[Plugin] Roles: Fixed controller and Model

* Identify role by id not name, as name might change
* Set permissions and Delete Role are fixed (db exception was thrown)
This commit is contained in:
Ferdinand Thiessen 2020-11-09 03:44:35 +01:00
parent 6f0e9854d6
commit 824ffc8675
3 changed files with 25 additions and 21 deletions

View File

@ -11,9 +11,13 @@ def get_all():
def get(role_name): def get(role_name):
role = Role.query.filter(Role.name == role_name).one_or_none() if type(role_name) is int:
role = Role.query.get(role_name)
else:
role = Role.query.filter(Role.name == role_name).one_or_none()
if not role: if not role:
raise NotFound raise NotFound
return role
def get_permissions(): def get_permissions():
@ -25,11 +29,12 @@ def update_role(role):
def set_permissions(role, permissions): def set_permissions(role, permissions):
role.permissions.clear()
for name in permissions: for name in permissions:
p = Permission.query.filter(Permission.name == name).one_or_none() p = Permission.query.filter(Permission.name.in_(permissions)).all()
if not p: if not p or len(p) < len(permissions):
raise BadRequest("Invalid permission name >{}<".format(name)) raise BadRequest("Invalid permission name >{}<".format(name))
role.permissions.append(p) role.permissions.extend(p)
db.session.commit() db.session.commit()
@ -50,10 +55,10 @@ def create_role(name: str, permissions=[]):
def delete(role): def delete(role):
role.permissions.clear()
try: try:
num = Role.query.filter(Role.id == role.id).delete() db.session.delete(role)
db.session.commit()
except IntegrityError: except IntegrityError:
logger.debug("IntegrityError: Role might still be in use", exc_info=True) logger.debug("IntegrityError: Role might still be in use", exc_info=True)
raise BadRequest("Role still in use") raise BadRequest("Role still in use")
db.session.commit()
return num == 1

View File

@ -25,13 +25,12 @@ class Permission(db.Model, ModelSerializeMixin):
class Role(db.Model, ModelSerializeMixin): class Role(db.Model, ModelSerializeMixin):
__tablename__ = "role" __tablename__ = "role"
id: int = db.Column(db.Integer, primary_key=True)
name: str = db.Column(db.String(30), unique=True) name: str = db.Column(db.String(30), unique=True)
permissions: [Permission] = db.relationship( permissions: [Permission] = db.relationship(
"Permission", secondary=role_permission_association_table, cascade="all, delete" "Permission", secondary=role_permission_association_table
) )
_id = db.Column("id", db.Integer, primary_key=True)
class User(db.Model, ModelSerializeMixin): class User(db.Model, ModelSerializeMixin):
"""Database Object for User """Database Object for User

View File

@ -50,7 +50,7 @@ def create_role(current_session):
current_session: Session sent with Authorization Header current_session: Session sent with Authorization Header
Returns: Returns:
HTTP-200 or HTTP error HTTP-201 or HTTP error
""" """
data = request.get_json() data = request.get_json()
if not data or "name" not in data: if not data or "name" not in data:
@ -96,23 +96,23 @@ def get_role(role_name, current_session):
return jsonify(role) return jsonify(role)
@roles_bp.route("/roles/<role_name>", methods=["PUT"]) @roles_bp.route("/roles/<int:role_id>", methods=["PUT"])
@login_required(permission=_permission_edit) @login_required(permission=_permission_edit)
def edit_role(role_name, current_session): def edit_role(role_id, current_session):
"""Edit role, rename and / or set permissions """Edit role, rename and / or set permissions
Route: ``/roles/<role_name>`` | Method: ``PUT`` Route: ``/roles/<role_id>`` | Method: ``PUT``
POST-data: ``{name?: string, permissions?: string[]}`` POST-data: ``{name?: string, permissions?: string[]}``
Args: Args:
role_name: Name of role role_id: Identifier of the role
current_session: Session sent with Authorization Header current_session: Session sent with Authorization Header
Returns: Returns:
HTTP-200 or HTTP error HTTP-200 or HTTP error
""" """
role = roleController.get(role_name) role = roleController.get(role_id)
data = request.get_json() data = request.get_json()
if "name" in data: if "name" in data:
@ -123,20 +123,20 @@ def edit_role(role_name, current_session):
return "", NO_CONTENT return "", NO_CONTENT
@roles_bp.route("/roles/<role_name>", methods=["DELETE"]) @roles_bp.route("/roles/<int:role_id>", methods=["DELETE"])
@login_required(permission=_permission_edit) @login_required(permission=_permission_edit)
def delete_role(role_name, current_session): def delete_role(role_id, current_session):
"""Delete role """Delete role
Route: ``/roles/<role_name>`` | Method: ``DELETE`` Route: ``/roles/<role_id>`` | Method: ``DELETE``
Args: Args:
role_name: Name of role role_id: Identifier of the role
current_session: Session sent with Authorization Header current_session: Session sent with Authorization Header
Returns: Returns:
HTTP-204 or HTTP error HTTP-204 or HTTP error
""" """
role = roleController.get(role_name) role = roleController.get(role_id)
roleController.delete(role) roleController.delete(role)
return "", NO_CONTENT return "", NO_CONTENT