[Plugin] users: Fixed installation of permissions and added documentation.
This commit is contained in:
parent
c4b80f27ee
commit
125ba1be78
|
|
@ -50,7 +50,7 @@ def request_reset(user: User):
|
||||||
text = str(config["MESSAGES"]["password_text"]).format(
|
text = str(config["MESSAGES"]["password_text"]).format(
|
||||||
name=user.display_name,
|
name=user.display_name,
|
||||||
username=user.userid,
|
username=user.userid,
|
||||||
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}'
|
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
|
||||||
)
|
)
|
||||||
messageController.send_message(messageController.Message(user, text, subject))
|
messageController.send_message(messageController.Message(user, text, subject))
|
||||||
|
|
||||||
|
|
@ -106,7 +106,9 @@ def modify_user(user, password, new_password=None):
|
||||||
|
|
||||||
if new_password:
|
if new_password:
|
||||||
logger.debug(f"Password changed for user {user.userid}")
|
logger.debug(f"Password changed for user {user.userid}")
|
||||||
subject = str(config["MESSAGES"]["password_changed_subject"]).format(name=user.display_name, username=user.userid)
|
subject = str(config["MESSAGES"]["password_changed_subject"]).format(
|
||||||
|
name=user.display_name, username=user.userid
|
||||||
|
)
|
||||||
text = str(config["MESSAGES"]["password_changed_text"]).format(
|
text = str(config["MESSAGES"]["password_changed_text"]).format(
|
||||||
name=user.display_name,
|
name=user.display_name,
|
||||||
username=user.userid,
|
username=user.userid,
|
||||||
|
|
@ -185,7 +187,7 @@ def register(data):
|
||||||
text = str(config["MESSAGES"]["welcome_text"]).format(
|
text = str(config["MESSAGES"]["welcome_text"]).format(
|
||||||
name=user.display_name,
|
name=user.display_name,
|
||||||
username=user.userid,
|
username=user.userid,
|
||||||
password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}'
|
password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
|
||||||
)
|
)
|
||||||
messageController.send_message(messageController.Message(user, text, subject))
|
messageController.send_message(messageController.Message(user, text, subject))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -104,6 +104,7 @@ class _UserAttribute(db.Model, ModelSerializeMixin):
|
||||||
|
|
||||||
class _PasswordReset(db.Model):
|
class _PasswordReset(db.Model):
|
||||||
"""Table containing password reset requests"""
|
"""Table containing password reset requests"""
|
||||||
|
|
||||||
__tablename__ = "password_reset"
|
__tablename__ = "password_reset"
|
||||||
_user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True)
|
_user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True)
|
||||||
user: User = db.relationship("User", foreign_keys=[_user_id])
|
user: User = db.relationship("User", foreign_keys=[_user_id])
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ from flaschengeist.config import config
|
||||||
from flask import Blueprint, request, jsonify, make_response, Response
|
from flask import Blueprint, request, jsonify, make_response, Response
|
||||||
from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound
|
from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound
|
||||||
|
|
||||||
|
from . import permissions
|
||||||
from flaschengeist import logger
|
from flaschengeist import logger
|
||||||
from flaschengeist.models.user import User, _Avatar
|
from flaschengeist.models.user import User, _Avatar
|
||||||
from flaschengeist.plugins import Plugin
|
from flaschengeist.plugins import Plugin
|
||||||
|
|
@ -17,15 +18,11 @@ from flaschengeist.utils.HTTP import created
|
||||||
from flaschengeist.utils.datetime import from_iso_format
|
from flaschengeist.utils.datetime import from_iso_format
|
||||||
|
|
||||||
users_bp = Blueprint("users", __name__)
|
users_bp = Blueprint("users", __name__)
|
||||||
_permission_edit = "users_edit_other"
|
|
||||||
_permission_set_roles = "users_set_roles"
|
|
||||||
_permission_delete = "users_delete_other"
|
|
||||||
_permission_register = "users_register"
|
|
||||||
|
|
||||||
|
|
||||||
class UsersPlugin(Plugin):
|
class UsersPlugin(Plugin):
|
||||||
def __init__(self, cfg):
|
def __init__(self, cfg):
|
||||||
super().__init__(blueprint=users_bp, permissions=[_permission_edit, _permission_delete, _permission_set_roles])
|
super().__init__(blueprint=users_bp, permissions=permissions.permissions)
|
||||||
|
|
||||||
|
|
||||||
@users_bp.route("/users", methods=["POST"])
|
@users_bp.route("/users", methods=["POST"])
|
||||||
|
|
@ -46,7 +43,7 @@ def register():
|
||||||
logger.debug("Config for Registration is set to >{}<".format(registration))
|
logger.debug("Config for Registration is set to >{}<".format(registration))
|
||||||
raise MethodNotAllowed
|
raise MethodNotAllowed
|
||||||
if registration == "managed":
|
if registration == "managed":
|
||||||
extract_session(_permission_register)
|
extract_session(permissions.REGISTER)
|
||||||
|
|
||||||
data = request.get_json()
|
data = request.get_json()
|
||||||
if not data:
|
if not data:
|
||||||
|
|
@ -114,7 +111,7 @@ def get_avatar(userid):
|
||||||
@login_required()
|
@login_required()
|
||||||
def set_avatar(userid, current_session):
|
def set_avatar(userid, current_session):
|
||||||
user = userController.get_user(userid)
|
user = userController.get_user(userid)
|
||||||
if userid != current_session._user.userid and not current_session._user.has_permission(_permission_edit):
|
if userid != current_session._user.userid and not current_session._user.has_permission(permissions.EDIT):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
file = request.files.get("file")
|
file = request.files.get("file")
|
||||||
|
|
@ -129,7 +126,7 @@ def set_avatar(userid, current_session):
|
||||||
|
|
||||||
|
|
||||||
@users_bp.route("/users/<userid>", methods=["DELETE"])
|
@users_bp.route("/users/<userid>", methods=["DELETE"])
|
||||||
@login_required(permission=_permission_delete)
|
@login_required(permission=permissions.DELETE)
|
||||||
def delete_user(userid, current_session):
|
def delete_user(userid, current_session):
|
||||||
"""Delete user by userid
|
"""Delete user by userid
|
||||||
|
|
||||||
|
|
@ -175,7 +172,7 @@ def edit_user(userid, current_session):
|
||||||
author = user
|
author = user
|
||||||
if userid != current_session._user.userid:
|
if userid != current_session._user.userid:
|
||||||
author = current_session._user
|
author = current_session._user
|
||||||
if not author.has_permission(_permission_edit):
|
if not author.has_permission(permissions.EDIT):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
else:
|
else:
|
||||||
if "password" not in data:
|
if "password" not in data:
|
||||||
|
|
@ -190,7 +187,7 @@ def edit_user(userid, current_session):
|
||||||
|
|
||||||
if "roles" in data:
|
if "roles" in data:
|
||||||
roles = set(data["roles"])
|
roles = set(data["roles"])
|
||||||
if not author.has_permission(_permission_set_roles):
|
if not author.has_permission(permissions.SET_ROLES):
|
||||||
if len(roles) != len(user.roles) or set(user.roles) != roles:
|
if len(roles) != len(user.roles) or set(user.roles) != roles:
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
EDIT = "users_edit_other"
|
||||||
|
"""Can edit other users"""
|
||||||
|
|
||||||
|
SET_ROLES = "users_set_roles"
|
||||||
|
"""Can assign roles to users"""
|
||||||
|
|
||||||
|
DELETE = "users_delete"
|
||||||
|
"""Can delete users"""
|
||||||
|
|
||||||
|
REGISTER = "users_register"
|
||||||
|
"""Can register new users"""
|
||||||
|
|
||||||
|
permissions = [value for key, value in globals().items() if not key.startswith("_")]
|
||||||
Loading…
Reference in New Issue