grimhilt/signage-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve permissions systems

Browse Source
This commit is contained in:
grimhilt 2023-08-08 14:18:13 +02:00
parent 4b37f74d3e
commit 19856a386c
2 changed files with 34 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/api/models.py
View File

@ -42,9 +42,9 @@ class UserRole(db.Model):
class Role(db.Model): class Role(db.Model):
id = db.Column(db.Integer, primary_key=True, autoincrement=True) id = db.Column(db.Integer, primary_key=True, autoincrement=True)
name = db.Column(db.String) name = db.Column(db.String)
parent_id = db.Column(db.Integer, db.ForeignKey('role.id')) user_id = db.Column(db.Integer, db.ForeignKey('user.id'), default=None)
can_create_role = db.Column(db.Boolean, default=False) permissions= db.Column(db.Integer, default=0)
can_create_playlist = db.Column(db.Boolean, default=False) parent_id = db.Column(db.Integer, db.ForeignKey('role.id'), default=None)
users = db.relationship('User', secondary='UserRole', back_populates='roles') users = db.relationship('User', secondary='UserRole', back_populates='roles')
def as_dict(self): def as_dict(self):

42
src/api/permissions.py
View File

@ -1,11 +1,18 @@
from enum import Enum from enum import IntEnum
import functools import functools
from flask import request, jsonify from flask import request, jsonify
from flask_login import current_user from flask_login import current_user
from . import db from . import db
from .models import Playlist, PlaylistFile, User, Role, UserRole from .models import Playlist, PlaylistFile, User, Role, UserRole
Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST', 'ACTIVATE_PLAYLIST']) class Perm(IntEnum):
CREATE_USER = 0
CREATE_ROLE = 1
CREATE_PLAYLIST = 2
VIEW_PLAYLIST = 3
OWN_PLAYLIST = 4
EDIT_PLAYLIST = 5
ACTIVATE_PLAYLIST = 6
class permissions: class permissions:
@ -32,6 +39,8 @@ class permissions:
def CheckPermissionFactory(perm): def CheckPermissionFactory(perm):
print(perm) print(perm)
match perm: match perm:
case Perm.CREATE_USER:
return CheckCreateUser()
case Perm.CREATE_ROLE: case Perm.CREATE_ROLE:
return CheckCreateRole() return CheckCreateRole()
case Perm.CREATE_PLAYLIST: case Perm.CREATE_PLAYLIST:
@ -55,7 +64,14 @@ def get_playlist_id(args):
print("in") print("in")
return json['playlist_id'] return json['playlist_id']
return return
def checkBit(permissions, index):
binStr = bin(permissions)
lenStr = len(binStr)
print(binStr)
print(lenStr)
print(lenStr - index)
return binStr[lenStr - index - 1] == '1'
class CheckNone: class CheckNone:
def is_valid(self, args): def is_valid(self, args):
@ -110,17 +126,21 @@ class CheckEditPlaylist:
# todo check edit # todo check edit
return False return False
class CheckCreatePlaylist: class CheckCreateUser:
def is_valid(self, _): def __init__(self):
has_role_to_create = next( \ self.message = "You don't have the permission to create an user"
(True \ self.status_code = 403
for role in current_user.as_dict()['roles'] \
if role['can_create_playlist']), \
None)
def is_valid(self, _):
return checkBit(current_user.as_dict()['roles'][0]['permissions'], Perm.CREATE_USER)
class CheckCreatePlaylist:
def __init__(self):
self.message = "You don't have the permission to create a playlist" self.message = "You don't have the permission to create a playlist"
self.status_code = 403 self.status_code = 403
return has_role_to_create
def is_valid(self, _):
return checkBit(current_user.as_dict()['roles'][0]['permissions'], Perm.CREATE_PLAYLIST)
class CheckActivatePlaylist: class CheckActivatePlaylist:
def __init__(self): def __init__(self):