From a87680bbc83576f90b32811414b11b77d9745712 Mon Sep 17 00:00:00 2001
From: maggi373 <40539743+maggi373@users.noreply.github.com>
Date: Sun, 1 Sep 2024 21:10:22 +0200
Subject: [PATCH] add per modpack access

---
 asite.py               |  6 ++++++
 models/build.py        | 13 +++++++++++++
 models/user_modpack.py | 29 +++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+)

diff --git a/asite.py b/asite.py
index 6d77d4b..d91e97b 100644
--- a/asite.py
+++ b/asite.py
@@ -172,6 +172,9 @@ def modpack(id):
     
     if User.get_permission_token(session["token"], "modpacks_manage") == 0:
         return redirect(request.referrer)
+    
+    if User_modpack.get_user_modpackpermission(session["token"], id) == False:
+        return redirect(request.referrer)
 
     try:
         modpack = Modpack.get_by_id(id)
@@ -420,6 +423,9 @@ def modpackbuild(id):
     
     if User.get_permission_token(session["token"], "modpacks_manage") == 0:
                 return redirect(request.referrer)
+    
+    if User_modpack.get_user_modpackpermission(session["token"], Build.get_modpackid_by_id(id)) == False:
+        return redirect(request.referrer)
 
     try:
         listmod = Mod.get_all_pretty_names()
diff --git a/models/build.py b/models/build.py
index 3da9150..631a3e9 100644
--- a/models/build.py
+++ b/models/build.py
@@ -89,6 +89,19 @@ def get_modpackname_by_id(cls, id):
             flash("unable to get modpackname by id", "error")
             return None
         return (name)
+    
+    @classmethod
+    def get_modpackid_by_id(cls, id):
+        conn = Database.get_connection()
+        cur = conn.cursor(dictionary=True)
+        cur.execute("SELECT modpack_id FROM builds WHERE id = %s", (id,))
+        try: 
+            row = cur.fetchone()["modpack_id"]
+            conn.commit()
+            return (row)
+        except:
+            flash("unable to get modpackid by id", "error")
+            return 0
 
     @classmethod
     def get_by_id(cls, id):
diff --git a/models/user_modpack.py b/models/user_modpack.py
index fa25bd0..7a73959 100644
--- a/models/user_modpack.py
+++ b/models/user_modpack.py
@@ -48,6 +48,35 @@ def get_all_user_modpacks(id) -> list:
             return rows
         return []
     
+    @staticmethod
+    def get_user_modpackpermission(token: str, modpack_id) -> list:
+        conn = Database.get_connection()
+        cur = conn.cursor(dictionary=True)
+        cur.execute("SELECT user_id FROM sessions WHERE token = %s", (token,))
+        try: 
+            user_id = cur.fetchone()["user_id"]
+            conn.commit()
+        except:
+            flash("unable to fetch user_id for permission check", "error")
+            return False
+        cur.execute("SELECT solder_full FROM user_permissions WHERE user_id = %s", (user_id,))
+        try: 
+            row = cur.fetchone()["solder_full"]
+            conn.commit()
+            if row == 1:
+                return True
+        except:
+            flash("unable to check your admin permission", "error")
+        cur.execute("SELECT modpack_id FROM user_modpack WHERE user_id = %s AND modpack_id = %s", (user_id, modpack_id))
+        try: 
+            rows = cur.fetchone()["modpack_id"]
+            conn.commit()
+            if rows == modpack_id:
+                return True
+        except:
+            flash("Permission denied to this modpack", "error")
+            return False
+    
     @staticmethod
     def get_user_permission(id) -> list:
         conn = Database.get_connection()