From b94b608b990fdf7a672992a5987264c9c2440001 Mon Sep 17 00:00:00 2001
From: grimhilt <grimhilt@users.noreply.github.com>
Date: Sat, 5 Aug 2023 16:41:33 +0200
Subject: [PATCH] add permissions for playlist

---
 src/api/permissions.py | 47 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/src/api/permissions.py b/src/api/permissions.py
index d592fce..99e0b38 100644
--- a/src/api/permissions.py
+++ b/src/api/permissions.py
@@ -5,7 +5,7 @@ from flask_login import current_user
 from . import db
 from .models import Playlist, PlaylistFile, User, Role, UserRole
 
-Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST'])
+Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST'])
 
 class permissions:
     
@@ -35,6 +35,12 @@ def CheckPermissionFactory(perm):
         case Perm.CREATE_PLAYLIST:
             print("creat plays")
             return CheckCreatePlaylist()
+        case Perm.VIEW_PLAYLIST:
+            return CheckViewPlaylist()
+        case Perm.OWN_PLAYLIST:
+            return CheckOwnPlaylist()
+        case Perm.EDIT_PLAYLIST:
+            return CheckEditPlaylist()
         case _:
             return CheckNone()
 
@@ -43,11 +49,40 @@ class CheckNone:
     def is_valid(self):
         return True
 
+class CheckOwnPlaylist:
+    def is_valid(self, playlist_id):
+        query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
+        self.message = "You don't own this playlist"
+        self.status_code = 403
+        return query['owner_id'] == current_user.as_dict()['id']
+
+class CheckViewPlaylist:
+    def is_valid(self, playlist_id):
+        if CheckOwnPlaylist().is_valid(playlist_id):
+            return True
+        self.message = "You don't have the permission to view this playlist"
+        self.status_code = 403
+        return False
+
+class CheckEditPlaylist:
+    def is_valid(self, playlist_id):
+        if CheckOwnPlaylist().is_valid(playlist_id):
+            return True
+
+        self.message = "You don't have the permission to edit this playlist"
+        self.status_code = 403
+        return False
+
 class CheckCreatePlaylist:
-    def is_valid(self):
-        q = db.session.query(User) \
-                .filter_by(id=current_user.as_dict()['id']) \
-                .first()
-        print(q.as_dict())
+    def is_valid(self, _):
+        has_role_to_create = next( \
+                (True \
+                for role in current_user.as_dict()['roles'] \
+                if role['can_create_playlist']), \
+                None)
+
+        self.message = "You don't have the permission to create a playlist"
+        self.status_code = 403
+        return has_role_to_create