From 775850bbba449dff3c85e3ea2eee607f948ebd7b Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Tue, 20 Mar 2018 03:16:46 +0000 Subject: [PATCH] Implement permissions properly --- app/models.py | 45 ++++++++++++++++-------------- app/templates/package_details.html | 2 +- app/templates/packages.html | 2 +- 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/app/models.py b/app/models.py index f71725d..4ea8d3c 100644 --- a/app/models.py +++ b/app/models.py @@ -15,6 +15,15 @@ def title_to_url(title): def url_to_title(url): return url.replace("_", " ") +class UserRank(enum.Enum): + NEW_MEMBER = 0 + MEMBER = 1 + EDITOR = 2 + ADMIN = 3 + + def atLeast(self, min): + return self.value >= min.value + class User(db.Model, UserMixin): id = db.Column(db.Integer, primary_key=True) @@ -23,6 +32,8 @@ class User(db.Model, UserMixin): password = db.Column(db.String(255), nullable=False, server_default='') reset_password_token = db.Column(db.String(100), nullable=False, server_default='') + rank = db.Column(db.Enum(UserRank)) + # Account linking github_username = db.Column(db.String(50), nullable=True, unique=True) forums_username = db.Column(db.String(50), nullable=True, unique=True) @@ -44,20 +55,11 @@ class User(db.Model, UserMixin): self.username = username self.confirmed_at = datetime.datetime.now() - datetime.timedelta(days=6000) self.display_name = username + self.rank = UserRank.MEMBER def isClaimed(self): return self.password is not None and self.password != "" -class Role(db.Model): - id = db.Column(db.Integer(), primary_key=True) - name = db.Column(db.String(50), unique=True) - description = db.Column(db.String(255)) - -class UserRoles(db.Model): - id = db.Column(db.Integer(), primary_key=True) - user_id = db.Column(db.Integer(), db.ForeignKey('user.id', ondelete='CASCADE')) - role_id = db.Column(db.Integer(), db.ForeignKey('role.id', ondelete='CASCADE')) - class Permission(enum.Enum): EDIT_PACKAGE = "EDIT_PACKAGE" APPROVE = "APPROVE" @@ -69,14 +71,6 @@ class PackageType(enum.Enum): GAME = "Game" TXP = "Texture Pack" - def getTitle(self): - if self == PackageType.MOD: - return "Mod" - elif self == PackageType.GAME: - return "Game" - else: - return "TXP" - @staticmethod def fromName(name): if name == "mod": @@ -124,16 +118,25 @@ class Package(db.Model): def getDetailsURL(self): return url_for("package_page", - type=self.type.getTitle().lower(), + type=self.type.value.lower(), author=self.author.username, name=self.name) def getEditURL(self): return url_for("edit_package_page", - type=self.type.getTitle().lower(), + type=self.type.value.lower(), author=self.author.username, name=self.name) def checkPerm(self, user, perm): - return user == self.author + if type(perm) == str: + perm = Permission[perm] + + isOwner = user == self.author + if perm == Permission.EDIT_PACKAGE or perm == Permission.APPROVE: + return user.rank.atLeast(UserRank.MEMBER if isOwner else UserRank.EDITOR) + elif perm == Permission.DELETE_PACKAGE or perm == Permission.CHANGE_AUTHOR: + return user.rank.atLeast(UserRank.EDITOR) + else: + return False # Setup Flask-User db_adapter = SQLAlchemyAdapter(db, User) # Register the User model diff --git a/app/templates/package_details.html b/app/templates/package_details.html index 457673a..4a0f484 100644 --- a/app/templates/package_details.html +++ b/app/templates/package_details.html @@ -15,7 +15,7 @@ Type - {{ package.type.getTitle() }} + {{ package.type.value }} diff --git a/app/templates/packages.html b/app/templates/packages.html index 269ac06..6ac01d8 100644 --- a/app/templates/packages.html +++ b/app/templates/packages.html @@ -7,7 +7,7 @@ {% block content %}