fix(roles): Ignore name if it did not change

This commit is contained in:
Ferdinand Thiessen 2021-12-01 15:31:48 +01:00
parent e4a10028b7
commit 593b8546a2
3 changed files with 24 additions and 20 deletions

View File

@ -27,15 +27,8 @@ def get_permissions():
@Hook @Hook
def update_role(role, new_name): def update_role(role, new_name):
if new_name is None: if new_name is None or not isinstance(new_name, str):
try: raise BadRequest("Invalid new name")
logger.debug(f"Hallo, dies ist die {role.serialize()}")
db.session.delete(role)
logger.debug(f"Hallo, dies ist die {role.serialize()}")
db.session.commit()
except IntegrityError:
logger.debug("IntegrityError: Role might still be in use", exc_info=True)
raise BadRequest("Role still in use")
else: else:
if role.name == new_name or db.session.query(db.exists().where(Role.name == case_sensitive(new_name))).scalar(): if role.name == new_name or db.session.query(db.exists().where(Role.name == case_sensitive(new_name))).scalar():
raise BadRequest("Name already used") raise BadRequest("Name already used")
@ -73,4 +66,9 @@ def create_role(name: str, permissions=[]):
def delete(role): def delete(role):
role.permissions.clear() role.permissions.clear()
update_role(role, None) try:
db.session.delete(role)
db.session.commit()
except IntegrityError:
logger.debug("IntegrityError: Role might still be in use", exc_info=True)
raise BadRequest("Role still in use")

View File

@ -10,16 +10,15 @@ from http.client import NO_CONTENT
from flaschengeist.plugins import Plugin from flaschengeist.plugins import Plugin
from flaschengeist.utils.decorators import login_required from flaschengeist.utils.decorators import login_required
from flaschengeist.controller import roleController from flaschengeist.controller import roleController
from flaschengeist.utils.HTTP import created from flaschengeist.utils.HTTP import created, no_content
_permission_edit = "roles_edit" from . import permissions
_permission_delete = "roles_delete"
class RolesPlugin(Plugin): class RolesPlugin(Plugin):
name = "roles" name = "roles"
blueprint = Blueprint(name, __name__) blueprint = Blueprint(name, __name__)
permissions = [_permission_edit, _permission_delete] permissions = permissions.permissions
@RolesPlugin.blueprint.route("/roles", methods=["GET"]) @RolesPlugin.blueprint.route("/roles", methods=["GET"])
@ -40,7 +39,7 @@ def list_roles(current_session):
@RolesPlugin.blueprint.route("/roles", methods=["POST"]) @RolesPlugin.blueprint.route("/roles", methods=["POST"])
@login_required(permission=_permission_edit) @login_required(permission=permissions.EDIT)
def create_role(current_session): def create_role(current_session):
"""Create new role """Create new role
@ -98,7 +97,7 @@ def get_role(role_name, current_session):
@RolesPlugin.blueprint.route("/roles/<int:role_id>", methods=["PUT"]) @RolesPlugin.blueprint.route("/roles/<int:role_id>", methods=["PUT"])
@login_required(permission=_permission_edit) @login_required(permission=permissions.EDIT)
def edit_role(role_id, current_session): def edit_role(role_id, current_session):
"""Edit role, rename and / or set permissions """Edit role, rename and / or set permissions
@ -118,13 +117,13 @@ def edit_role(role_id, current_session):
data = request.get_json() data = request.get_json()
if "permissions" in data: if "permissions" in data:
roleController.set_permissions(role, data["permissions"]) roleController.set_permissions(role, data["permissions"])
if "name" in data: if "name" in data and data["name"] != role.name:
roleController.update_role(role, data["name"]) roleController.update_role(role, data["name"])
return "", NO_CONTENT return no_content()
@RolesPlugin.blueprint.route("/roles/<int:role_id>", methods=["DELETE"]) @RolesPlugin.blueprint.route("/roles/<int:role_id>", methods=["DELETE"])
@login_required(permission=_permission_delete) @login_required(permission=permissions.DELETE)
def delete_role(role_id, current_session): def delete_role(role_id, current_session):
"""Delete role """Delete role
@ -139,4 +138,4 @@ def delete_role(role_id, current_session):
""" """
role = roleController.get(role_id) role = roleController.get(role_id)
roleController.delete(role) roleController.delete(role)
return "", NO_CONTENT return no_content()

View File

@ -0,0 +1,7 @@
EDIT = "roles_edit"
"""Can edit roles, assign permissions to roles and change names"""
DELETE = "roles_delete"
"""Can delete roles"""
permissions = [value for key, value in globals().items() if not key.startswith("_")]