
 
         for rn, method, resource, with_children in self.before_acl['deny']:
             role = self._role_model.get_by_name(rn)

diff --git a/flask_rbac/model.py b/flask_rbac/model.py
@@ -71,6 +71,8 @@ def get_by_name(name):
 
     @classmethod
     def get_all(cls):
+        """Return all existing roles
+        """
         return cls.roles