[API][Plugin] Bugfix and API change
* users: Fixed bug in edit_user where if modify by admin * API: Users return list of roles as string not Roles
This commit is contained in:
parent
7aba295e45
commit
6f0e9854d6
|
@ -28,12 +28,12 @@ def update_user(user):
|
||||||
|
|
||||||
|
|
||||||
def set_roles(user: User, roles: [str]):
|
def set_roles(user: User, roles: [str]):
|
||||||
user.roles.clear()
|
user.roles_.clear()
|
||||||
for role_name in roles:
|
for role_name in roles:
|
||||||
role = Role.query.filter(Role.name == role_name).one_or_none()
|
role = Role.query.filter(Role.name == role_name).one_or_none()
|
||||||
if not role:
|
if not role:
|
||||||
raise BadRequest("Role not found >{}<".format(role_name))
|
raise BadRequest("Role not found >{}<".format(role_name))
|
||||||
user.roles.append(role)
|
user.roles_.append(role)
|
||||||
|
|
||||||
|
|
||||||
def modify_user(user, password, new_password=None):
|
def modify_user(user, password, new_password=None):
|
||||||
|
@ -56,7 +56,7 @@ def get_users():
|
||||||
|
|
||||||
|
|
||||||
def get_user_by_role(role: Role):
|
def get_user_by_role(role: Role):
|
||||||
return User.query.join(User.roles).filter_by(role_id=role.id).all()
|
return User.query.join(User.roles_).filter_by(role_id=role.id).all()
|
||||||
|
|
||||||
|
|
||||||
def get_user(uid):
|
def get_user(uid):
|
||||||
|
|
|
@ -53,14 +53,19 @@ class User(db.Model, ModelSerializeMixin):
|
||||||
firstname: str = db.Column(db.String(30))
|
firstname: str = db.Column(db.String(30))
|
||||||
lastname: str = db.Column(db.String(30))
|
lastname: str = db.Column(db.String(30))
|
||||||
mail: str = db.Column(db.String(30))
|
mail: str = db.Column(db.String(30))
|
||||||
roles: [Role] = db.relationship("Role", secondary=association_table)
|
roles: [str] = []
|
||||||
|
|
||||||
|
roles_: [Role] = db.relationship("Role", secondary=association_table)
|
||||||
_id = db.Column("id", db.Integer, primary_key=True)
|
_id = db.Column("id", db.Integer, primary_key=True)
|
||||||
_sessions = db.relationship("Session", back_populates="_user")
|
_sessions = db.relationship("Session", back_populates="_user")
|
||||||
_attributes = db.relationship(
|
_attributes = db.relationship(
|
||||||
"_UserAttribute", collection_class=attribute_mapped_collection("name"), cascade="all, delete"
|
"_UserAttribute", collection_class=attribute_mapped_collection("name"), cascade="all, delete"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def roles(self):
|
||||||
|
return [role.name for role in self.roles_]
|
||||||
|
|
||||||
def set_attribute(self, name, value):
|
def set_attribute(self, name, value):
|
||||||
if name in self._attributes:
|
if name in self._attributes:
|
||||||
self._attributes[name].value = value
|
self._attributes[name].value = value
|
||||||
|
@ -76,7 +81,7 @@ class User(db.Model, ModelSerializeMixin):
|
||||||
return default
|
return default
|
||||||
|
|
||||||
def get_permissions(self):
|
def get_permissions(self):
|
||||||
return ["user"] + [permission.name for role in self.roles for permission in role.permissions]
|
return ["user"] + [permission.name for role in self.roles_ for permission in role.permissions]
|
||||||
|
|
||||||
def has_permission(self, permission):
|
def has_permission(self, permission):
|
||||||
return permission in self.get_permissions()
|
return permission in self.get_permissions()
|
||||||
|
|
|
@ -49,7 +49,7 @@ def login():
|
||||||
|
|
||||||
# Lets cleanup the DB
|
# Lets cleanup the DB
|
||||||
sessionController.clear_expired()
|
sessionController.clear_expired()
|
||||||
return {"session": session, "user": user}, CREATED
|
return {"session": session, "user": user, "permissions": user.get_permissions()}, CREATED
|
||||||
|
|
||||||
|
|
||||||
@auth_bp.route("/auth", methods=["GET"])
|
@auth_bp.route("/auth", methods=["GET"])
|
||||||
|
|
|
@ -9,6 +9,7 @@ from flask import Blueprint, request, jsonify, make_response
|
||||||
from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed
|
from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed
|
||||||
|
|
||||||
from flaschengeist import logger
|
from flaschengeist import logger
|
||||||
|
from flaschengeist.models.user import User
|
||||||
from flaschengeist.plugins import Plugin
|
from flaschengeist.plugins import Plugin
|
||||||
from flaschengeist.decorator import login_required, extract_session
|
from flaschengeist.decorator import login_required, extract_session
|
||||||
from flaschengeist.controller import userController
|
from flaschengeist.controller import userController
|
||||||
|
@ -81,11 +82,14 @@ def get_user(userid, current_session):
|
||||||
current_session: Session sent with Authorization Header
|
current_session: Session sent with Authorization Header
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
JSON encoded `flaschengeist.models.user.User` or HTTP error
|
JSON encoded `flaschengeist.models.user.User` or if userid is current user also containing permissions or HTTP error
|
||||||
"""
|
"""
|
||||||
logger.debug("Get information of user {{ {} }}".format(userid))
|
logger.debug("Get information of user {{ {} }}".format(userid))
|
||||||
user = userController.get_user(userid)
|
user: User = userController.get_user(userid)
|
||||||
return jsonify(user)
|
serial = user.serialize()
|
||||||
|
if (userid == current_session._user.userid):
|
||||||
|
serial['permissions'] = user.get_permissions()
|
||||||
|
return jsonify(serial)
|
||||||
|
|
||||||
|
|
||||||
@users_bp.route("/users/<userid>", methods=["DELETE"])
|
@users_bp.route("/users/<userid>", methods=["DELETE"])
|
||||||
|
@ -132,9 +136,11 @@ def edit_user(userid, current_session):
|
||||||
password = None
|
password = None
|
||||||
new_password = data["new_password"] if "new_password" in data else None
|
new_password = data["new_password"] if "new_password" in data else None
|
||||||
|
|
||||||
|
author = user
|
||||||
if userid != current_session._user.userid:
|
if userid != current_session._user.userid:
|
||||||
if not user.has_permission(_permission_edit):
|
author = current_session._user
|
||||||
return Forbidden
|
if not author.has_permission(_permission_edit):
|
||||||
|
raise Forbidden
|
||||||
else:
|
else:
|
||||||
if "password" not in data:
|
if "password" not in data:
|
||||||
raise BadRequest("Password is missing")
|
raise BadRequest("Password is missing")
|
||||||
|
@ -145,7 +151,7 @@ def edit_user(userid, current_session):
|
||||||
setattr(user, key, data[key])
|
setattr(user, key, data[key])
|
||||||
|
|
||||||
if "roles" in data:
|
if "roles" in data:
|
||||||
if not user.has_permission(_permission_set_roles):
|
if not author.has_permission(_permission_set_roles):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
userController.set_roles(user, data["roles"])
|
userController.set_roles(user, data["roles"])
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue