-
Notifications
You must be signed in to change notification settings - Fork 2.2k
fix: authentication errors #3012
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -88,7 +88,7 @@ def has_permissions(*permission, compare=CompareConstants.OR): | |||
def inner(func): | |||
def run(view, request, **kwargs): | |||
exit_list = list( | |||
map(lambda p: exist(request.auth.current_role_list, request.auth.permission_list, p, request, **kwargs), | |||
map(lambda p: exist(request.auth.role_list, request.auth.permission_list, p, request, **kwargs), | |||
permission)) | |||
# 判断是否有权限 | |||
if any(exit_list) if compare == CompareConstants.OR else all(exit_list): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The provided code snippet appears to be part of an authorization function that checks user permissions based on roles and individual permissions. Here's a check for common issues and suggestions:
-
Function Names: Ensure these names are descriptive and follow naming conventions.
-
Variable Names:
exist
-> Consider using a more descriptively named function or method such as_has_permission
.role_list
andpermission_list
should be consistent in their usage and naming.
-
Logic Simplification:
The condition insideif any(...) if ... else all(...)
can often be simplified to directly checking the truthiness of the result frommap
. This eliminates the redundancy created by the conditional logic within the comprehension.
Here is refactored version with some optimizations:
def _has_permission(role_list, permission_list, role, request=None, **kwargs):
return (p in {r.name for r in role_list} for p in permission_list)
def require_permissions(*permissions, compare=CompareConstants.OR):
def inner(func):
@wraps(func)
def run(view, request, *args, **kwargs):
exits = [_has_permission(request.auth.role_list, request.auth.permission_list, p, request, **kwargs) for p in permissions]
#判断是否有权限
if compare == CompareConstants.OR:
return True if any(exits) else False
elif compare == CompareConstants.AND:
return all(exits)
else:
raise ValueError(f"Invalid comparison operator: {compare}. Use OR | AND.")
return run
return inner
Key Improvements:
- Descriptive Function Name: Changed
inner
torun
to better reflect what it does. - Flattened List Comprehension: Used a flattened list comprehensions directly without nesting the logic.
- Error Handling: Added error handling for invalid comparison operators.
- Decorator Enhancements: Wrapped the
require_permissions
decorator around another function (@wraps
) to preserve metadata about the original function.
This refactoring should improve readability and maintainability while ensuring proper functionality.
fix: authentication errors