fix: authentication errors

[shaohuzhang1]

fix: authentication errors

[f2c-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[shaohuzhang1]

The provided code snippet appears to be part of an authorization function that checks user permissions based on roles and individual permissions. Here's a check for common issues and suggestions:

1. Function Names: Ensure these names are descriptive and follow naming conventions.

2. Variable Names:

   • exist -> Consider using a more descriptively named function or method such as _has_permission.
   • role_list and permission_list should be consistent in their usage and naming.

3. Logic Simplification:
   The condition inside if any(...) if ... else all(...) can often be simplified to directly checking the truthiness of the result from map. This eliminates the redundancy created by the conditional logic within the comprehension.

Here is refactored version with some optimizations:

def _has_permission(role_list, permission_list, role, request=None, **kwargs):
    return (p in {r.name for r in role_list} for p in permission_list)

def require_permissions(*permissions, compare=CompareConstants.OR):
    def inner(func):
        @wraps(func)
        def run(view, request, *args, **kwargs):
            exits = [_has_permission(request.auth.role_list, request.auth.permission_list, p, request, **kwargs) for p in permissions]
            #判断是否有权限
            if compare == CompareConstants.OR:
                return True if any(exits) else False
            elif compare == CompareConstants.AND:
                return all(exits)
            else:
                raise ValueError(f"Invalid comparison operator: {compare}. Use OR | AND.")
        
        return run
    
    return inner

Key Improvements:

• Descriptive Function Name: Changed inner to run to better reflect what it does.
• Flattened List Comprehension: Used a flattened list comprehensions directly without nesting the logic.
• Error Handling: Added error handling for invalid comparison operators.
• Decorator Enhancements: Wrapped the require_permissions decorator around another function (@wraps) to preserve metadata about the original function.

This refactoring should improve readability and maintainability while ensuring proper functionality.