2019-07-08 13:55:56 +02:00
from flask import current_app
2019-07-09 15:41:16 +02:00
from flask_login import UserMixin , AnonymousUserMixin
2019-07-08 13:55:56 +02:00
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
2019-07-05 14:47:35 +02:00
from werkzeug . security import generate_password_hash , check_password_hash
from . import db
from . import login_manager
2019-07-09 15:41:16 +02:00
class Permission :
CREATE_JOB = 1
DELETE_JOB = 2
# WRITE = 4
# MODERATE = 8
ADMIN = 16
2019-07-05 14:47:35 +02:00
class Role ( db . Model ) :
__tablename__ = ' roles '
id = db . Column ( db . Integer , primary_key = True )
name = db . Column ( db . String ( 64 ) , unique = True )
2019-07-09 15:41:16 +02:00
default = db . Column ( db . Boolean , default = False , index = True )
permissions = db . Column ( db . Integer )
users = db . relationship ( ' User ' , backref = ' role ' , lazy = ' dynamic ' )
def __init__ ( self , * * kwargs ) :
super ( Role , self ) . __init__ ( * * kwargs )
if self . permissions is None :
self . permissions = 0
2019-07-05 14:47:35 +02:00
def __repr__ ( self ) :
return ' <Role %r > ' % self . name
2019-07-09 15:41:16 +02:00
def add_permission ( self , perm ) :
if not self . has_permission ( perm ) :
self . permissions + = perm
def remove_permission ( self , perm ) :
if self . has_permission ( perm ) :
self . permissions - = perm
def reset_permissions ( self ) :
self . permissions = 0
def has_permission ( self , perm ) :
return self . permissions & perm == perm
@staticmethod
def insert_roles ( ) :
roles = {
' User ' : [ Permission . CREATE_JOB ] ,
' Administrator ' : [ Permission . ADMIN ,
Permission . CREATE_JOB ,
Permission . DELETE_JOB ]
}
default_role = ' User '
for r in roles :
role = Role . query . filter_by ( name = r ) . first ( )
if role is None :
role = Role ( name = r )
role . reset_permissions ( )
for perm in roles [ r ] :
role . add_permission ( perm )
role . default = ( role . name == default_role )
db . session . add ( role )
db . session . commit ( )
2019-07-05 14:47:35 +02:00
class User ( UserMixin , db . Model ) :
__tablename__ = ' users '
id = db . Column ( db . Integer , primary_key = True )
email = db . Column ( db . String ( 64 ) , unique = True , index = True )
username = db . Column ( db . String ( 64 ) , unique = True , index = True )
password_hash = db . Column ( db . String ( 128 ) )
role_id = db . Column ( db . Integer , db . ForeignKey ( ' roles.id ' ) )
2019-07-08 15:59:15 +02:00
confirmed = db . Column ( db . Boolean , default = False )
2019-07-05 14:47:35 +02:00
def __repr__ ( self ) :
return ' <User %r > ' % self . username
2019-07-09 15:41:16 +02:00
def __init__ ( self , * * kwargs ) :
super ( User , self ) . __init__ ( * * kwargs )
if self . role is None :
if self . email == current_app . config [ ' OPAQUE_ADMIN ' ] :
self . role = Role . query . filter_by ( name = ' Administrator ' ) . first ( )
if self . role is None :
self . role = Role . query . filter_by ( default = True ) . first ( )
2019-07-08 15:59:15 +02:00
def generate_confirmation_token ( self , expiration = 3600 ) :
s = Serializer ( current_app . config [ ' SECRET_KEY ' ] , expiration )
return s . dumps ( { ' confirm ' : self . id } ) . decode ( ' utf-8 ' )
2019-07-05 14:47:35 +02:00
2019-07-08 13:55:56 +02:00
def generate_reset_token ( self , expiration = 3600 ) :
s = Serializer ( current_app . config [ ' SECRET_KEY ' ] , expiration )
return s . dumps ( { ' reset ' : self . id } ) . decode ( ' utf-8 ' )
2019-07-08 15:59:15 +02:00
def confirm ( self , token ) :
s = Serializer ( current_app . config [ ' SECRET_KEY ' ] )
try :
data = s . loads ( token . encode ( ' utf-8 ' ) )
except :
return False
if data . get ( ' confirm ' ) != self . id :
return False
self . confirmed = True
db . session . add ( self )
return True
2019-07-08 15:13:32 +02:00
@staticmethod
def reset_password ( token , new_password ) :
s = Serializer ( current_app . config [ ' SECRET_KEY ' ] )
try :
data = s . loads ( token . encode ( ' utf-8 ' ) )
except :
return False
user = User . query . get ( data . get ( ' reset ' ) )
if user is None :
return False
user . password = new_password
db . session . add ( user )
return True
2019-07-05 14:47:35 +02:00
@property
def password ( self ) :
raise AttributeError ( ' password is not a readable attribute ' )
@password.setter
def password ( self , password ) :
self . password_hash = generate_password_hash ( password )
def verify_password ( self , password ) :
return check_password_hash ( self . password_hash , password )
2019-07-09 15:41:16 +02:00
def can ( self , perm ) :
return self . role is not None and self . role . has_permission ( perm )
def is_administrator ( self ) :
return self . can ( Permission . ADMIN )
class AnonymousUser ( AnonymousUserMixin ) :
def can ( self , permissions ) :
return False
def is_administrator ( self ) :
return False
login_manager . anonymous_user = AnonymousUser # Flask-Login is told to use the application’ s custom anonymous user by setting its class in the login_manager.anonymous_user attribute.
2019-07-05 14:47:35 +02:00
@login_manager.user_loader
def load_user ( user_id ) :
return User . query . get ( int ( user_id ) )