diff --git a/src/api/__init__.py b/src/api/__init__.py index 7cf0453..013dabd 100644 --- a/src/api/__init__.py +++ b/src/api/__init__.py @@ -26,13 +26,13 @@ def create_api(): from .controllers.playlist import playlist from .controllers.file import file from .controllers.auth import auth - from .controllers.roles import roles + from .controllers.roles import roles_bp app.register_blueprint(user, url_prefix='/api') app.register_blueprint(playlist, url_prefix='/api') app.register_blueprint(file, url_prefix='/api/file') app.register_blueprint(auth, url_prefix='/api/auth') - app.register_blueprint(roles, url_prefix='/api') + app.register_blueprint(roles_bp, url_prefix='/api') from .models import User, Playlist, PlaylistFile, File diff --git a/src/api/abl/PlaylistAbl.py b/src/api/abl/PlaylistAbl.py index e144bd0..cd10c90 100644 --- a/src/api/abl/PlaylistAbl.py +++ b/src/api/abl/PlaylistAbl.py @@ -9,7 +9,9 @@ from screen.ScreenManager import ScreenManager class PlaylistAbl: @staticmethod def create(data): + print(data) new_playlist = Playlist(name=data['name'], owner_id=current_user.as_dict()['id']) + return jsonify() db.session.add(new_playlist) db.session.flush() db.session.commit() diff --git a/src/api/controllers/roles.py b/src/api/controllers/roles.py index 71dc652..966783c 100644 --- a/src/api/controllers/roles.py +++ b/src/api/controllers/roles.py @@ -4,9 +4,9 @@ from flask_login import login_user, login_required, current_user, logout_user from ..models import Role from .. import db -roles = Blueprint('roles', __name__) +roles_bp = Blueprint('roles', __name__) -@roles.route('/roles', methods=['POST']) +@roles_bp.route('/roles', methods=['POST']) @login_required def create(): data = request.get_json() @@ -25,7 +25,7 @@ def create(): db.session.commit() return jsonify(new_role.as_dict()) -@roles.route('/roles/', methods=["GET"]) +@roles_bp.route('/roles/', methods=["GET"]) @login_required def get(role_id): role = db.session.query(Role).filter_by(id=role_id).first() @@ -33,13 +33,16 @@ def get(role_id): return jsonify(role.as_dict()) return jsonify(), 404 -@roles.route('/roles', methods=["GET"]) +@roles_bp.route('/roles', methods=["GET"]) @login_required def list(): - res = db.session.query(Role).all() - roles = [] - for role in roles: - roles.append(role.as_dict()) - - return jsonify(roles) + roles = db.session.query(Role).all() + return jsonify([role.as_dict() for role in roles]) + +@roles_bp.route('/roles/', methods=["GET"]) +@login_required +def search(search): + roles = db.session.query(Role).filter(Role.name.like("%"+search+"%")).all() + return jsonify([role.as_dict() for role in roles]) + diff --git a/src/api/models.py b/src/api/models.py index 7d14bab..2180701 100644 --- a/src/api/models.py +++ b/src/api/models.py @@ -21,14 +21,21 @@ class File(db.Model): def as_dict(self): return {c.name: getattr(self, c.name) for c in self.__table__.columns} +class PlaylistView(db.Model): + playlist_id = db.Column(db.Integer, db.ForeignKey('playlist.id'), primary_key=True) + role_id = db.Column(db.Integer, db.ForeignKey('role.id'), primary_key=True) + +class PlaylistEdit(db.Model): + playlist_id = db.Column(db.Integer, db.ForeignKey('playlist.id'), primary_key=True) + role_id = db.Column(db.Integer, db.ForeignKey('role.id'), primary_key=True) + class Playlist(db.Model): id = db.Column(db.Integer, primary_key = True, autoincrement=True) name = db.Column(db.String(150)) owner_id = db.Column(db.Integer, db.ForeignKey('user.id')) last_modified = db.Column(db.DateTime(timezone=True), default=func.now()) - read_permissions = db.Column(db.Integer, default=0) - write_permissions = db.Column(db.Integer, default=0) - execute_permissions = db.Column(db.Integer, default=0) + view = db.relationship('Role', secondary='PlaylistView', back_populates='playlists_view') + edit = db.relationship('Role', secondary='PlaylistEdit', back_populates='playlists_edit') files = db.relationship('File', secondary='PlaylistFile') playlist_files = db.relationship('PlaylistFile', order_by='PlaylistFile.position', back_populates='playlist') @@ -47,6 +54,8 @@ class Role(db.Model): permissions= db.Column(db.Integer, default=0) parent_id = db.Column(db.Integer, db.ForeignKey('role.id'), default=None) users = db.relationship('User', secondary='UserRole', back_populates='roles') + playlist_view = db.relationship('Playlist', secondary='PlaylistView', back_populates='view') + playlist_edit = db.relationship('Playlist', secondary='PlaylistEdit', back_populates='edit') def as_dict(self): return {c.name: getattr(self, c.name) for c in self.__table__.columns} diff --git a/src/api/permissions.py b/src/api/permissions.py index 9dbca69..94743c2 100644 --- a/src/api/permissions.py +++ b/src/api/permissions.py @@ -98,10 +98,11 @@ class CheckViewPlaylist: self.status_code = 403 def is_valid(self, args): - check_own = CheckOwnPlaylist() - if check_own.is_valid(args): + # if can edit can view, edit check also for owner + check_edit = CheckEditPlaylist() + if check_edit.is_valid(args): return True - elif check_own.status_code == 404: + elif check_edit.status_code == 404: self.message = "This playlist doesn't exist" self.status_code = 404 return False