16 changed files with 77 additions and 308 deletions
--- a/README.md
+++ b/README.md
@ -3,36 +3,20 @@
 # Deployment (from source)
 - ``git clone https://github.com/grimhilt/artemio-server.git``
- 
+
 python3 -m venv .venv
 source .venv/bin/activate
 python -m pip install -r requirements.txt
 sudo apt install libjpeg-dev zlib1g-dev
 pip install Pillow
 sudo apt install libmpv-dev
 gunicorn -w 1 -b 0.0.0.0:5500 index:api --access-logfile access.log --error-logfile error.log
 # Documentation
 ## API
-### Permissions
+/api/login
-
+/api/logout
 | Name | Child Of | Description
 | --- | --- | ---
 CREATE_USER | 
 CREATE_ROLE |
 CREATE_PLAYLIST |
 VIEW_PLAYLIST | EDIT_PLAYLIST
 OWN_PLAYLIST |
 EDIT_PLAYLIST | OWN_PLAYLIST
 ACTIVATE_PLAYLIST |
 ### Playlists (*/api/playlists*)
-*The user need to be logged in for every routes.*
+The user need to be logged in for every routes
 | Method | Endpoint | Permission | Description
 | --- | --- | --- | --- |
@ -42,24 +26,13 @@ ACTIVATE_PLAYLIST |
 | POST | ``/api/playlists/:id`` | EDIT_PLAYLIST | Add file to playlist
 | POST | ``/api/playlists/:id/order`` | EDIT_PLAYLIST | Change file order
 | POST | ``/api/playlists/:id/seconds`` | EDIT_PLAYLIST | Change display time of a file
-| POST | ``/api/playlists/:id/remove_file`` | EDIT_PLAYLIST | Remove file from the playlist
+| POST | ``/api/playlists/:id/remove_file`` | EDIT_PLAYLIST |
-| PUT  | ``/api/playlists/:id/update`` | OWN_PLAYLIST | Update properties of the playlist
+| PUT  | ``/api/playlists/:id/update`` | OWN_PLAYLIST |
 | POST | ``/api/playlists/:id/activate`` | ACTIVATE_PLAYLIST |
 | POST | ``/api/playlists/:id/disactivate`` | ACTIVATE_PLAYLIST |
 ### Users
 ### Playlists (*/api/playlists*)
 *The user need to be logged in for every routes.*
 | Method | Endpoint | Permission | Description
 | --- | --- | --- | --- |
 | GET | ``/api/files`` | EDIT_PLAYLIST | List all existing files
 | GET | ``/api/files/:id`` | VIEW_PLAYLIST | Return the file
 | POST | ``/api/files/upload`` | EDIT_PLAYLIST | Upload one or multiple files
 | DELETE | ``/api/files/:id`` | OWN_PLAYLIST | Delete the file
 ### Roles
-### Files
+### 
--- a/src/api/init.py
+++ b/src/api/init.py
@ -3,7 +3,6 @@ from flask_sqlalchemy import SQLAlchemy
 from flask_cors import CORS
 from flask_login import LoginManager
 from os import path
 from config.config import get_secret_key
 import logging
@ -16,7 +15,7 @@ def create_api():
    CORS(app)
    logging.getLogger('flask_cors').level = logging.DEBUG
    app.config['SQLALCHEMY_DATABASE_URI'] = f'sqlite:///{DB_NAME}'
-    app.secret_key = get_secret_key() 
+    app.secret_key = b'_5#y2L"F4Qfj8zxec]'
    login_manager = LoginManager()
    login_manager.init_app(app)
--- a/src/api/abl/PlaylistAbl.py
+++ b/src/api/abl/PlaylistAbl.py
@ -3,7 +3,6 @@ from ..models import Playlist, PlaylistFile, File, Role
 from .. import db
 from datetime import datetime
 from ..dao.Playlist import PlaylistDao
 from ..dao.UsersDao import UsersDao
 from flask_login import current_user
 from screen.ScreenManager import ScreenManager
@ -51,18 +50,17 @@ class PlaylistAbl:
    def get_playlist(playlist_id):
        (query, files) = PlaylistDao.get_playlist(playlist_id)
        query = query.as_dict_with_roles()
-        return jsonify({
+        return jsonify({ \
-                'id': query['id'],
+                'id': query['id'], \
-                'name': query['name'],
+                'name': query['name'], \
-                'owner_id': query['owner_id'],
+                'owner_id': query['owner_id'], \
-                'view': query['view'],
+                'view': query['view'], \
-                'edit': query['edit'],
+                'edit': query['edit'], \
                'files': files})
    @staticmethod
    def list():
-        user_id = current_user.as_dict()['id']
+        playlists = db.session.query(Playlist).all()
        playlists = UsersDao.playlists(user_id)
        res = []
        for playlist in playlists:
            p = playlist.as_dict()
@ -75,11 +73,11 @@ class PlaylistAbl:
    # EDIT PLAYLIST CONTENT
    @staticmethod
    def add_file(playlist_id, data):
-        new_playlist_file = PlaylistFile(
+        new_playlist_file = PlaylistFile( \
-                playlist_id=playlist_id,
+                playlist_id=playlist_id, \
-                file_id=data['file_id'],
+                file_id=data['file_id'], \
-                position=data['position'],
+                position=data['position'], \
-                seconds=data['seconds']
+                seconds=data['seconds'] \
                )
        db.session.add(new_playlist_file)
@ -89,7 +87,7 @@ class PlaylistAbl:
    @staticmethod
    def change_order(playlist_id, data):
        db.session.query(PlaylistFile) \
-                .filter(PlaylistFile.id == data['pfid']) \
+                .filter(PlaylistFile.file_id == data['file_id']) \
                .filter(PlaylistFile.playlist_id == playlist_id) \
                .update({'position': data['position']})
        db.session.commit()
@ -98,7 +96,7 @@ class PlaylistAbl:
    @staticmethod
    def change_seconds(playlist_id, data):
        db.session.query(PlaylistFile) \
-                .filter(PlaylistFile.id == data['pfid']) \
+                .filter(PlaylistFile.file_id == data['file_id']) \
                .filter(PlaylistFile.playlist_id == playlist_id) \
                .update({'seconds': data['seconds']})
        db.session.commit()
@ -107,7 +105,7 @@ class PlaylistAbl:
    @staticmethod
    def remove_file(playlist_id, data):
        query = db.session.query(PlaylistFile) \
-                .filter(PlaylistFile.id == data['pfid']) \
+                .filter(PlaylistFile.id == data['file_id']) \
                .first()
        db.session.delete(query)
        db.session.commit()
--- a/src/api/abl/UserAbl.py
+++ b/src/api/abl/UserAbl.py
@ -1,13 +1,13 @@
 from flask import Blueprint, request, jsonify
-from werkzeug.security import check_password_hash
+from werkzeug.security import generate_password_hash, check_password_hash
 from flask_login import current_user
 from ..models import User, Role
 from api.dao.UsersDao import UsersDao
 from .. import db
 def is_current_admin():
    return current_user.as_dict()['roles'][0]['parent_id'] is None
 class UserAbl:
    @staticmethod
@ -27,14 +27,30 @@ class UserAbl:
            if bit == '1' and bit != user_perms[position]:
                return jsonify(message="You don't have the permission to give permission(s) you don't have"), 403
-        # create user
+        # create the user
-        new_user = UsersDao.create(login, password, permissions, current_user)
+        new_user = User( \
                login=login, \
                password=generate_password_hash(password, method='sha256') \
                )
        db.session.add(new_user)
        db.session.flush()
        # create the permissions for the user
        new_role = Role( \
                name=login, \
                user_id=new_user.as_dict()['id'], \
                parent_id=current_user.as_dict()['roles'][0]['id'], \
                permissions=permissions)
        db.session.add(new_role)
        new_user.roles.append(new_role)
        db.session.flush()
        db.session.commit()
        return jsonify(new_user.as_dict())
    @staticmethod
    def update(user_id, data):
        # todo
        return jsonify()
    @staticmethod
--- a/src/api/controllers/file.py
+++ b/src/api/controllers/file.py
@ -1,15 +1,11 @@
 from flask import Blueprint, request, jsonify, send_file
 from flask_login import login_required
 from ..permissions import Perm, permissions
 from ..models import File
 from .. import db
 files = Blueprint('files', __name__)
-FILE_DIR = '../data/'
+FILE_DIR = './data/'
@files.route('/files', methods=['POST'])
@login_required
@permissions.require([Perm.EDIT_PLAYLIST])
 def upload():
    res = []
    for file_key in request.files:
@ -26,8 +22,6 @@ def upload():
        return jsonify(res)
@files.route('/files', methods=['GET'])
@login_required
@permissions.require([Perm.EDIT_PLAYLIST])
 def list():
    files = db.session.query(File).all()
    res = []
@ -36,17 +30,12 @@ def list():
    return jsonify(res)
@files.route('/files/<int:file_id>', methods=['GET'])
@login_required
@permissions.require([Perm.VIEW_PLAYLIST])
 def load(file_id):
    file = db.session.query(File).filter(File.id == file_id).first()
    return send_file(('../../data/' + file.name), mimetype=file.type)
@files.route('/files/<int:file_id>', methods=['DELETE'])
@login_required
@permissions.require([Perm.OWN_PLAYLIST])
 def delete(file_id):
    # todo warning if file is still in use
    rows = db.session.query(File).filter(File.id == file_id).all()
    for row in rows:
        db.session.delete(row)
--- a/src/api/controllers/playlist.py
+++ b/src/api/controllers/playlist.py
@ -20,7 +20,6 @@ def create():
@playlist.route('/playlists', methods=["GET"])
@login_required
@permissions.require([Perm.VIEW_PLAYLIST])
 def list():
    return PlaylistAbl.list()
--- a/src/api/dao/ParentRoleDao.py
+++ b/src/api/dao/ParentRoleDao.py
@ -1,15 +0,0 @@
 from .. import db
 from ..models import User, Role, Playlist, ParentRole
 class ParentRoleDao:
    def get_children(role_id):
        children = db.session.query(ParentRole) \
                .filter(ParentRole.parent_id == role_id) \
                .all()
        return children
    def get_parents(role_id):
        parents = db.session.query(ParentRole) \
                .filter(ParentRole.child_id == role_id) \
                .all()
        return parents
--- a/src/api/dao/Playlist.py
+++ b/src/api/dao/Playlist.py
@ -13,32 +13,3 @@ class PlaylistDao:
            files.append(file)
        return (query, files)
    def get_playlist_q(playlist_id):
        query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
        return query
    def has_role_view_d(playlist_id, user_id):
        has_role_to_view = db.session.query(Playlist) \
                .filter(Playlist.id == playlist_id) \
                .filter(
                Playlist.view.any(
                # check if a role belongs to this user
                Role.user_id == user_id or
                # check if a this user has a role to view
                Role.users.any(User.id == user_id)
                )) \
                .first()
        return has_role_to_view
    def has_role_edit_d(playlist_id, user_id):
        has_role_to_edit = db.session.query(Playlist) \
                .filter(
                Playlist.edit.any(
                # check if a role belongs to this user
                Role.user_id == user_id or
                # check if a this user has a role to edit
                Role.users.any(User.id == user_id)
                )) \
                .first()
        return has_role_to_edit
--- a/src/api/dao/RolesDao.py
+++ b/src/api/dao/RolesDao.py
@ -1,31 +0,0 @@
 from .. import db
 from ..models import User, Role, Playlist, ParentRole
 from .ParentRoleDao import ParentRoleDao
 class RolesDao:
    def create(name, user_id, parent_id, permissions):
        new_role = Role(
                name=name,
                user_id=user_id,
                parent_id=parent_id,
                permissions=permissions)
        db.session.add(new_role)
        # get all parents
        parents = ParentRoleDao.get_parents(parent_id)         
        parent_ids = [parent_id]
        for parent in parents:
            parent_ids.append(parent.as_dict()['parent_id'])
        # add all parents
        for id in parent_ids:
            parent_role = ParentRole(
                    parent_id=id,
                    child_id=user_id
                    )
            db.session.add(parent_role)
        db.session.flush()
        return new_role
--- a/src/api/dao/UsersDao.py
+++ b/src/api/dao/UsersDao.py
@ -1,74 +0,0 @@
 from .. import db
 from werkzeug.security import generate_password_hash, check_password_hash
 from ..models import User, Role, Playlist
 from .RolesDao import RolesDao
 class UsersDao:
    def create(login, password, permissions, current_user):
        # create the user
        new_user = User(
                login=login,
                password=generate_password_hash(password, method='sha256')
                )
        db.session.add(new_user)
        db.session.flush()
        # create role for the user
        new_role = RolesDao.create(
                name=login,
                user_id=new_user.as_dict()['id'],
                parent_id=current_user.as_dict()['roles'][0]['id'],
                permissions=permissions)
        new_user.roles.append(new_role)
        db.session.flush()
        return new_user
    def has_role_view_q(user_id):
        has_role_to_view = db.session.query(User) \
                .filter(User.id == user_id) \
                .filter(
                User.roles.any(
                    Role.users.any(Role.playlists_view  is not None)
                )) \
                .first()
        return has_role_to_view
    def has_role_edit_q(user_id):
        has_role_to_edit = db.session.query(User) \
                .filter(User.id == user_id) \
                .filter(
                User.roles.any(
                    Role.users.any(Role.playlists_edit  is not None)
                )) \
                .first()
        return has_role_to_edit
    def playlists(user_id):
        # todo recursion on user parenting
        playlists = db.session.query(Playlist) \
                .filter(
                # all playlist where user can view
                Playlist.view.any(
                # check if a role belongs to this user
                Role.user_id == user_id or
                # check if a this user has a role to view
                Role.users.any(User.id == user_id) \
                ) |
                # all playlist where user can edit
                Playlist.edit.any(
                    # check if a role belongs to this user
                    Role.user_id == user_id or
                    # check if a this user has a role to edit
                    Role.users.any(User.id == user_id)
                ) |
                (Playlist.owner_id == user_id)
                ) \
                .all()
        return playlists
--- a/src/api/models.py
+++ b/src/api/models.py
@ -55,36 +55,16 @@ class UserRole(db.Model):
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), primary_key=True)
    role_id = db.Column(db.Integer, db.ForeignKey('role.id'), primary_key=True)
 class ParentRole(db.Model):
    __tablename__ = 'ParentRole'
    parent_id = db.Column(db.Integer, db.ForeignKey('role.id'), primary_key=True)
    child_id = db.Column(db.Integer, db.ForeignKey('role.id'), primary_key=True)
    def as_dict(self):
       return {c.name: getattr(self, c.name) for c in self.__table__.columns}
 class Role(db.Model):
    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
    name = db.Column(db.String)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), default=None)
    permissions = db.Column(db.Integer, default=0)
    parent_id = db.Column(db.Integer, db.ForeignKey('role.id'), default=None)
    children = db.relationship('Role', secondary="ParentRole",
                            primaryjoin=id == ParentRole.parent_id,
                            secondaryjoin=id == ParentRole.child_id,
                            backref='parents')
    users = db.relationship('User', secondary='UserRole', back_populates='roles')
    playlists_view = db.relationship('Playlist', secondary='PlaylistView', back_populates='view')
    playlists_edit = db.relationship('Playlist', secondary='PlaylistEdit', back_populates='edit')
    def as_full_dict(self):
        res = self.as_dict()
        res['parents'] = [parent.as_dict() for parent in self.parents]
        res['children'] = [child.as_dict() for child in self.children]
        return res
    def as_dict(self):
        return {c.name: getattr(self, c.name) for c in self.__table__.columns}
@ -96,7 +76,7 @@ class User(db.Model, UserMixin):
    def as_dict(self):
        res = self.as_dict_unsafe()
-        res['roles'] = [role.as_full_dict() for role in self.roles]
+        res['roles'] = [role.as_dict() for role in self.roles]
        del res['password']
        return res
--- a/src/api/permissions.py
+++ b/src/api/permissions.py
@ -4,9 +4,6 @@ from flask import request, jsonify
 from flask_login import current_user
 from . import db
 from .models import Playlist, PlaylistFile, User, Role, UserRole
 from .dao.Playlist import PlaylistDao
 from .dao.UsersDao import UsersDao
 class Perm(IntEnum):
    CREATE_USER = 0
@ -29,7 +26,7 @@ class permissions:
                    check_perm = CheckPermissionFactory(perm)
                    print(args, kwargs)
                    if not check_perm.is_valid(kwargs):
-                        return jsonify(
+                        return jsonify( \
                                message=check_perm.message), \
                                check_perm.status_code
                return func(*args, **kwargs)
@ -62,10 +59,11 @@ def CheckPermissionFactory(perm):
 def get_playlist_id(args):
    if 'playlist_id' in args:
        return args['playlist_id'] 
-    json = request.get_json(silent=True)
+    json = request.get_json()
-    if json is not None and 'playlist_id' in json:
+    if 'playlist_id' in json:
        print("in")
        return json['playlist_id']
-    return None
+    return
 def checkBit(permissions, index):
    binStr = bin(permissions)
@ -86,14 +84,12 @@ class CheckOwnPlaylist:
    def is_valid(self, args):
        playlist_id = get_playlist_id(args)
-        if playlist_id is None:
+        query = db.session.query(Playlist).filter(Playlist.id == playlist_id).first()
            return False
        query = PlaylistDao.get_playlist_q(playlist_id)
        if query is None:
            self.message = "This playlist doesn't exist"
            self.status_code = 404
            return False
        print(query.as_dict())
        return query.as_dict()['owner_id'] == current_user.as_dict()['id']
 class CheckViewPlaylist:
@ -113,18 +109,15 @@ class CheckViewPlaylist:
        playlist_id = get_playlist_id(args)
        user_id = current_user.as_dict()['id']
-
+        has_role_to_view = db.session.query(Playlist) \
-        # if playlist_id is none then there is not precise playlist 
+                .filter( \
-        # to compare the permissions, so we check if the user has 
+                Playlist.view.any( \
-        # a permission on any playlist
+                # check if a role belongs to this user
-        has_role_to_view = None
+                Role.user_id == user_id or \
-        if playlist_id is not None:
+                # check if a this user has a role to view
-            # check if has role on one precise playlist
+                Role.users.any(User.id == user_id) \
-            has_role_to_view = PlaylistDao.has_role_to_view(playlist_id, user_id)
+                )) \
-        else:
+                .first()
            # check if has role to view any playlist
            has_role_to_view = UsersDao.has_role_view_q(user_id)
        return has_role_to_view is not None
 class CheckEditPlaylist:
@ -143,18 +136,15 @@ class CheckEditPlaylist:
        playlist_id = get_playlist_id(args)
        user_id = current_user.as_dict()['id']
-
+        has_role_to_edit = db.session.query(Playlist) \
-        # if playlist_id is none then there is not precise playlist 
+                .filter( \
-        # to compare the permissions, so we check if the user has 
+                Playlist.edit.any( \
-        # a permission on any playlist
+                # check if a role belongs to this user
-        has_role_to_edit = None
+                Role.user_id == user_id or \
-        if playlist_id is not None:
+                # check if a this user has a role to edit
-            # check if has role on one precise playlist
+                Role.users.any(User.id == user_id) \
-            has_role_to_edit = PlaylistDao.has_role_to_edit(playlist_id, user_id)
+                )) \
-        else:
+                .first()
            # check if has role to view any playlist
            has_role_to_edit = UsersDao.has_role_edit_q(user_id)
        return has_role_to_edit is not None
 class CheckCreateUser:
--- a/src/config/SECRET_KEY
+++ b/src/config/SECRET_KEY
@ -1 +0,0 @@
 b'Dn\xe2\x96\xd9\xe7Z;\xd7;\x03\xbe\xa8J\xc7\xda\xd2\xe6\xfa\xe6HU( '
--- a/src/config/config.py
+++ b/src/config/config.py
@ -1,19 +0,0 @@
 import os
 import random
 import string
 SECRET_KEY_FILE = './config/SECRET_KEY'
 def get_secret_key():
    if os.path.isfile(SECRET_KEY_FILE):
        # read the secret key from the file
        with open(SECRET_KEY_FILE, 'r') as file:
            secret_key = file.read().strip()
        return secret_key
    else:
        # generate a new secret key
        secret_key = os.urandom(24)
        # save it to the file
        with open(SECRET_KEY_FILE, 'w') as file:
            file.write(str(secret_key))
        return secret_key
--- a/src/index.py
+++ b/src/index.py
@ -1,16 +1,12 @@
 from api import create_api
 from screen.ScreenManager import ScreenManager
-api = create_api()
+#api = create_api()
-screen_manager = ScreenManager().getInstance()
+#screen_manager = ScreenManager().getInstance()
 if __name__ == '__main__':
    #api.run(host="0.0.0.0", port=5500, debug=True)
-    #api.run()
+    #api.run(host="0.0.0.0", port=5500)
    api.run(host="0.0.0.0", port=5500)
 def test():
    from screen.SlideShow import SlideShow
    import tkinter as tk
    import mpv
--- a/src/screen/SlideShow.py
+++ b/src/screen/SlideShow.py
@ -7,8 +7,6 @@ import imageio
 import vlc
 import mpv
 DATA_DIR = "../data/"
 class SlideShow:
    def __init__(self, root, files):
        print(files)
@ -64,7 +62,7 @@ class MediaFactory:
    def image_player(self):
        print("image player")
-        path = DATA_DIR + self.file['name']
+        path = './data/' + self.file['name']
        image = Image.open(path)
        image = self.parent.resize_full_screen(image)
@ -80,7 +78,7 @@ class VideoPlayer:
    def __init__(self, parent, file):
        self.file = file
        self.parent = parent
-        self.path = DATA_DIR + self.file['name']
+        self.path = './data/' + self.file['name']
        #self.mpv_instance = mpv.MPV(wid=str(self.parent.canvas.winfo_id()))
        instance = vlc.Instance()
        player = instance.media_player_new()
		`@ -1 +0,0 @@`
			`b'Dn\xe2\x96\xd9\xe7Z;\xd7;\x03\xbe\xa8J\xc7\xda\xd2\xe6\xfa\xe6HU( '`