From 7b2334bd98987fae82e067eea87532f061ecb392 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Sat, 31 Oct 2020 18:03:04 +0100 Subject: [PATCH] [Plugin] Remove redundant code, balance and roles --- flaschengeist/plugins/balance/__init__.py | 6 ++---- flaschengeist/plugins/roles/__init__.py | 7 +++---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/flaschengeist/plugins/balance/__init__.py b/flaschengeist/plugins/balance/__init__.py index 5a24c8a..144e799 100644 --- a/flaschengeist/plugins/balance/__init__.py +++ b/flaschengeist/plugins/balance/__init__.py @@ -84,7 +84,7 @@ def set_limit(userid, current_session: Session): @balance_bp.route("/users//balance", methods=["GET"]) -@login_required() +@login_required(permission=permissions.SHOW) def get_balance(userid, current_session: Session): """Get balance of user, optionally filtered @@ -99,9 +99,7 @@ def get_balance(userid, current_session: Session): Returns: JSON object containing credit, debit and balance or HTTP error """ - if (userid == current_session._user.userid and not current_session._user.has_permission(permissions.SHOW)) or ( - userid != current_session._user.userid and not current_session._user.has_permission(permissions.SHOW_OTHER) - ): + if userid != current_session._user.userid and not current_session._user.has_permission(permissions.SHOW_OTHER): raise Forbidden # Might raise NotFound diff --git a/flaschengeist/plugins/roles/__init__.py b/flaschengeist/plugins/roles/__init__.py index b3710f6..be7ab4f 100644 --- a/flaschengeist/plugins/roles/__init__.py +++ b/flaschengeist/plugins/roles/__init__.py @@ -13,12 +13,11 @@ from flaschengeist.controller import roleController roles_bp = Blueprint("roles", __name__) _permission_edit = "roles_edit" -_permission_delete = "roles_delete" class RolesPlugin(Plugin): def __init__(self, config): - super().__init__(config, roles_bp, permissions=[_permission_edit, _permission_delete]) + super().__init__(config, roles_bp, permissions=[_permission_edit]) @roles_bp.route("/roles", methods=["GET"]) @@ -125,7 +124,7 @@ def edit_role(role_name, current_session): @roles_bp.route("/roles/", methods=["DELETE"]) -@login_required(permission=_permission_delete) +@login_required(permission=_permission_edit) def delete_role(role_name, current_session): """Delete role @@ -136,7 +135,7 @@ def delete_role(role_name, current_session): current_session: Session sent with Authorization Header Returns: - HTTP-200 or HTTP error + HTTP-204 or HTTP error """ role = roleController.get(role_name) roleController.delete(role)