query for edit and view permissions on playlist

2023-08-14 01:19:55 +02:00 · 2023-08-14 01:19:55 +02:00 · 1a99011030
commit 1a99011030
parent 9ae9f1797a
1 changed files with 24 additions and 4 deletions
--- a/src/api/permissions.py
+++ b/src/api/permissions.py
@ -107,8 +107,18 @@ class CheckViewPlaylist:
            self.status_code = 404
            return False

-        # todo check view
-        return False
+        playlist_id = get_playlist_id(args)
+        user_id = current_user.as_dict()['id']
+        has_role_to_view = db.session.query(Playlist) \
+                .filter( \
+                Playlist.view.any( \
+                # check if a role belongs to this user
+                Role.user_id == user_id or \
+                # check if a this user has a role to view
+                Role.users.any(User.id == user_id) \
+                )) \
+                .first()
+        return has_role_to_view is not None

 class CheckEditPlaylist:
    def __init__(self):
@ -124,8 +134,18 @@ class CheckEditPlaylist:
            self.status_code = 404
            return False

-        # todo check edit
-        return False
+        playlist_id = get_playlist_id(args)
+        user_id = current_user.as_dict()['id']
+        has_role_to_edit = db.session.query(Playlist) \
+                .filter( \
+                Playlist.edit.any( \
+                # check if a role belongs to this user
+                Role.user_id == user_id or \
+                # check if a this user has a role to edit
+                Role.users.any(User.id == user_id) \
+                )) \
+                .first()
+        return has_role_to_edit is not None

 class CheckCreateUser:
    def __init__(self):