mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-24 10:34:17 +00:00
Add new roles and a new permission
This commit is contained in:
parent
89f518fe38
commit
123537cd16
@ -39,8 +39,9 @@ def create_app(config_class=Config):
|
||||
message_queue=app.config.get('NOPAQUE_SOCKETIO_MESSAGE_QUEUE_URI')
|
||||
)
|
||||
|
||||
from .utils import HashidConverter
|
||||
from .utils import HashidConverter, permission_context_processor
|
||||
app.url_map.converters['hashid'] = HashidConverter
|
||||
app.context_processor(permission_context_processor)
|
||||
|
||||
from .events import socketio as socketio_events
|
||||
from .events import sqlalchemy as sqlalchemy_events
|
||||
|
@ -2,16 +2,47 @@ from flask import abort, current_app
|
||||
from flask_login import current_user
|
||||
from functools import wraps
|
||||
from threading import Thread
|
||||
from .models import Permission
|
||||
|
||||
|
||||
def permission_required(permission):
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if not current_user.can(permission):
|
||||
abort(403)
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
return decorator
|
||||
|
||||
|
||||
def admin_required(f):
|
||||
return permission_required(Permission.ADMINISTRATE)(f)
|
||||
|
||||
|
||||
def socketio_login_required(f):
|
||||
@wraps(f)
|
||||
def wrapped(*args, **kwargs):
|
||||
if current_user.is_administrator:
|
||||
def decorated_function(*args, **kwargs):
|
||||
if current_user.is_authenticated:
|
||||
return f(*args, **kwargs)
|
||||
else:
|
||||
abort(403)
|
||||
return wrapped
|
||||
return {'code': 401, 'msg': 'Unauthorized'}
|
||||
return decorated_function
|
||||
|
||||
|
||||
def socketio_permission_required(permission):
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if not current_user.can(permission):
|
||||
return {'code': 403, 'msg': 'Forbidden'}
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
return decorator
|
||||
|
||||
|
||||
def socketio_admin_required(f):
|
||||
return socketio_permission_required(Permission.ADMINISTRATE)(f)
|
||||
|
||||
|
||||
def background(f):
|
||||
|
@ -38,8 +38,9 @@ class Permission(enum.IntEnum):
|
||||
Defines User permissions as integers by the power of 2. User permission
|
||||
can be evaluated using the bitwise operator &.
|
||||
'''
|
||||
ADMINISTRATE = 1
|
||||
USE_API = 2
|
||||
ADMINISTRATE = 4
|
||||
CONTRIBUTE = 2
|
||||
USE_API = 1
|
||||
|
||||
|
||||
class Role(HashidMixin, db.Model):
|
||||
@ -93,7 +94,13 @@ class Role(HashidMixin, db.Model):
|
||||
def insert_roles():
|
||||
roles = {
|
||||
'User': [],
|
||||
'Administrator': [Permission.USE_API, Permission.ADMINISTRATE]
|
||||
'API user': [Permission.USE_API],
|
||||
'Contributor': [Permission.CONTRIBUTE],
|
||||
'Administrator': [
|
||||
Permission.ADMINISTRATE,
|
||||
Permission.CONTRIBUTE,
|
||||
Permission.USE_API
|
||||
]
|
||||
}
|
||||
default_role_name = 'User'
|
||||
for role_name, permissions in roles.items():
|
||||
|
@ -22,10 +22,12 @@
|
||||
<li><a class="subheader">Account</a></li>
|
||||
<li><a href="{{ url_for('settings.index') }}"><i class="material-icons">settings</i>Settings</a></li>
|
||||
<li><a href="{{ url_for('auth.logout') }}">Log out</a></li>
|
||||
{% if current_user.is_administrator() %}
|
||||
{% if current_user.can(Permission.ADMINISTRATE) %}
|
||||
<li><div class="divider"></div></li>
|
||||
<li><a class="subheader">Administration</a></li>
|
||||
<li><a class="subheader">Specials</a></li>
|
||||
<li><a href="{{ url_for('admin.index') }}"><i class="material-icons">admin_panel_settings</i>Administration</a></li>
|
||||
{% endif %}
|
||||
{% if current_user.can(Permission.USE_API) %}
|
||||
<li><a href="{{ url_for('api.doc') }}"><i class="material-icons">api</i>API</a></li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
|
@ -1,5 +1,6 @@
|
||||
from app import hashids
|
||||
from werkzeug.routing import BaseConverter
|
||||
from .models import Permission
|
||||
|
||||
|
||||
class HashidConverter(BaseConverter):
|
||||
@ -8,3 +9,7 @@ class HashidConverter(BaseConverter):
|
||||
|
||||
def to_url(self, value):
|
||||
return hashids.encode(value)
|
||||
|
||||
|
||||
def permission_context_processor():
|
||||
return {'Permission': Permission}
|
||||
|
Loading…
Reference in New Issue
Block a user