Clean up permissions code

This commit is contained in:
rubenwardy 2018-03-20 03:45:01 +00:00
parent 0fae3a6fcd
commit bd58f9bee9

@ -19,7 +19,8 @@ class UserRank(enum.Enum):
NEW_MEMBER = 0 NEW_MEMBER = 0
MEMBER = 1 MEMBER = 1
EDITOR = 2 EDITOR = 2
ADMIN = 3 MODERATOR = 3
ADMIN = 4
def atLeast(self, min): def atLeast(self, min):
return self.value >= min.value return self.value >= min.value
@ -65,9 +66,11 @@ class User(db.Model, UserMixin):
class Permission(enum.Enum): class Permission(enum.Enum):
EDIT_PACKAGE = "EDIT_PACKAGE" EDIT_PACKAGE = "EDIT_PACKAGE"
APPROVE = "APPROVE" APPROVE_CHANGES = "APPROVE_CHANGES"
DELETE_PACKAGE = "DELETE_PACKAGE" DELETE_PACKAGE = "DELETE_PACKAGE"
CHANGE_AUTHOR = "CHANGE_AUTHOR" CHANGE_AUTHOR = "CHANGE_AUTHOR"
APPROVE_RELEASE = "APPROVE_RELEASE"
APPROVE_NEW = "APPROVE_NEW"
class PackageType(enum.Enum): class PackageType(enum.Enum):
MOD = "Mod" MOD = "Mod"
@ -133,14 +136,27 @@ class Package(db.Model):
author=self.author.username, name=self.name) author=self.author.username, name=self.name)
def checkPerm(self, user, perm): def checkPerm(self, user, perm):
if not user.is_authenticated:
return False
if type(perm) == str: if type(perm) == str:
perm = Permission[perm] perm = Permission[perm]
isOwner = user == self.author isOwner = user == self.author
if perm == Permission.EDIT_PACKAGE or perm == Permission.APPROVE:
# Members can edit their own packages, and editors can edit any packages
if perm == Permission.EDIT_PACKAGE or perm == Permission.APPROVE_CHANGES:
return user.rank.atLeast(UserRank.MEMBER if isOwner else UserRank.EDITOR) return user.rank.atLeast(UserRank.MEMBER if isOwner else UserRank.EDITOR)
elif perm == Permission.DELETE_PACKAGE or perm == Permission.CHANGE_AUTHOR:
# Editors can change authors, approve new packages, and approve releases
elif perm == Permission.CHANGE_AUTHOR or perm == Permission.APPROVE_NEW \
or perm == Permission.APPROVE_RELEASE:
return user.rank.atLeast(UserRank.EDITOR) return user.rank.atLeast(UserRank.EDITOR)
# Moderators can delete packages
elif perm == Permission.DELETE_PACKAGE:
return user.rank.atLeast(UserRank.MODERATOR)
else: else:
return False return False