Implement permissions properly

This commit is contained in:
rubenwardy 2018-03-20 03:16:46 +00:00
parent 5a3764f178
commit 775850bbba
3 changed files with 26 additions and 23 deletions

@ -15,6 +15,15 @@ def title_to_url(title):
def url_to_title(url): def url_to_title(url):
return url.replace("_", " ") return url.replace("_", " ")
class UserRank(enum.Enum):
NEW_MEMBER = 0
MEMBER = 1
EDITOR = 2
ADMIN = 3
def atLeast(self, min):
return self.value >= min.value
class User(db.Model, UserMixin): class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True) id = db.Column(db.Integer, primary_key=True)
@ -23,6 +32,8 @@ class User(db.Model, UserMixin):
password = db.Column(db.String(255), nullable=False, server_default='') password = db.Column(db.String(255), nullable=False, server_default='')
reset_password_token = db.Column(db.String(100), nullable=False, server_default='') reset_password_token = db.Column(db.String(100), nullable=False, server_default='')
rank = db.Column(db.Enum(UserRank))
# Account linking # Account linking
github_username = db.Column(db.String(50), nullable=True, unique=True) github_username = db.Column(db.String(50), nullable=True, unique=True)
forums_username = db.Column(db.String(50), nullable=True, unique=True) forums_username = db.Column(db.String(50), nullable=True, unique=True)
@ -44,20 +55,11 @@ class User(db.Model, UserMixin):
self.username = username self.username = username
self.confirmed_at = datetime.datetime.now() - datetime.timedelta(days=6000) self.confirmed_at = datetime.datetime.now() - datetime.timedelta(days=6000)
self.display_name = username self.display_name = username
self.rank = UserRank.MEMBER
def isClaimed(self): def isClaimed(self):
return self.password is not None and self.password != "" return self.password is not None and self.password != ""
class Role(db.Model):
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String(50), unique=True)
description = db.Column(db.String(255))
class UserRoles(db.Model):
id = db.Column(db.Integer(), primary_key=True)
user_id = db.Column(db.Integer(), db.ForeignKey('user.id', ondelete='CASCADE'))
role_id = db.Column(db.Integer(), db.ForeignKey('role.id', ondelete='CASCADE'))
class Permission(enum.Enum): class Permission(enum.Enum):
EDIT_PACKAGE = "EDIT_PACKAGE" EDIT_PACKAGE = "EDIT_PACKAGE"
APPROVE = "APPROVE" APPROVE = "APPROVE"
@ -69,14 +71,6 @@ class PackageType(enum.Enum):
GAME = "Game" GAME = "Game"
TXP = "Texture Pack" TXP = "Texture Pack"
def getTitle(self):
if self == PackageType.MOD:
return "Mod"
elif self == PackageType.GAME:
return "Game"
else:
return "TXP"
@staticmethod @staticmethod
def fromName(name): def fromName(name):
if name == "mod": if name == "mod":
@ -124,16 +118,25 @@ class Package(db.Model):
def getDetailsURL(self): def getDetailsURL(self):
return url_for("package_page", return url_for("package_page",
type=self.type.getTitle().lower(), type=self.type.value.lower(),
author=self.author.username, name=self.name) author=self.author.username, name=self.name)
def getEditURL(self): def getEditURL(self):
return url_for("edit_package_page", return url_for("edit_package_page",
type=self.type.getTitle().lower(), type=self.type.value.lower(),
author=self.author.username, name=self.name) author=self.author.username, name=self.name)
def checkPerm(self, user, perm): def checkPerm(self, user, perm):
return user == self.author if type(perm) == str:
perm = Permission[perm]
isOwner = user == self.author
if perm == Permission.EDIT_PACKAGE or perm == Permission.APPROVE:
return user.rank.atLeast(UserRank.MEMBER if isOwner else UserRank.EDITOR)
elif perm == Permission.DELETE_PACKAGE or perm == Permission.CHANGE_AUTHOR:
return user.rank.atLeast(UserRank.EDITOR)
else:
return False
# Setup Flask-User # Setup Flask-User
db_adapter = SQLAlchemyAdapter(db, User) # Register the User model db_adapter = SQLAlchemyAdapter(db, User) # Register the User model

@ -15,7 +15,7 @@
</tr> </tr>
<tr> <tr>
<td>Type</td> <td>Type</td>
<td>{{ package.type.getTitle() }}</td> <td>{{ package.type.value }}</td>
</tr> </tr>
</table> </table>

@ -7,7 +7,7 @@
{% block content %} {% block content %}
<ul> <ul>
{% for p in packages %} {% for p in packages %}
<li><a href="{{ url_for('package_page', type=p.type.getTitle()|lower, author=p.author.username, name=p.name) }}"> <li><a href="{{ p.getDetailsURL() }}">
{{ p.title }} by {{ p.author.display_name }} {{ p.title }} by {{ p.author.display_name }}
</a></li> </a></li>
{% else %} {% else %}