Skip to content
Snippets Groups Projects
Commit 123537cd authored by Patrick Jentsch's avatar Patrick Jentsch
Browse files

Add new roles and a new permission

parent 89f518fe
No related branches found
No related tags found
No related merge requests found
......@@ -39,8 +39,9 @@ def create_app(config_class=Config):
message_queue=app.config.get('NOPAQUE_SOCKETIO_MESSAGE_QUEUE_URI')
)
from .utils import HashidConverter
from .utils import HashidConverter, permission_context_processor
app.url_map.converters['hashid'] = HashidConverter
app.context_processor(permission_context_processor)
from .events import socketio as socketio_events
from .events import sqlalchemy as sqlalchemy_events
......
......@@ -2,16 +2,47 @@ from flask import abort, current_app
from flask_login import current_user
from functools import wraps
from threading import Thread
from .models import Permission
def permission_required(permission):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
abort(403)
return f(*args, **kwargs)
return decorated_function
return decorator
def admin_required(f):
return permission_required(Permission.ADMINISTRATE)(f)
def socketio_login_required(f):
@wraps(f)
def wrapped(*args, **kwargs):
if current_user.is_administrator:
def decorated_function(*args, **kwargs):
if current_user.is_authenticated:
return f(*args, **kwargs)
else:
abort(403)
return wrapped
return {'code': 401, 'msg': 'Unauthorized'}
return decorated_function
def socketio_permission_required(permission):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
return {'code': 403, 'msg': 'Forbidden'}
return f(*args, **kwargs)
return decorated_function
return decorator
def socketio_admin_required(f):
return socketio_permission_required(Permission.ADMINISTRATE)(f)
def background(f):
......
......@@ -38,8 +38,9 @@ class Permission(enum.IntEnum):
Defines User permissions as integers by the power of 2. User permission
can be evaluated using the bitwise operator &.
'''
ADMINISTRATE = 1
USE_API = 2
ADMINISTRATE = 4
CONTRIBUTE = 2
USE_API = 1
class Role(HashidMixin, db.Model):
......@@ -93,7 +94,13 @@ class Role(HashidMixin, db.Model):
def insert_roles():
roles = {
'User': [],
'Administrator': [Permission.USE_API, Permission.ADMINISTRATE]
'API user': [Permission.USE_API],
'Contributor': [Permission.CONTRIBUTE],
'Administrator': [
Permission.ADMINISTRATE,
Permission.CONTRIBUTE,
Permission.USE_API
]
}
default_role_name = 'User'
for role_name, permissions in roles.items():
......
......@@ -22,10 +22,12 @@
<li><a class="subheader">Account</a></li>
<li><a href="{{ url_for('settings.index') }}"><i class="material-icons">settings</i>Settings</a></li>
<li><a href="{{ url_for('auth.logout') }}">Log out</a></li>
{% if current_user.is_administrator() %}
{% if current_user.can(Permission.ADMINISTRATE) %}
<li><div class="divider"></div></li>
<li><a class="subheader">Administration</a></li>
<li><a class="subheader">Specials</a></li>
<li><a href="{{ url_for('admin.index') }}"><i class="material-icons">admin_panel_settings</i>Administration</a></li>
{% endif %}
{% if current_user.can(Permission.USE_API) %}
<li><a href="{{ url_for('api.doc') }}"><i class="material-icons">api</i>API</a></li>
{% endif %}
</ul>
from app import hashids
from werkzeug.routing import BaseConverter
from .models import Permission
class HashidConverter(BaseConverter):
......@@ -8,3 +9,7 @@ class HashidConverter(BaseConverter):
def to_url(self, value):
return hashids.encode(value)
def permission_context_processor():
return {'Permission': Permission}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment