Skip to content

Commit

Permalink
permission check refactor - DONE!
Browse files Browse the repository at this point in the history 
permission checker integrated into project
  • Loading branch information
@AuxiliumCDNG
AuxiliumCDNG committed Dec 30, 2021
1 parent 4f1478e commit 58aaf05
Show file tree
Hide file tree
Showing 13 changed files with 34 additions and 94 deletions.
Empty file added helpers/__init__.py
View file
Empty file.
2 changes: 1 addition & 1 deletion statics/db.py → helpers/db.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import sqlalchemy.ext.declarative
from flask_login import UserMixin
from sqlalchemy import Column, Integer, String, TEXT, DateTime, Enum, JSON
from sqlalchemy import Column, Integer, String, TEXT, DateTime, JSON
from sqlalchemy.orm import sessionmaker

from routes.user import User
Expand Down
0 statics/forms.py → helpers/forms.py
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion statics/init.py → helpers/init.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

import pymysql

from helpers import db
from statics import config as conf
from statics import db


def init_db():
Expand Down
10 changes: 9 additions & 1 deletion permissions.py → helpers/permissions.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from contextlib import suppress

from statics import db
from helpers import db


def permission_merger(permission_set: list):
Expand Down Expand Up @@ -39,6 +39,10 @@ def group_permission_getter(user):
def user_element_permission_getter(user, element):
session = db.factory()
element = session.query(db.Content).filter_by(id=element).first()
while element.permissions == {}:
if element.location is None:
break
element = session.query(db.Content).filter_by(id=element.location).first()

ele_permissions = element.permissions
session.close()
Expand All @@ -51,6 +55,10 @@ def user_element_permission_getter(user, element):
def group_element_permission_getter(user, element):
session = db.factory()
element = session.query(db.Content).filter_by(id=element).first()
while element.permissions == {}:
if element.location is None:
break
element = session.query(db.Content).filter_by(id=element.location).first()

group_ids = [x for x in element.permissions.keys() if x in [str(y) for y in user.groups]]

Expand Down
3 changes: 2 additions & 1 deletion main.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
from flask_scss import Scss

from globals import app
from helpers import init
from routes import user
from routes.api_create import api_create
from routes.api_get import api_get
from routes.api_moderate import api_moderate
from routes.permissions import api_permissions
from statics import config, init
from statics import config

app.config["environment"] = "development"

Expand Down
8 changes: 3 additions & 5 deletions routes/api_comments.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
import json

from flask import Blueprint, request
from flask_login import login_required, current_user

import helpers.permissions
from crossdomain import crossdomain
from globals import app
from statics import db
from statics.helpers import permissions_checker
from helpers import db

api_moderate = Blueprint("api_comment", __name__)

Expand All @@ -17,7 +15,7 @@ def comment():
content_id = request.args["id"]
content = request.args["content"]

if permissions_checker(current_user, "interact", "comment", content_id):
if helpers.permissions.permission_check(current_user, content_id, "interact", "comment"):
session = db.factory()
old = session.query(db.Content).filter_by(id=content_id)[0]

Expand Down
8 changes: 3 additions & 5 deletions routes/api_create.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
import json

from flask import Blueprint, request
from flask_login import login_required, current_user

import helpers.permissions
from crossdomain import crossdomain
from globals import app
from helpers import db
from statics import config
from statics import db
from statics.helpers import permissions_checker

api_create = Blueprint("api_create", __name__)

Expand All @@ -19,7 +17,7 @@ def create_content():
if not request.args["type"] in config.known_types:
return {"error": "Unknown type"}, 400

permission = permissions_checker(current_user, "create", request.args["type"], request.args["location"])
permission = helpers.permissions.permission_check(current_user, request.args["location"], "create", request.args["type"])
if not permission:
return {"error": "missing permissions"}, 403

Expand Down
10 changes: 4 additions & 6 deletions routes/api_get.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
import json

import flask
from flask import Blueprint, request, jsonify
from flask_login import login_required, current_user

import helpers.permissions
from crossdomain import crossdomain
from globals import app
from statics import db
from statics.helpers import permissions_checker
from helpers import db

api_get = Blueprint("api_get", __name__)

Expand All @@ -23,7 +21,7 @@ def get_content():
if res is None:
return flask.abort(flask.Response(response="Location not found", status=404))

if not permissions_checker(current_user, "view", "all", location):
if not helpers.permissions.permission_check(current_user, location, "view", "all"):
return flask.abort(flask.Response(response="No permission to view this location", status=906))

content = session.query(db.Content).filter_by(location=location).all()
Expand Down Expand Up @@ -85,7 +83,7 @@ def breadcrumb():
def versions():
location = request.args["location"]

if not permissions_checker(current_user, "view", "all", location):
if not helpers.permissions.permission_check(current_user, location, "view", "all"):
return {"error": "missing permissions"}, 403

session = db.factory()
Expand Down
12 changes: 6 additions & 6 deletions routes/api_moderate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
from flask import Blueprint, request
from flask_login import login_required, current_user

import helpers.permissions
from crossdomain import crossdomain
from globals import app, cut_objects
from statics import db
from statics.helpers import permissions_checker
from helpers import db

api_moderate = Blueprint("api_moderate", __name__)

Expand All @@ -19,7 +19,7 @@ def delete_content():
if int(content_id) == 0:
return {"message": "Hey! You are doing that wrong! Don't delete the forum root please...", "error": "id 0 not deleteable"}, 406

if permissions_checker(current_user, "moderate", "delete", content_id):
if helpers.permissions.permission_check(current_user, content_id, "moderate", "delete"):
session = db.factory()

parent_id = session.query(db.Content).filter_by(id=content_id).first()
Expand All @@ -44,7 +44,7 @@ def cut_content():
if int(content_id) == 0:
return {"message": "Hey! You are doing that wrong! Don't move the forum root please...", "error": "id 0 not moveable"}, 406

if permissions_checker(current_user, "moderate", "move", content_id):
if helpers.permissions.permission_check(current_user, content_id, "moderate", "move"):
cut_objects[current_user.email] = content_id

return {"message": "success", "redirect": content_id}, 200
Expand All @@ -70,7 +70,7 @@ def paste_content():

content_type = session.query(db.Content).filter_by(id=content_id).first()["type"]

if permissions_checker(current_user, "create", content_type, target_id):
if helpers.permissions.permission_check(current_user, target_id, "create", content_type):
session.query(db.Content).filter_by(id=content_id).first().location = target_id

session.commit()
Expand All @@ -93,7 +93,7 @@ def edit():
else:
new_content = None

if not permissions_checker(current_user, "moderate", "edit", content_id):
if not helpers.permissions.permission_check(current_user, content_id, "moderate", "edit"):
return {"error": "missing permissions"}, 403

session = db.factory()
Expand Down
8 changes: 4 additions & 4 deletions routes/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@
from flask import Blueprint, request
from flask_login import login_required, current_user

import helpers.permissions
from crossdomain import crossdomain
from globals import app
from statics import db
from statics.helpers import permissions_checker
from helpers import db

api_permissions = Blueprint("api_permissions", __name__)

@crossdomain(origin="*", current_app=app)
@api_permissions.route("/api/permission/user_add_group/")
@login_required
def user_add_group():
if not permissions_checker(current_user, "groups", "add"):
if not helpers.permissions.permission_check(current_user, 0, "groups", "add"):
return flask.abort(flask.Response(status=401, response="You are not permitted to do that."))

data = request.args
Expand Down Expand Up @@ -44,7 +44,7 @@ def user_add_group():
@api_permissions.route("/api/permission/user_remove_group/")
@login_required
def user_remove_group():
if not permissions_checker(current_user, "groups", "remove"):
if not helpers.permissions.permission_check(current_user, 0, "groups", "remove"):
return flask.abort(flask.Response(status=401, response="You are not permitted to do that."))

data = request.args
Expand Down
2 changes: 1 addition & 1 deletion routes/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def get_id(self):

from crossdomain import crossdomain
from globals import app
from statics.forms import LoginForm, RegisterForm
from helpers.forms import LoginForm, RegisterForm

user_management = Blueprint("user", __name__)

Expand Down
63 changes: 0 additions & 63 deletions statics/helpers.py
View file

This file was deleted.

0 comments on commit 58aaf05

Please sign in to comment.