Skip to content

Commit

Permalink
add per modpack access
Browse files Browse the repository at this point in the history
  • Loading branch information
@maggi373
maggi373 committed Sep 1, 2024
1 parent 12c2d82 commit a87680b
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 0 deletions.
6 changes: 6 additions & 0 deletions asite.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,9 @@ def modpack(id):

if User.get_permission_token(session["token"], "modpacks_manage") == 0:
return redirect(request.referrer)

if User_modpack.get_user_modpackpermission(session["token"], id) == False:
return redirect(request.referrer)

try:
modpack = Modpack.get_by_id(id)
Expand Down Expand Up @@ -420,6 +423,9 @@ def modpackbuild(id):

if User.get_permission_token(session["token"], "modpacks_manage") == 0:
return redirect(request.referrer)

if User_modpack.get_user_modpackpermission(session["token"], Build.get_modpackid_by_id(id)) == False:
return redirect(request.referrer)

try:
listmod = Mod.get_all_pretty_names()
Expand Down
13 changes: 13 additions & 0 deletions models/build.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,19 @@ def get_modpackname_by_id(cls, id):
flash("unable to get modpackname by id", "error")
return None
return (name)

@classmethod
def get_modpackid_by_id(cls, id):
conn = Database.get_connection()
cur = conn.cursor(dictionary=True)
cur.execute("SELECT modpack_id FROM builds WHERE id = %s", (id,))
try:
row = cur.fetchone()["modpack_id"]
conn.commit()
return (row)
except:
flash("unable to get modpackid by id", "error")
return 0

@classmethod
def get_by_id(cls, id):
Expand Down
29 changes: 29 additions & 0 deletions models/user_modpack.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,35 @@ def get_all_user_modpacks(id) -> list:
return rows
return []

@staticmethod
def get_user_modpackpermission(token: str, modpack_id) -> list:
conn = Database.get_connection()
cur = conn.cursor(dictionary=True)
cur.execute("SELECT user_id FROM sessions WHERE token = %s", (token,))
try:
user_id = cur.fetchone()["user_id"]
conn.commit()
except:
flash("unable to fetch user_id for permission check", "error")
return False
cur.execute("SELECT solder_full FROM user_permissions WHERE user_id = %s", (user_id,))
try:
row = cur.fetchone()["solder_full"]
conn.commit()
if row == 1:
return True
except:
flash("unable to check your admin permission", "error")
cur.execute("SELECT modpack_id FROM user_modpack WHERE user_id = %s AND modpack_id = %s", (user_id, modpack_id))
try:
rows = cur.fetchone()["modpack_id"]
conn.commit()
if rows == modpack_id:
return True
except:
flash("Permission denied to this modpack", "error")
return False

@staticmethod
def get_user_permission(id) -> list:
conn = Database.get_connection()
Expand Down

0 comments on commit a87680b

Please sign in to comment.