add permissions for playlist
This commit is contained in:
grimhilt
parent
b6b7b29c77
commit
b94b608b99
@ -5,7 +5,7 @@ from flask_login import current_user
|
|||||||
from . import db
|
from . import db
|
||||||
from .models import Playlist, PlaylistFile, User, Role, UserRole
|
from .models import Playlist, PlaylistFile, User, Role, UserRole
|
||||||
|
|
||||||
Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST'])
|
Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST'])
|
||||||
|
|
||||||
class permissions:
|
class permissions:
|
||||||
|
|
||||||
@ -35,6 +35,12 @@ def CheckPermissionFactory(perm):
|
|||||||
case Perm.CREATE_PLAYLIST:
|
case Perm.CREATE_PLAYLIST:
|
||||||
print("creat plays")
|
print("creat plays")
|
||||||
return CheckCreatePlaylist()
|
return CheckCreatePlaylist()
|
||||||
|
case Perm.VIEW_PLAYLIST:
|
||||||
|
return CheckViewPlaylist()
|
||||||
|
case Perm.OWN_PLAYLIST:
|
||||||
|
return CheckOwnPlaylist()
|
||||||
|
case Perm.EDIT_PLAYLIST:
|
||||||
|
return CheckEditPlaylist()
|
||||||
case _:
|
case _:
|
||||||
return CheckNone()
|
return CheckNone()
|
||||||
|
|
||||||
@ -43,11 +49,40 @@ class CheckNone:
|
|||||||
def is_valid(self):
|
def is_valid(self):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
class CheckOwnPlaylist:
|
||||||
|
def is_valid(self, playlist_id):
|
||||||
|
query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
|
||||||
|
self.message = "You don't own this playlist"
|
||||||
|
self.status_code = 403
|
||||||
|
return query['owner_id'] == current_user.as_dict()['id']
|
||||||
|
|
||||||
|
class CheckViewPlaylist:
|
||||||
|
def is_valid(self, playlist_id):
|
||||||
|
if CheckOwnPlaylist().is_valid(playlist_id):
|
||||||
|
return True
|
||||||
|
self.message = "You don't have the permission to view this playlist"
|
||||||
|
self.status_code = 403
|
||||||
|
return False
|
||||||
|
|
||||||
|
class CheckEditPlaylist:
|
||||||
|
def is_valid(self, playlist_id):
|
||||||
|
if CheckOwnPlaylist().is_valid(playlist_id):
|
||||||
|
return True
|
||||||
|
|
||||||
|
self.message = "You don't have the permission to edit this playlist"
|
||||||
|
self.status_code = 403
|
||||||
|
return False
|
||||||
|
|
||||||
class CheckCreatePlaylist:
|
class CheckCreatePlaylist:
|
||||||
def is_valid(self):
|
def is_valid(self, _):
|
||||||
q = db.session.query(User) \
|
has_role_to_create = next( \
|
||||||
.filter_by(id=current_user.as_dict()['id']) \
|
(True \
|
||||||
.first()
|
for role in current_user.as_dict()['roles'] \
|
||||||
print(q.as_dict())
|
if role['can_create_playlist']), \
|
||||||
|
None)
|
||||||
|
|
||||||
|
self.message = "You don't have the permission to create a playlist"
|
||||||
|
self.status_code = 403
|
||||||
|
return has_role_to_create
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user