grimhilt/signage-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve permissions

Browse Source
This commit is contained in:
grimhilt 2023-08-07 16:52:29 +02:00
parent db5c94615e
commit 4b37f74d3e
5 changed files with 72 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/api/abl/PlaylistAbl.py
View File

@ -1,4 +1,4 @@
from flask import jsonify from flask import jsonify, request
from ..models import Playlist, PlaylistFile, File from ..models import Playlist, PlaylistFile, File
from .. import db from .. import db
from datetime import datetime from datetime import datetime
@ -9,7 +9,7 @@ from screen.ScreenManager import ScreenManager
class PlaylistAbl: class PlaylistAbl:
@staticmethod @staticmethod
def create(data): def create(data):
new_playlist = Playlist(name=data['name'], owned_id=current_user.as_dict()['id']) new_playlist = Playlist(name=data['name'], owner_id=current_user.as_dict()['id'])
db.session.add(new_playlist) db.session.add(new_playlist)
db.session.flush() db.session.flush()
db.session.commit() db.session.commit()
@ -28,15 +28,24 @@ class PlaylistAbl:
@staticmethod @staticmethod
def get_playlist(playlist_id): def get_playlist(playlist_id):
print("get") (query, files) = PlaylistDao.get_playlist(playlist_id)
#(query, files) = PlaylistDao.get_playlist(playlist_id) return jsonify({'id': query.id, 'name': query.name, 'owner_id': query.owner_id, 'files': files})
print(query)
#return jsonify({'id': query.id, 'name': query.name, 'files': files}) @staticmethod
return jsonify(success=True) def list():
playlists = db.session.query(Playlist).all()
res = []
for playlist in playlists:
p = playlist.as_dict()
p['last_modified'] = p['last_modified'].isoformat()
res.append(p)
return jsonify(res)
# EDIT PLAYLIST CONTENT # EDIT PLAYLIST CONTENT
@staticmethod @staticmethod
def add_file(data): def add_file(playlist_id, data):
data = request.get_json() data = request.get_json()
new_playlist_file = PlaylistFile( \ new_playlist_file = PlaylistFile( \
playlist_id=playlist_id, \ playlist_id=playlist_id, \
@ -50,7 +59,7 @@ class PlaylistAbl:
return jsonify(success=True) return jsonify(success=True)
@staticmethod @staticmethod
def change_order(data): def change_order(playlist_id, data):
db.session.query(PlaylistFile) \ db.session.query(PlaylistFile) \
.filter(PlaylistFile.file_id == data['file_id']) \ .filter(PlaylistFile.file_id == data['file_id']) \
.filter(PlaylistFile.playlist_id == playlist_id) \ .filter(PlaylistFile.playlist_id == playlist_id) \
@ -59,7 +68,7 @@ class PlaylistAbl:
return jsonify(success=True) return jsonify(success=True)
@staticmethod @staticmethod
def change_seconds(data): def change_seconds(playlist_id, data):
db.session.query(PlaylistFile) \ db.session.query(PlaylistFile) \
.filter(PlaylistFile.file_id == data['file_id']) \ .filter(PlaylistFile.file_id == data['file_id']) \
.filter(PlaylistFile.playlist_id == playlist_id) \ .filter(PlaylistFile.playlist_id == playlist_id) \
@ -68,7 +77,7 @@ class PlaylistAbl:
return jsonify(success=True) return jsonify(success=True)
@staticmethod @staticmethod
def remove_file(data): def remove_file(playlist_id, data):
data = request.get_json() data = request.get_json()
query = db.session.query(PlaylistFile) \ query = db.session.query(PlaylistFile) \
.filter(PlaylistFile.file_id == data['file_id']) \ .filter(PlaylistFile.file_id == data['file_id']) \

23
src/api/controllers/playlist.py
View File

@ -12,7 +12,7 @@ from ..permissions import Perm, permissions
playlist = Blueprint('playlist', __name__) playlist = Blueprint('playlist', __name__)
@playlist.route('', methods=['POST']) @playlist.route('/playlists', methods=['POST'])
@login_required @login_required
@permissions.require([Perm.CREATE_PLAYLIST]) @permissions.require([Perm.CREATE_PLAYLIST])
def create(): def create():
@ -21,16 +21,7 @@ def create():
@playlist.route('/playlists', methods=["GET"]) @playlist.route('/playlists', methods=["GET"])
@login_required @login_required
def list(): def list():
print(current_user) return PlaylistAbl.list()
playlists = db.session.query(Playlist).all()
res = []
for playlist in playlists:
p = playlist.as_dict()
p['last_modified'] = p['last_modified'].isoformat()
res.append(p)
return jsonify(res)
@playlist.route('/playlists/<int:playlist_id>', methods=["GET"]) @playlist.route('/playlists/<int:playlist_id>', methods=["GET"])
@login_required @login_required
@ -44,25 +35,25 @@ def get_playlist(playlist_id):
@login_required @login_required
@permissions.require([Perm.EDIT_PLAYLIST]) @permissions.require([Perm.EDIT_PLAYLIST])
def add_file(playlist_id): def add_file(playlist_id):
return PlaylistAbl.add_file(request.get_json()) return PlaylistAbl.add_file(playlist_id, request.get_json())
@playlist.route('/playlists/<int:playlist_id>/order', methods=["POST"]) @playlist.route('/playlists/<int:playlist_id>/order', methods=["POST"])
@login_required @login_required
@permissions.require([Perm.EDIT_PLAYLIST]) @permissions.require([Perm.EDIT_PLAYLIST])
def change_order(playlist_id): def change_order(playlist_id):
return PlaylistAbl.change_order(request.get_json()) return PlaylistAbl.change_order(playlist_id, request.get_json())
@playlist.route('/playlits/<int:playlist_id>/seconds', methods=["POST"]) @playlist.route('/playlits/<int:playlist_id>/seconds', methods=["POST"])
@login_required @login_required
@permissions.require([Perm.EDIT_PLAYLIST]) @permissions.require([Perm.EDIT_PLAYLIST])
def change_seconds(playlist_id): def change_seconds(playlist_id):
return PlaylistAbl.change_seconds(request.get_json()) return PlaylistAbl.change_seconds(playlist_id, request.get_json())
@playlist.route('/playlists/<int:playlist_id>/remove_file', methods=["POST"]) @playlist.route('/playlists/<int:playlist_id>/remove_file', methods=["POST"])
@login_required @login_required
@permissions.require([Perm.EDIT_PLAYLIST]) @permissions.require([Perm.EDIT_PLAYLIST])
def remove_file(playlist_id): def remove_file(playlist_id):
return PlaylistAbl.remove_file(request.get_json()) return PlaylistAbl.remove_file(playlist_id, request.get_json())
@playlist.route('/playlists/<int:playlist_id>/update', methods=["PUT"]) @playlist.route('/playlists/<int:playlist_id>/update', methods=["PUT"])
@login_required @login_required
@ -72,6 +63,7 @@ def update(playlist_id):
@playlist.route('/playlists/<int:playlist_id>/activate', methods=["POST"]) @playlist.route('/playlists/<int:playlist_id>/activate', methods=["POST"])
@login_required @login_required
@permissions.require([Perm.ACTIVATE_PLAYLIST])
def activate(playlist_id): def activate(playlist_id):
screen_manager = ScreenManager.getInstance() screen_manager = ScreenManager.getInstance()
screen_manager.activate_playlist(playlist_id) screen_manager.activate_playlist(playlist_id)
@ -79,6 +71,7 @@ def activate(playlist_id):
@playlist.route('/playlists/<int:playlist_id>/disactivate', methods=["POST"]) @playlist.route('/playlists/<int:playlist_id>/disactivate', methods=["POST"])
@login_required @login_required
@permissions.require([Perm.ACTIVATE_PLAYLIST])
def disactivate(playlist_id): def disactivate(playlist_id):
screen_manager = ScreenManager.getInstance() screen_manager = ScreenManager.getInstance()
screen_manager.disactivate_playlist() screen_manager.disactivate_playlist()

6
src/api/dao/Playlist.py
View File

@ -3,13 +3,9 @@ from ..models import Playlist, PlaylistFile, File
class PlaylistDao: class PlaylistDao:
def get_playlist(playlist_id): def get_playlist(playlist_id):
print(playlist_id)
print("ok")
query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first() query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
print("ok")
print(query.files)
files = [] files = []
for playlist_file in query.files: for playlist_file in query.playlist_files:
file = playlist_file.file.as_dict() file = playlist_file.file.as_dict()
file['position'] = playlist_file.position file['position'] = playlist_file.position
file['seconds'] = playlist_file.seconds file['seconds'] = playlist_file.seconds

9
src/api/models.py
View File

@ -8,12 +8,14 @@ class PlaylistFile(db.Model):
file_id = db.Column(db.Integer, db.ForeignKey('file.id'), primary_key=True) file_id = db.Column(db.Integer, db.ForeignKey('file.id'), primary_key=True)
position = db.Column(db.Integer) position = db.Column(db.Integer)
seconds = db.Column(db.Integer, default=10) seconds = db.Column(db.Integer, default=10)
playlist = db.relationship('Playlist', back_populates='playlist_files')
file = db.relationship('File', back_populates='playlist_files')
class File(db.Model): class File(db.Model):
id = db.Column(db.Integer, primary_key = True, autoincrement=True) id = db.Column(db.Integer, primary_key = True, autoincrement=True)
name = db.Column(db.String(150)) name = db.Column(db.String(150))
type = db.Column(db.String(255)) # maximum length of mimetype type = db.Column(db.String(255)) # maximum length of mimetype
playlists = db.relationship('Playlist', secondary='PlaylistFile', back_populates='files') playlist_files = db.relationship('PlaylistFile', back_populates='file')
def as_dict(self): def as_dict(self):
return {c.name: getattr(self, c.name) for c in self.__table__.columns} return {c.name: getattr(self, c.name) for c in self.__table__.columns}
@ -21,12 +23,13 @@ class File(db.Model):
class Playlist(db.Model): class Playlist(db.Model):
id = db.Column(db.Integer, primary_key = True, autoincrement=True) id = db.Column(db.Integer, primary_key = True, autoincrement=True)
name = db.Column(db.String(150)) name = db.Column(db.String(150))
owned_id = db.Column(db.Integer, db.ForeignKey('user.id')) owner_id = db.Column(db.Integer, db.ForeignKey('user.id'))
last_modified = db.Column(db.DateTime(timezone=True), default=func.now()) last_modified = db.Column(db.DateTime(timezone=True), default=func.now())
read_permissions = db.Column(db.Integer, default=0) read_permissions = db.Column(db.Integer, default=0)
write_permissions = db.Column(db.Integer, default=0) write_permissions = db.Column(db.Integer, default=0)
execute_permissions = db.Column(db.Integer, default=0) execute_permissions = db.Column(db.Integer, default=0)
files = db.relationship('File', secondary='PlaylistFile', back_populates='playlists') files = db.relationship('File', secondary='PlaylistFile')
playlist_files = db.relationship('PlaylistFile', order_by='PlaylistFile.position', back_populates='playlist')
def as_dict(self): def as_dict(self):
return {c.name: getattr(self, c.name) for c in self.__table__.columns} return {c.name: getattr(self, c.name) for c in self.__table__.columns}

43
src/api/permissions.py
View File

@ -5,7 +5,7 @@ from flask_login import current_user
from . import db from . import db
from .models import Playlist, PlaylistFile, User, Role, UserRole from .models import Playlist, PlaylistFile, User, Role, UserRole
Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST']) Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST', 'ACTIVATE_PLAYLIST'])
class permissions: class permissions:
@ -42,12 +42,18 @@ def CheckPermissionFactory(perm):
return CheckOwnPlaylist() return CheckOwnPlaylist()
case Perm.EDIT_PLAYLIST: case Perm.EDIT_PLAYLIST:
return CheckEditPlaylist() return CheckEditPlaylist()
case Perm.ACTIVATE_PLAYLIST:
return CheckActivatePlaylist()
case _: case _:
return CheckNone() return CheckNone()
def get_playlist_id(args): def get_playlist_id(args):
if 'playlist_id' in args: if 'playlist_id' in args:
return args['playlist_id'] return args['playlist_id']
json = request.get_json()
if 'playlist_id' in json:
print("in")
return json['playlist_id']
return return
@ -67,7 +73,8 @@ class CheckOwnPlaylist:
self.message = "This playlist doesn't exist" self.message = "This playlist doesn't exist"
self.status_code = 404 self.status_code = 404
return False return False
return query['owner_id'] == current_user.as_dict()['id'] print(query.as_dict())
return query.as_dict()['owner_id'] == current_user.as_dict()['id']
class CheckViewPlaylist: class CheckViewPlaylist:
def __init__(self): def __init__(self):
@ -87,12 +94,20 @@ class CheckViewPlaylist:
return False return False
class CheckEditPlaylist: class CheckEditPlaylist:
def is_valid(self, args): def __init__(self):
if CheckOwnPlaylist().is_valid(playlist_id):
return True
self.message = "You don't have the permission to edit this playlist" self.message = "You don't have the permission to edit this playlist"
self.status_code = 403 self.status_code = 403
def is_valid(self, args):
check_own = CheckOwnPlaylist()
if check_own.is_valid(args):
return True
elif check_own.status_code == 404:
self.message = "This playlist doesn't exist"
self.status_code = 404
return False
# todo check edit
return False return False
class CheckCreatePlaylist: class CheckCreatePlaylist:
@ -107,4 +122,20 @@ class CheckCreatePlaylist:
self.status_code = 403 self.status_code = 403
return has_role_to_create return has_role_to_create
class CheckActivatePlaylist:
def __init__(self):
self.message = "You don't have the permission to activate this playlist"
self.status_code = 403
def is_valid(self, args):
check_own = CheckOwnPlaylist()
if check_own.is_valid(args):
return True
elif check_own.status_code == 404:
self.message = "This playlist doesn't exist"
self.status_code = 404
return False
# todo check view
return False