[Plugin] users: Fixed installation of permissions and added documentation.
This commit is contained in:
parent
c4b80f27ee
commit
125ba1be78
|
|
@ -50,7 +50,7 @@ def request_reset(user: User):
|
|||
text = str(config["MESSAGES"]["password_text"]).format(
|
||||
name=user.display_name,
|
||||
username=user.userid,
|
||||
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}'
|
||||
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
|
||||
)
|
||||
messageController.send_message(messageController.Message(user, text, subject))
|
||||
|
||||
|
|
@ -106,7 +106,9 @@ def modify_user(user, password, new_password=None):
|
|||
|
||||
if new_password:
|
||||
logger.debug(f"Password changed for user {user.userid}")
|
||||
subject = str(config["MESSAGES"]["password_changed_subject"]).format(name=user.display_name, username=user.userid)
|
||||
subject = str(config["MESSAGES"]["password_changed_subject"]).format(
|
||||
name=user.display_name, username=user.userid
|
||||
)
|
||||
text = str(config["MESSAGES"]["password_changed_text"]).format(
|
||||
name=user.display_name,
|
||||
username=user.userid,
|
||||
|
|
@ -185,7 +187,7 @@ def register(data):
|
|||
text = str(config["MESSAGES"]["welcome_text"]).format(
|
||||
name=user.display_name,
|
||||
username=user.userid,
|
||||
password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}'
|
||||
password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
|
||||
)
|
||||
messageController.send_message(messageController.Message(user, text, subject))
|
||||
|
||||
|
|
|
|||
|
|
@ -104,6 +104,7 @@ class _UserAttribute(db.Model, ModelSerializeMixin):
|
|||
|
||||
class _PasswordReset(db.Model):
|
||||
"""Table containing password reset requests"""
|
||||
|
||||
__tablename__ = "password_reset"
|
||||
_user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True)
|
||||
user: User = db.relationship("User", foreign_keys=[_user_id])
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ from flaschengeist.config import config
|
|||
from flask import Blueprint, request, jsonify, make_response, Response
|
||||
from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound
|
||||
|
||||
from . import permissions
|
||||
from flaschengeist import logger
|
||||
from flaschengeist.models.user import User, _Avatar
|
||||
from flaschengeist.plugins import Plugin
|
||||
|
|
@ -17,15 +18,11 @@ from flaschengeist.utils.HTTP import created
|
|||
from flaschengeist.utils.datetime import from_iso_format
|
||||
|
||||
users_bp = Blueprint("users", __name__)
|
||||
_permission_edit = "users_edit_other"
|
||||
_permission_set_roles = "users_set_roles"
|
||||
_permission_delete = "users_delete_other"
|
||||
_permission_register = "users_register"
|
||||
|
||||
|
||||
class UsersPlugin(Plugin):
|
||||
def __init__(self, cfg):
|
||||
super().__init__(blueprint=users_bp, permissions=[_permission_edit, _permission_delete, _permission_set_roles])
|
||||
super().__init__(blueprint=users_bp, permissions=permissions.permissions)
|
||||
|
||||
|
||||
@users_bp.route("/users", methods=["POST"])
|
||||
|
|
@ -46,7 +43,7 @@ def register():
|
|||
logger.debug("Config for Registration is set to >{}<".format(registration))
|
||||
raise MethodNotAllowed
|
||||
if registration == "managed":
|
||||
extract_session(_permission_register)
|
||||
extract_session(permissions.REGISTER)
|
||||
|
||||
data = request.get_json()
|
||||
if not data:
|
||||
|
|
@ -114,7 +111,7 @@ def get_avatar(userid):
|
|||
@login_required()
|
||||
def set_avatar(userid, current_session):
|
||||
user = userController.get_user(userid)
|
||||
if userid != current_session._user.userid and not current_session._user.has_permission(_permission_edit):
|
||||
if userid != current_session._user.userid and not current_session._user.has_permission(permissions.EDIT):
|
||||
raise Forbidden
|
||||
|
||||
file = request.files.get("file")
|
||||
|
|
@ -129,7 +126,7 @@ def set_avatar(userid, current_session):
|
|||
|
||||
|
||||
@users_bp.route("/users/<userid>", methods=["DELETE"])
|
||||
@login_required(permission=_permission_delete)
|
||||
@login_required(permission=permissions.DELETE)
|
||||
def delete_user(userid, current_session):
|
||||
"""Delete user by userid
|
||||
|
||||
|
|
@ -175,7 +172,7 @@ def edit_user(userid, current_session):
|
|||
author = user
|
||||
if userid != current_session._user.userid:
|
||||
author = current_session._user
|
||||
if not author.has_permission(_permission_edit):
|
||||
if not author.has_permission(permissions.EDIT):
|
||||
raise Forbidden
|
||||
else:
|
||||
if "password" not in data:
|
||||
|
|
@ -190,7 +187,7 @@ def edit_user(userid, current_session):
|
|||
|
||||
if "roles" in data:
|
||||
roles = set(data["roles"])
|
||||
if not author.has_permission(_permission_set_roles):
|
||||
if not author.has_permission(permissions.SET_ROLES):
|
||||
if len(roles) != len(user.roles) or set(user.roles) != roles:
|
||||
raise Forbidden
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
EDIT = "users_edit_other"
|
||||
"""Can edit other users"""
|
||||
|
||||
SET_ROLES = "users_set_roles"
|
||||
"""Can assign roles to users"""
|
||||
|
||||
DELETE = "users_delete"
|
||||
"""Can delete users"""
|
||||
|
||||
REGISTER = "users_register"
|
||||
"""Can register new users"""
|
||||
|
||||
permissions = [value for key, value in globals().items() if not key.startswith("_")]
|
||||
Loading…
Reference in New Issue