[Plugin] users: Fixed installation of permissions and added documentation.

This commit is contained in:
Ferdinand Thiessen 2021-01-22 14:11:16 +01:00
parent c4b80f27ee
commit 125ba1be78
4 changed files with 26 additions and 13 deletions

View File

@ -50,7 +50,7 @@ def request_reset(user: User):
text = str(config["MESSAGES"]["password_text"]).format( text = str(config["MESSAGES"]["password_text"]).format(
name=user.display_name, name=user.display_name,
username=user.userid, username=user.userid,
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}' link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
) )
messageController.send_message(messageController.Message(user, text, subject)) messageController.send_message(messageController.Message(user, text, subject))
@ -106,7 +106,9 @@ def modify_user(user, password, new_password=None):
if new_password: if new_password:
logger.debug(f"Password changed for user {user.userid}") logger.debug(f"Password changed for user {user.userid}")
subject = str(config["MESSAGES"]["password_changed_subject"]).format(name=user.display_name, username=user.userid) subject = str(config["MESSAGES"]["password_changed_subject"]).format(
name=user.display_name, username=user.userid
)
text = str(config["MESSAGES"]["password_changed_text"]).format( text = str(config["MESSAGES"]["password_changed_text"]).format(
name=user.display_name, name=user.display_name,
username=user.userid, username=user.userid,
@ -185,7 +187,7 @@ def register(data):
text = str(config["MESSAGES"]["welcome_text"]).format( text = str(config["MESSAGES"]["welcome_text"]).format(
name=user.display_name, name=user.display_name,
username=user.userid, username=user.userid,
password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}' password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
) )
messageController.send_message(messageController.Message(user, text, subject)) messageController.send_message(messageController.Message(user, text, subject))

View File

@ -104,6 +104,7 @@ class _UserAttribute(db.Model, ModelSerializeMixin):
class _PasswordReset(db.Model): class _PasswordReset(db.Model):
"""Table containing password reset requests""" """Table containing password reset requests"""
__tablename__ = "password_reset" __tablename__ = "password_reset"
_user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True) _user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True)
user: User = db.relationship("User", foreign_keys=[_user_id]) user: User = db.relationship("User", foreign_keys=[_user_id])

View File

@ -8,6 +8,7 @@ from flaschengeist.config import config
from flask import Blueprint, request, jsonify, make_response, Response from flask import Blueprint, request, jsonify, make_response, Response
from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound
from . import permissions
from flaschengeist import logger from flaschengeist import logger
from flaschengeist.models.user import User, _Avatar from flaschengeist.models.user import User, _Avatar
from flaschengeist.plugins import Plugin from flaschengeist.plugins import Plugin
@ -17,15 +18,11 @@ from flaschengeist.utils.HTTP import created
from flaschengeist.utils.datetime import from_iso_format from flaschengeist.utils.datetime import from_iso_format
users_bp = Blueprint("users", __name__) users_bp = Blueprint("users", __name__)
_permission_edit = "users_edit_other"
_permission_set_roles = "users_set_roles"
_permission_delete = "users_delete_other"
_permission_register = "users_register"
class UsersPlugin(Plugin): class UsersPlugin(Plugin):
def __init__(self, cfg): def __init__(self, cfg):
super().__init__(blueprint=users_bp, permissions=[_permission_edit, _permission_delete, _permission_set_roles]) super().__init__(blueprint=users_bp, permissions=permissions.permissions)
@users_bp.route("/users", methods=["POST"]) @users_bp.route("/users", methods=["POST"])
@ -46,7 +43,7 @@ def register():
logger.debug("Config for Registration is set to >{}<".format(registration)) logger.debug("Config for Registration is set to >{}<".format(registration))
raise MethodNotAllowed raise MethodNotAllowed
if registration == "managed": if registration == "managed":
extract_session(_permission_register) extract_session(permissions.REGISTER)
data = request.get_json() data = request.get_json()
if not data: if not data:
@ -114,7 +111,7 @@ def get_avatar(userid):
@login_required() @login_required()
def set_avatar(userid, current_session): def set_avatar(userid, current_session):
user = userController.get_user(userid) user = userController.get_user(userid)
if userid != current_session._user.userid and not current_session._user.has_permission(_permission_edit): if userid != current_session._user.userid and not current_session._user.has_permission(permissions.EDIT):
raise Forbidden raise Forbidden
file = request.files.get("file") file = request.files.get("file")
@ -129,7 +126,7 @@ def set_avatar(userid, current_session):
@users_bp.route("/users/<userid>", methods=["DELETE"]) @users_bp.route("/users/<userid>", methods=["DELETE"])
@login_required(permission=_permission_delete) @login_required(permission=permissions.DELETE)
def delete_user(userid, current_session): def delete_user(userid, current_session):
"""Delete user by userid """Delete user by userid
@ -175,7 +172,7 @@ def edit_user(userid, current_session):
author = user author = user
if userid != current_session._user.userid: if userid != current_session._user.userid:
author = current_session._user author = current_session._user
if not author.has_permission(_permission_edit): if not author.has_permission(permissions.EDIT):
raise Forbidden raise Forbidden
else: else:
if "password" not in data: if "password" not in data:
@ -190,7 +187,7 @@ def edit_user(userid, current_session):
if "roles" in data: if "roles" in data:
roles = set(data["roles"]) roles = set(data["roles"])
if not author.has_permission(_permission_set_roles): if not author.has_permission(permissions.SET_ROLES):
if len(roles) != len(user.roles) or set(user.roles) != roles: if len(roles) != len(user.roles) or set(user.roles) != roles:
raise Forbidden raise Forbidden
else: else:

View File

@ -0,0 +1,13 @@
EDIT = "users_edit_other"
"""Can edit other users"""
SET_ROLES = "users_set_roles"
"""Can assign roles to users"""
DELETE = "users_delete"
"""Can delete users"""
REGISTER = "users_register"
"""Can register new users"""
permissions = [value for key, value in globals().items() if not key.startswith("_")]