grimhilt/signage-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve permissions

Browse Source
This commit is contained in:
grimhilt 2023-08-07 16:52:29 +02:00
parent db5c94615e
commit 4b37f74d3e
5 changed files with 72 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/api/abl/PlaylistAbl.py
View File

@ -1,4 +1,4 @@
from flask import jsonify
from flask import jsonify, request
from ..models import Playlist, PlaylistFile, File
from .. import db
from datetime import datetime
@ -9,7 +9,7 @@ from screen.ScreenManager import ScreenManager
class PlaylistAbl:
@staticmethod
def create(data):
new_playlist = Playlist(name=data['name'], owned_id=current_user.as_dict()['id'])
new_playlist = Playlist(name=data['name'], owner_id=current_user.as_dict()['id'])
db.session.add(new_playlist)
db.session.flush()
db.session.commit()
@ -28,15 +28,24 @@ class PlaylistAbl:
@staticmethod
def get_playlist(playlist_id):
print("get")
#(query, files) = PlaylistDao.get_playlist(playlist_id)
print(query)
#return jsonify({'id': query.id, 'name': query.name, 'files': files})
return jsonify(success=True)
(query, files) = PlaylistDao.get_playlist(playlist_id)
return jsonify({'id': query.id, 'name': query.name, 'owner_id': query.owner_id, 'files': files})
@staticmethod
def list():
playlists = db.session.query(Playlist).all()
res = []
for playlist in playlists:
p = playlist.as_dict()
p['last_modified'] = p['last_modified'].isoformat()
res.append(p)
return jsonify(res)
# EDIT PLAYLIST CONTENT
@staticmethod
def add_file(data):
def add_file(playlist_id, data):
data = request.get_json()
new_playlist_file = PlaylistFile( \
playlist_id=playlist_id, \
@ -50,7 +59,7 @@ class PlaylistAbl:
return jsonify(success=True)
@staticmethod
def change_order(data):
def change_order(playlist_id, data):
db.session.query(PlaylistFile) \
.filter(PlaylistFile.file_id == data['file_id']) \
.filter(PlaylistFile.playlist_id == playlist_id) \
@ -59,7 +68,7 @@ class PlaylistAbl:
return jsonify(success=True)
@staticmethod
def change_seconds(data):
def change_seconds(playlist_id, data):
db.session.query(PlaylistFile) \
.filter(PlaylistFile.file_id == data['file_id']) \
.filter(PlaylistFile.playlist_id == playlist_id) \
@ -68,7 +77,7 @@ class PlaylistAbl:
return jsonify(success=True)
@staticmethod
def remove_file(data):
def remove_file(playlist_id, data):
data = request.get_json()
query = db.session.query(PlaylistFile) \
.filter(PlaylistFile.file_id == data['file_id']) \

23
src/api/controllers/playlist.py
View File

@ -12,7 +12,7 @@ from ..permissions import Perm, permissions
playlist = Blueprint('playlist', __name__)
@playlist.route('', methods=['POST'])
@playlist.route('/playlists', methods=['POST'])
@login_required
@permissions.require([Perm.CREATE_PLAYLIST])
def create():
@ -21,16 +21,7 @@ def create():
@playlist.route('/playlists', methods=["GET"])
@login_required
def list():
print(current_user)
playlists = db.session.query(Playlist).all()
res = []
for playlist in playlists:
p = playlist.as_dict()
p['last_modified'] = p['last_modified'].isoformat()
res.append(p)
return jsonify(res)
return PlaylistAbl.list()
@playlist.route('/playlists/<int:playlist_id>', methods=["GET"])
@login_required
@ -44,25 +35,25 @@ def get_playlist(playlist_id):
@login_required
@permissions.require([Perm.EDIT_PLAYLIST])
def add_file(playlist_id):
return PlaylistAbl.add_file(request.get_json())
return PlaylistAbl.add_file(playlist_id, request.get_json())
@playlist.route('/playlists/<int:playlist_id>/order', methods=["POST"])
@login_required
@permissions.require([Perm.EDIT_PLAYLIST])
def change_order(playlist_id):
return PlaylistAbl.change_order(request.get_json())
return PlaylistAbl.change_order(playlist_id, request.get_json())
@playlist.route('/playlits/<int:playlist_id>/seconds', methods=["POST"])
@login_required
@permissions.require([Perm.EDIT_PLAYLIST])
def change_seconds(playlist_id):
return PlaylistAbl.change_seconds(request.get_json())
return PlaylistAbl.change_seconds(playlist_id, request.get_json())
@playlist.route('/playlists/<int:playlist_id>/remove_file', methods=["POST"])
@login_required
@permissions.require([Perm.EDIT_PLAYLIST])
def remove_file(playlist_id):
return PlaylistAbl.remove_file(request.get_json())
return PlaylistAbl.remove_file(playlist_id, request.get_json())
@playlist.route('/playlists/<int:playlist_id>/update', methods=["PUT"])
@login_required
@ -72,6 +63,7 @@ def update(playlist_id):
@playlist.route('/playlists/<int:playlist_id>/activate', methods=["POST"])
@login_required
@permissions.require([Perm.ACTIVATE_PLAYLIST])
def activate(playlist_id):
screen_manager = ScreenManager.getInstance()
screen_manager.activate_playlist(playlist_id)
@ -79,6 +71,7 @@ def activate(playlist_id):
@playlist.route('/playlists/<int:playlist_id>/disactivate', methods=["POST"])
@login_required
@permissions.require([Perm.ACTIVATE_PLAYLIST])
def disactivate(playlist_id):
screen_manager = ScreenManager.getInstance()
screen_manager.disactivate_playlist()

6
src/api/dao/Playlist.py
View File

@ -3,13 +3,9 @@ from ..models import Playlist, PlaylistFile, File
class PlaylistDao:
def get_playlist(playlist_id):
print(playlist_id)
print("ok")
query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
print("ok")
print(query.files)
files = []
for playlist_file in query.files:
for playlist_file in query.playlist_files:
file = playlist_file.file.as_dict()
file['position'] = playlist_file.position
file['seconds'] = playlist_file.seconds

9
src/api/models.py
View File

@ -8,12 +8,14 @@ class PlaylistFile(db.Model):
file_id = db.Column(db.Integer, db.ForeignKey('file.id'), primary_key=True)
position = db.Column(db.Integer)
seconds = db.Column(db.Integer, default=10)
playlist = db.relationship('Playlist', back_populates='playlist_files')
file = db.relationship('File', back_populates='playlist_files')
class File(db.Model):
id = db.Column(db.Integer, primary_key = True, autoincrement=True)
name = db.Column(db.String(150))
type = db.Column(db.String(255)) # maximum length of mimetype
playlists = db.relationship('Playlist', secondary='PlaylistFile', back_populates='files')
playlist_files = db.relationship('PlaylistFile', back_populates='file')
def as_dict(self):
return {c.name: getattr(self, c.name) for c in self.__table__.columns}
@ -21,12 +23,13 @@ class File(db.Model):
class Playlist(db.Model):
id = db.Column(db.Integer, primary_key = True, autoincrement=True)
name = db.Column(db.String(150))
owned_id = db.Column(db.Integer, db.ForeignKey('user.id'))
owner_id = db.Column(db.Integer, db.ForeignKey('user.id'))
last_modified = db.Column(db.DateTime(timezone=True), default=func.now())
read_permissions = db.Column(db.Integer, default=0)
write_permissions = db.Column(db.Integer, default=0)
execute_permissions = db.Column(db.Integer, default=0)
files = db.relationship('File', secondary='PlaylistFile', back_populates='playlists')
files = db.relationship('File', secondary='PlaylistFile')
playlist_files = db.relationship('PlaylistFile', order_by='PlaylistFile.position', back_populates='playlist')
def as_dict(self):
return {c.name: getattr(self, c.name) for c in self.__table__.columns}

43
src/api/permissions.py
View File

@ -5,7 +5,7 @@ from flask_login import current_user
from . import db
from .models import Playlist, PlaylistFile, User, Role, UserRole
Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST'])
Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST', 'ACTIVATE_PLAYLIST'])
class permissions:
@ -42,12 +42,18 @@ def CheckPermissionFactory(perm):
return CheckOwnPlaylist()
case Perm.EDIT_PLAYLIST:
return CheckEditPlaylist()
case Perm.ACTIVATE_PLAYLIST:
return CheckActivatePlaylist()
case _:
return CheckNone()
def get_playlist_id(args):
if 'playlist_id' in args:
return args['playlist_id']
json = request.get_json()
if 'playlist_id' in json:
print("in")
return json['playlist_id']
return
@ -67,7 +73,8 @@ class CheckOwnPlaylist:
self.message = "This playlist doesn't exist"
self.status_code = 404
return False
return query['owner_id'] == current_user.as_dict()['id']
print(query.as_dict())
return query.as_dict()['owner_id'] == current_user.as_dict()['id']
class CheckViewPlaylist:
def __init__(self):
@ -87,12 +94,20 @@ class CheckViewPlaylist:
return False
class CheckEditPlaylist:
def is_valid(self, args):
if CheckOwnPlaylist().is_valid(playlist_id):
return True
def __init__(self):
self.message = "You don't have the permission to edit this playlist"
self.status_code = 403
def is_valid(self, args):
check_own = CheckOwnPlaylist()
if check_own.is_valid(args):
return True
elif check_own.status_code == 404:
self.message = "This playlist doesn't exist"
self.status_code = 404
return False
# todo check edit
return False
class CheckCreatePlaylist:
@ -107,4 +122,20 @@ class CheckCreatePlaylist:
self.status_code = 403
return has_role_to_create
class CheckActivatePlaylist:
def __init__(self):
self.message = "You don't have the permission to activate this playlist"
self.status_code = 403
def is_valid(self, args):
check_own = CheckOwnPlaylist()
if check_own.is_valid(args):
return True
elif check_own.status_code == 404:
self.message = "This playlist doesn't exist"
self.status_code = 404
return False
# todo check view
return False