From 6f1472addb401bf21b0d4feb9dd755d6e8892f09 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Fri, 24 Jan 2020 19:26:00 +0000 Subject: [PATCH] Add ability to limit APITokens to a package --- app/blueprints/api/tokens.py | 4 ++++ app/models.py | 11 +++++++++- app/templates/api/create_edit_token.html | 1 + migrations/versions/df66c78e6791_.py | 26 ++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 migrations/versions/df66c78e6791_.py diff --git a/app/blueprints/api/tokens.py b/app/blueprints/api/tokens.py index fcc22bb6..b8da78db 100644 --- a/app/blueprints/api/tokens.py +++ b/app/blueprints/api/tokens.py @@ -29,6 +29,8 @@ from wtforms.ext.sqlalchemy.fields import QuerySelectField class CreateAPIToken(FlaskForm): name = StringField("Name", [InputRequired(), Length(1, 30)]) + package = QuerySelectField("Limit to package", allow_blank=True, \ + get_pk=lambda a: a.id, get_label=lambda a: a.title) submit = SubmitField("Save") @@ -70,6 +72,8 @@ def create_edit_token(username, id=None): access_token = session.pop("token_" + str(id), None) form = CreateAPIToken(formdata=request.form, obj=token) + form.package.query_factory = lambda: Package.query.filter_by(author=user).all() + if request.method == "POST" and form.validate(): if is_new: token = APIToken() diff --git a/app/models.py b/app/models.py index 2e37758c..18490751 100644 --- a/app/models.py +++ b/app/models.py @@ -864,12 +864,21 @@ class PackageScreenshot(db.Model): class APIToken(db.Model): id = db.Column(db.Integer, primary_key=True) access_token = db.Column(db.String(34), unique=True) + name = db.Column(db.String(100), nullable=False) owner_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False) + # owner is created using backref + created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow) + package_id = db.Column(db.Integer, db.ForeignKey("package.id"), nullable=True) + package = db.relationship("Package", foreign_keys=[package_id]) + def canOperateOnPackage(self, package): - return packages.count() == 0 or package in packages + if self.package and self.package != None: + return False + + return package.owner == self.owner class EditRequest(db.Model): diff --git a/app/templates/api/create_edit_token.html b/app/templates/api/create_edit_token.html index 582cb94f..c56a097b 100644 --- a/app/templates/api/create_edit_token.html +++ b/app/templates/api/create_edit_token.html @@ -47,6 +47,7 @@ {{ form.hidden_tag() }} {{ render_field(form.name, placeholder="Human readable") }} + {{ render_field(form.package) }} {{ render_submit_field(form.submit) }} diff --git a/migrations/versions/df66c78e6791_.py b/migrations/versions/df66c78e6791_.py new file mode 100644 index 00000000..b3f40881 --- /dev/null +++ b/migrations/versions/df66c78e6791_.py @@ -0,0 +1,26 @@ +"""empty message + +Revision ID: df66c78e6791 +Revises: a0f6c8743362 +Create Date: 2020-01-24 18:39:58.363417 + +""" +from alembic import op +import sqlalchemy as sa +from sqlalchemy.dialects import postgresql + +# revision identifiers, used by Alembic. +revision = 'df66c78e6791' +down_revision = 'a0f6c8743362' +branch_labels = None +depends_on = None + + +def upgrade(): + op.add_column('api_token', sa.Column('package_id', sa.Integer(), nullable=True)) + op.create_foreign_key(None, 'api_token', 'package', ['package_id'], ['id']) + + +def downgrade(): + op.drop_constraint(None, 'api_token', type_='foreignkey') + op.drop_column('api_token', 'package_id')