Mirrorlandia_minetest/contentdb
1
0
Fork 0
mirror of https://github.com/minetest/contentdb.git synced 2025-01-09 14:37:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add ability to limit APITokens to a package

Browse Source
This commit is contained in:
rubenwardy 2020-01-24 19:26:00 +00:00
parent 2fa2c3afec
commit 6f1472addb
4 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/blueprints/api/tokens.py
View File

@ -29,6 +29,8 @@ from wtforms.ext.sqlalchemy.fields import QuerySelectField
class CreateAPIToken(FlaskForm): class CreateAPIToken(FlaskForm):
name = StringField("Name", [InputRequired(), Length(1, 30)]) name = StringField("Name", [InputRequired(), Length(1, 30)])
package = QuerySelectField("Limit to package", allow_blank=True, \
get_pk=lambda a: a.id, get_label=lambda a: a.title)
submit = SubmitField("Save") submit = SubmitField("Save")
@ -70,6 +72,8 @@ def create_edit_token(username, id=None):
access_token = session.pop("token_" + str(id), None) access_token = session.pop("token_" + str(id), None)
form = CreateAPIToken(formdata=request.form, obj=token) form = CreateAPIToken(formdata=request.form, obj=token)
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
if request.method == "POST" and form.validate(): if request.method == "POST" and form.validate():
if is_new: if is_new:
token = APIToken() token = APIToken()

11
app/models.py
View File

@ -864,12 +864,21 @@ class PackageScreenshot(db.Model):
class APIToken(db.Model): class APIToken(db.Model):
id = db.Column(db.Integer, primary_key=True) id = db.Column(db.Integer, primary_key=True)
access_token = db.Column(db.String(34), unique=True) access_token = db.Column(db.String(34), unique=True)
name = db.Column(db.String(100), nullable=False) name = db.Column(db.String(100), nullable=False)
owner_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False) owner_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
# owner is created using backref
created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow) created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
package_id = db.Column(db.Integer, db.ForeignKey("package.id"), nullable=True)
package = db.relationship("Package", foreign_keys=[package_id])
def canOperateOnPackage(self, package): def canOperateOnPackage(self, package):
return packages.count() == 0 or package in packages if self.package and self.package != None:
return False
return package.owner == self.owner
class EditRequest(db.Model): class EditRequest(db.Model):

1
app/templates/api/create_edit_token.html
View File

@ -47,6 +47,7 @@
{{ form.hidden_tag() }} {{ form.hidden_tag() }}
{{ render_field(form.name, placeholder="Human readable") }} {{ render_field(form.name, placeholder="Human readable") }}
{{ render_field(form.package) }}
{{ render_submit_field(form.submit) }} {{ render_submit_field(form.submit) }}
</form> </form>

26
migrations/versions/df66c78e6791_.py Normal file
View File

@ -0,0 +1,26 @@
"""empty message
Revision ID: df66c78e6791
Revises: a0f6c8743362
Create Date: 2020-01-24 18:39:58.363417
"""
from alembic import op
import sqlalchemy as sa
from sqlalchemy.dialects import postgresql
# revision identifiers, used by Alembic.
revision = 'df66c78e6791'
down_revision = 'a0f6c8743362'
branch_labels = None
depends_on = None
def upgrade():
op.add_column('api_token', sa.Column('package_id', sa.Integer(), nullable=True))
op.create_foreign_key(None, 'api_token', 'package', ['package_id'], ['id'])
def downgrade():
op.drop_constraint(None, 'api_token', type_='foreignkey')
op.drop_column('api_token', 'package_id')