diff --git a/src/api/abl/AuthAbl.py b/src/api/abl/AuthAbl.py index 3481bfb..83401f1 100644 --- a/src/api/abl/AuthAbl.py +++ b/src/api/abl/AuthAbl.py @@ -43,7 +43,7 @@ class AuthAbl: return jsonify(message="Incorrect credentials"), 401 login_user(user) - return jsonify(success=True) + return jsonify(user.as_dict()) @staticmethod def profile(): diff --git a/src/api/abl/PlaylistAbl.py b/src/api/abl/PlaylistAbl.py index fab33cf..57a7926 100644 --- a/src/api/abl/PlaylistAbl.py +++ b/src/api/abl/PlaylistAbl.py @@ -28,8 +28,11 @@ class PlaylistAbl: @staticmethod def get_playlist(playlist_id): - (query, files) = PlaylistDao.get_playlist(playlist_id) - return jsonify({'id': query.id, 'name': query.name, 'files': files}) + print("get") + #(query, files) = PlaylistDao.get_playlist(playlist_id) + print(query) + #return jsonify({'id': query.id, 'name': query.name, 'files': files}) + return jsonify(success=True) # EDIT PLAYLIST CONTENT @staticmethod diff --git a/src/api/controllers/auth.py b/src/api/controllers/auth.py index 7863d88..28bf475 100644 --- a/src/api/controllers/auth.py +++ b/src/api/controllers/auth.py @@ -22,4 +22,3 @@ def logout(): @login_required def profile(): return AuthAbl.profile() - diff --git a/src/api/dao/Playlist.py b/src/api/dao/Playlist.py index bff345f..0d43f0c 100644 --- a/src/api/dao/Playlist.py +++ b/src/api/dao/Playlist.py @@ -3,9 +3,13 @@ from ..models import Playlist, PlaylistFile, File class PlaylistDao: def get_playlist(playlist_id): + print(playlist_id) + print("ok") query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first() + print("ok") + print(query.files) files = [] - for playlist_file in query.playlist_files: + for playlist_file in query.files: file = playlist_file.file.as_dict() file['position'] = playlist_file.position file['seconds'] = playlist_file.seconds diff --git a/src/api/models.py b/src/api/models.py index c2496b3..a2d0bfc 100644 --- a/src/api/models.py +++ b/src/api/models.py @@ -8,14 +8,12 @@ class PlaylistFile(db.Model): file_id = db.Column(db.Integer, db.ForeignKey('file.id'), primary_key=True) position = db.Column(db.Integer) seconds = db.Column(db.Integer, default=10) - playlist = db.relationship('Playlist', back_populates='playlist_files') - file = db.relationship('File', back_populates='playlist_files') class File(db.Model): id = db.Column(db.Integer, primary_key = True, autoincrement=True) name = db.Column(db.String(150)) type = db.Column(db.String(255)) # maximum length of mimetype - playlist_files = db.relationship('PlaylistFile', back_populates='file') + playlists = db.relationship('Playlist', secondary='PlaylistFile', back_populates='files') def as_dict(self): return {c.name: getattr(self, c.name) for c in self.__table__.columns} @@ -28,8 +26,7 @@ class Playlist(db.Model): read_permissions = db.Column(db.Integer, default=0) write_permissions = db.Column(db.Integer, default=0) execute_permissions = db.Column(db.Integer, default=0) - files = db.relationship('File', secondary='PlaylistFile') - playlist_files = db.relationship('PlaylistFile', order_by='PlaylistFile.position', back_populates='playlist') + files = db.relationship('File', secondary='PlaylistFile', back_populates='playlists') def as_dict(self): return {c.name: getattr(self, c.name) for c in self.__table__.columns} diff --git a/src/api/permissions.py b/src/api/permissions.py index 99e0b38..0f9bed0 100644 --- a/src/api/permissions.py +++ b/src/api/permissions.py @@ -14,9 +14,11 @@ class permissions: def decorator_require_permissions(func): @functools.wraps(func) def wrapper_require_permissions(*args, **kwargs): + print("wrapper permissions") for perm in permissions: check_perm = CheckPermissionFactory(perm) - if not check_perm.is_valid(): + print(args, kwargs) + if not check_perm.is_valid(kwargs): return jsonify( \ message=check_perm.message), \ check_perm.status_code @@ -33,7 +35,6 @@ def CheckPermissionFactory(perm): case Perm.CREATE_ROLE: return CheckCreateRole() case Perm.CREATE_PLAYLIST: - print("creat plays") return CheckCreatePlaylist() case Perm.VIEW_PLAYLIST: return CheckViewPlaylist() @@ -44,28 +45,49 @@ def CheckPermissionFactory(perm): case _: return CheckNone() +def get_playlist_id(args): + if 'playlist_id' in args: + return args['playlist_id'] + return + class CheckNone: - def is_valid(self): + def is_valid(self, args): return True class CheckOwnPlaylist: - def is_valid(self, playlist_id): - query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first() + def __init__(self): self.message = "You don't own this playlist" self.status_code = 403 + + def is_valid(self, args): + playlist_id = get_playlist_id(args) + query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first() + if query is None: + self.message = "This playlist doesn't exist" + self.status_code = 404 + return False return query['owner_id'] == current_user.as_dict()['id'] class CheckViewPlaylist: - def is_valid(self, playlist_id): - if CheckOwnPlaylist().is_valid(playlist_id): - return True + def __init__(self): self.message = "You don't have the permission to view this playlist" self.status_code = 403 + + def is_valid(self, args): + check_own = CheckOwnPlaylist() + if check_own.is_valid(args): + return True + elif check_own.status_code == 404: + self.message = "This playlist doesn't exist" + self.status_code = 404 + return False + + # todo check view return False class CheckEditPlaylist: - def is_valid(self, playlist_id): + def is_valid(self, args): if CheckOwnPlaylist().is_valid(playlist_id): return True