add permissions for playlist

2023-08-05 16:41:33 +02:00 · 2023-08-05 16:41:33 +02:00 · b94b608b99
commit b94b608b99
parent b6b7b29c77
1 changed files with 41 additions and 6 deletions
--- a/src/api/permissions.py
+++ b/src/api/permissions.py
@ -5,7 +5,7 @@ from flask_login import current_user
 from . import db
 from .models import Playlist, PlaylistFile, User, Role, UserRole

-Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST'])
+Perm = Enum('Perm', ['CREATE_ROLE', 'CREATE_PLAYLIST', 'VIEW_PLAYLIST', 'OWN_PLAYLIST', 'EDIT_PLAYLIST'])

 class permissions:
    
@ -35,6 +35,12 @@ def CheckPermissionFactory(perm):
        case Perm.CREATE_PLAYLIST:
            print("creat plays")
            return CheckCreatePlaylist()
+        case Perm.VIEW_PLAYLIST:
+            return CheckViewPlaylist()
+        case Perm.OWN_PLAYLIST:
+            return CheckOwnPlaylist()
+        case Perm.EDIT_PLAYLIST:
+            return CheckEditPlaylist()
        case _:
            return CheckNone()

@ -43,11 +49,40 @@ class CheckNone:
    def is_valid(self):
        return True

+class CheckOwnPlaylist:
+    def is_valid(self, playlist_id):
+        query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
+        self.message = "You don't own this playlist"
+        self.status_code = 403
+        return query['owner_id'] == current_user.as_dict()['id']
+
+class CheckViewPlaylist:
+    def is_valid(self, playlist_id):
+        if CheckOwnPlaylist().is_valid(playlist_id):
+            return True
+        self.message = "You don't have the permission to view this playlist"
+        self.status_code = 403
+        return False
+
+class CheckEditPlaylist:
+    def is_valid(self, playlist_id):
+        if CheckOwnPlaylist().is_valid(playlist_id):
+            return True
+
+        self.message = "You don't have the permission to edit this playlist"
+        self.status_code = 403
+        return False
+
 class CheckCreatePlaylist:
-    def is_valid(self):
-        q = db.session.query(User) \
-                .filter_by(id=current_user.as_dict()['id']) \
-                .first()
-        print(q.as_dict())
+    def is_valid(self, _):
+        has_role_to_create = next( \
+                (True \
+                for role in current_user.as_dict()['roles'] \
+                if role['can_create_playlist']), \
+                None)
+
+        self.message = "You don't have the permission to create a playlist"
+        self.status_code = 403
+        return has_role_to_create