[cleanup] Fixed member names
* Use _name only for protected members (should not be used outside the class * Use name_ instead for all members which should not be API exported
This commit is contained in:
parent
cb342c07e8
commit
a476e4f5b1
|
|
@ -31,7 +31,7 @@ def validate_token(token, user_agent, permission):
|
||||||
if session.expires >= datetime.now(timezone.utc) and (
|
if session.expires >= datetime.now(timezone.utc) and (
|
||||||
session.browser == user_agent.browser and session.platform == user_agent.platform
|
session.browser == user_agent.browser and session.platform == user_agent.platform
|
||||||
):
|
):
|
||||||
if not permission or session._user.has_permission(permission):
|
if not permission or session.user_.has_permission(permission):
|
||||||
session.refresh()
|
session.refresh()
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
return session
|
return session
|
||||||
|
|
@ -58,7 +58,7 @@ def create(user, user_agent=None) -> Session:
|
||||||
token_str = secrets.token_hex(16)
|
token_str = secrets.token_hex(16)
|
||||||
session = Session(
|
session = Session(
|
||||||
token=token_str,
|
token=token_str,
|
||||||
_user=user,
|
user_=user,
|
||||||
lifetime=lifetime,
|
lifetime=lifetime,
|
||||||
browser=user_agent.browser,
|
browser=user_agent.browser,
|
||||||
platform=user_agent.platform,
|
platform=user_agent.platform,
|
||||||
|
|
@ -83,13 +83,13 @@ def get_session(token, owner=None):
|
||||||
Session: Token object identified by given token string
|
Session: Token object identified by given token string
|
||||||
"""
|
"""
|
||||||
session = Session.query.filter(Session.token == token).one_or_none()
|
session = Session.query.filter(Session.token == token).one_or_none()
|
||||||
if session and (owner and owner != session._user):
|
if session and (owner and owner != session.user_):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
return session
|
return session
|
||||||
|
|
||||||
|
|
||||||
def get_users_sessions(user):
|
def get_users_sessions(user):
|
||||||
return Session.query.filter(Session._user == user)
|
return Session.query.filter(Session.user_ == user)
|
||||||
|
|
||||||
|
|
||||||
def delete_sessions(user):
|
def delete_sessions(user):
|
||||||
|
|
@ -98,7 +98,7 @@ def delete_sessions(user):
|
||||||
Args:
|
Args:
|
||||||
user (User): User to delete all sessions for
|
user (User): User to delete all sessions for
|
||||||
"""
|
"""
|
||||||
Session.query.filter(Session._user_id == user._id).delete()
|
Session.query.filter(Session.user_.id_ == user.id_).delete()
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,9 @@ from flaschengeist.controller import messageController, sessionController
|
||||||
|
|
||||||
def _generate_password_reset(user):
|
def _generate_password_reset(user):
|
||||||
"""Generate a password reset link for the user"""
|
"""Generate a password reset link for the user"""
|
||||||
reset = _PasswordReset.query.get(user._id)
|
reset = _PasswordReset.query.get(user.id_)
|
||||||
if not reset:
|
if not reset:
|
||||||
reset = _PasswordReset(_user_id=user._id)
|
reset = _PasswordReset(_user_id=user.id_)
|
||||||
db.session.add(reset)
|
db.session.add(reset)
|
||||||
|
|
||||||
expires = datetime.now(tz=timezone.utc)
|
expires = datetime.now(tz=timezone.utc)
|
||||||
|
|
|
||||||
|
|
@ -27,12 +27,12 @@ class Session(db.Model, ModelSerializeMixin):
|
||||||
userid: str = ""
|
userid: str = ""
|
||||||
|
|
||||||
_id = db.Column("id", db.Integer, primary_key=True)
|
_id = db.Column("id", db.Integer, primary_key=True)
|
||||||
_user: User = db.relationship("User", back_populates="_sessions")
|
|
||||||
_user_id = db.Column("user_id", db.Integer, db.ForeignKey("user.id"))
|
_user_id = db.Column("user_id", db.Integer, db.ForeignKey("user.id"))
|
||||||
|
user_: User = db.relationship("User", back_populates="sessions_")
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def userid(self):
|
def userid(self):
|
||||||
return self._user.userid
|
return self.user_.userid
|
||||||
|
|
||||||
def refresh(self):
|
def refresh(self):
|
||||||
"""Update the Timestamp
|
"""Update the Timestamp
|
||||||
|
|
|
||||||
|
|
@ -62,9 +62,10 @@ class User(db.Model, ModelSerializeMixin):
|
||||||
permissions: Optional[list[str]] = None
|
permissions: Optional[list[str]] = None
|
||||||
avatar_url: Optional[str] = ""
|
avatar_url: Optional[str] = ""
|
||||||
|
|
||||||
|
id_ = db.Column("id", db.Integer, primary_key=True)
|
||||||
roles_: list[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
|
roles_: list[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
|
||||||
_id = db.Column("id", db.Integer, primary_key=True)
|
sessions_ = db.relationship("Session", back_populates="user_")
|
||||||
_sessions = db.relationship("Session", back_populates="_user")
|
|
||||||
_attributes = db.relationship(
|
_attributes = db.relationship(
|
||||||
"_UserAttribute", collection_class=attribute_mapped_collection("name"), cascade="all, delete"
|
"_UserAttribute", collection_class=attribute_mapped_collection("name"), cascade="all, delete"
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ def get_sessions(current_session, **kwargs):
|
||||||
Returns:
|
Returns:
|
||||||
A JSON array of `flaschengeist.models.session.Session` or HTTP error
|
A JSON array of `flaschengeist.models.session.Session` or HTTP error
|
||||||
"""
|
"""
|
||||||
sessions = sessionController.get_users_sessions(current_session._user)
|
sessions = sessionController.get_users_sessions(current_session.user_)
|
||||||
return jsonify(sessions)
|
return jsonify(sessions)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -77,7 +77,7 @@ def delete_session(token, current_session, **kwargs):
|
||||||
200 Status (empty) or HTTP error
|
200 Status (empty) or HTTP error
|
||||||
"""
|
"""
|
||||||
logger.debug("Try to delete access token {{ {} }}".format(token))
|
logger.debug("Try to delete access token {{ {} }}".format(token))
|
||||||
session = sessionController.get_session(token, current_session._user)
|
session = sessionController.get_session(token, current_session.user_)
|
||||||
if not session:
|
if not session:
|
||||||
logger.debug("Token not found in database!")
|
logger.debug("Token not found in database!")
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
|
|
@ -103,7 +103,7 @@ def get_session(token, current_session, **kwargs):
|
||||||
JSON encoded `flaschengeist.models.session.Session` or HTTP error
|
JSON encoded `flaschengeist.models.session.Session` or HTTP error
|
||||||
"""
|
"""
|
||||||
logger.debug("get token {{ {} }}".format(token))
|
logger.debug("get token {{ {} }}".format(token))
|
||||||
session = sessionController.get_session(token, current_session._user)
|
session = sessionController.get_session(token, current_session.user_)
|
||||||
if not session:
|
if not session:
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
|
|
@ -127,7 +127,7 @@ def set_lifetime(token, current_session, **kwargs):
|
||||||
Returns:
|
Returns:
|
||||||
HTTP-204 or HTTP error
|
HTTP-204 or HTTP error
|
||||||
"""
|
"""
|
||||||
session = sessionController.get_session(token, current_session._user)
|
session = sessionController.get_session(token, current_session.user_)
|
||||||
if not session:
|
if not session:
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
|
|
@ -136,7 +136,7 @@ def set_lifetime(token, current_session, **kwargs):
|
||||||
lifetime = request.get_json()["value"]
|
lifetime = request.get_json()["value"]
|
||||||
logger.debug(f"set lifetime >{lifetime}< to access token >{token}<")
|
logger.debug(f"set lifetime >{lifetime}< to access token >{token}<")
|
||||||
sessionController.set_lifetime(session, lifetime)
|
sessionController.set_lifetime(session, lifetime)
|
||||||
return jsonify(sessionController.get_session(token, current_session._user))
|
return jsonify(sessionController.get_session(token, current_session.user_))
|
||||||
except (KeyError, TypeError):
|
except (KeyError, TypeError):
|
||||||
raise BadRequest
|
raise BadRequest
|
||||||
|
|
||||||
|
|
@ -156,12 +156,12 @@ def get_assocd_user(token, current_session, **kwargs):
|
||||||
JSON encoded `flaschengeist.models.user.User` or HTTP error
|
JSON encoded `flaschengeist.models.user.User` or HTTP error
|
||||||
"""
|
"""
|
||||||
logger.debug("get token {{ {} }}".format(token))
|
logger.debug("get token {{ {} }}".format(token))
|
||||||
session = sessionController.get_session(token, current_session._user)
|
session = sessionController.get_session(token, current_session.user_)
|
||||||
if not session:
|
if not session:
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
return jsonify(session._user)
|
return jsonify(session.user_)
|
||||||
|
|
||||||
|
|
||||||
@auth_bp.route("/auth/reset", methods=["POST"])
|
@auth_bp.route("/auth/reset", methods=["POST"])
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,7 @@ def get_shortcuts(userid, current_session: Session):
|
||||||
GET: JSON object containing the shortcuts as float array or HTTP error
|
GET: JSON object containing the shortcuts as float array or HTTP error
|
||||||
PUT: HTTP-created or HTTP error
|
PUT: HTTP-created or HTTP error
|
||||||
"""
|
"""
|
||||||
if userid != current_session._user.userid:
|
if userid != current_session.user_.userid:
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
user = userController.get_user(userid)
|
user = userController.get_user(userid)
|
||||||
|
|
@ -98,8 +98,8 @@ def get_limit(userid, current_session: Session):
|
||||||
JSON object containing the limit (or Null if no limit set) or HTTP error
|
JSON object containing the limit (or Null if no limit set) or HTTP error
|
||||||
"""
|
"""
|
||||||
user = userController.get_user(userid)
|
user = userController.get_user(userid)
|
||||||
if (user != current_session._user and not current_session._user.has_permission(permissions.SET_LIMIT)) or (
|
if (user != current_session.user_ and not current_session.user_.has_permission(permissions.SET_LIMIT)) or (
|
||||||
user == current_session._user and not user.has_permission(permissions.SHOW)
|
user == current_session.user_ and not user.has_permission(permissions.SHOW)
|
||||||
):
|
):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
|
|
@ -148,7 +148,7 @@ def get_balance(userid, current_session: Session):
|
||||||
Returns:
|
Returns:
|
||||||
JSON object containing credit, debit and balance or HTTP error
|
JSON object containing credit, debit and balance or HTTP error
|
||||||
"""
|
"""
|
||||||
if userid != current_session._user.userid and not current_session._user.has_permission(permissions.SHOW_OTHER):
|
if userid != current_session.user_.userid and not current_session.user_.has_permission(permissions.SHOW_OTHER):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
# Might raise NotFound
|
# Might raise NotFound
|
||||||
|
|
@ -187,7 +187,7 @@ def get_transactions(userid, current_session: Session):
|
||||||
Returns:
|
Returns:
|
||||||
JSON Object {transactions: Transaction[], count?: number} or HTTP error
|
JSON Object {transactions: Transaction[], count?: number} or HTTP error
|
||||||
"""
|
"""
|
||||||
if userid != current_session._user.userid and not current_session._user.has_permission(permissions.SHOW_OTHER):
|
if userid != current_session.user_.userid and not current_session.user_.has_permission(permissions.SHOW_OTHER):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
# Might raise NotFound
|
# Might raise NotFound
|
||||||
|
|
@ -253,19 +253,19 @@ def change_balance(userid, current_session: Session):
|
||||||
if sender == user:
|
if sender == user:
|
||||||
raise BadRequest
|
raise BadRequest
|
||||||
|
|
||||||
if (sender == current_session._user and sender.has_permission(permissions.SEND)) or (
|
if (sender == current_session.user_ and sender.has_permission(permissions.SEND)) or (
|
||||||
sender != current_session._user and current_session._user.has_permission(permissions.SEND_OTHER)
|
sender != current_session.user_ and current_session.user_.has_permission(permissions.SEND_OTHER)
|
||||||
):
|
):
|
||||||
return HTTP.created(balance_controller.send(sender, user, amount, current_session._user))
|
return HTTP.created(balance_controller.send(sender, user, amount, current_session.user_))
|
||||||
|
|
||||||
elif (
|
elif (
|
||||||
amount < 0
|
amount < 0
|
||||||
and (
|
and (
|
||||||
(user == current_session._user and user.has_permission(permissions.DEBIT_OWN))
|
(user == current_session.user_ and user.has_permission(permissions.DEBIT_OWN))
|
||||||
or current_session._user.has_permission(permissions.DEBIT)
|
or current_session.user_.has_permission(permissions.DEBIT)
|
||||||
)
|
)
|
||||||
) or (amount > 0 and current_session._user.has_permission(permissions.CREDIT)):
|
) or (amount > 0 and current_session.user_.has_permission(permissions.CREDIT)):
|
||||||
return HTTP.created(balance_controller.change_balance(user, data["amount"], current_session._user))
|
return HTTP.created(balance_controller.change_balance(user, data["amount"], current_session.user_))
|
||||||
|
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
|
|
@ -286,11 +286,11 @@ def reverse_transaction(transaction_id, current_session: Session):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
transaction = balance_controller.get_transaction(transaction_id)
|
transaction = balance_controller.get_transaction(transaction_id)
|
||||||
if current_session._user.has_permission(permissions.REVERSAL) or (
|
if current_session.user_.has_permission(permissions.REVERSAL) or (
|
||||||
transaction.sender_ == current_session._user
|
transaction.sender_ == current_session.user_
|
||||||
and (datetime.now(tz=timezone.utc) - transaction.time).total_seconds() < 10
|
and (datetime.now(tz=timezone.utc) - transaction.time).total_seconds() < 10
|
||||||
):
|
):
|
||||||
reversal = balance_controller.reverse_transaction(transaction, current_session._user)
|
reversal = balance_controller.reverse_transaction(transaction, current_session.user_)
|
||||||
return HTTP.created(reversal)
|
return HTTP.created(reversal)
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -20,13 +20,13 @@ class Transaction(db.Model, ModelSerializeMixin):
|
||||||
id: int = db.Column("id", db.Integer, primary_key=True)
|
id: int = db.Column("id", db.Integer, primary_key=True)
|
||||||
time: datetime = db.Column(UtcDateTime, nullable=False, default=UtcDateTime.current_utc)
|
time: datetime = db.Column(UtcDateTime, nullable=False, default=UtcDateTime.current_utc)
|
||||||
amount: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
|
amount: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
|
||||||
reversal_id: int = db.Column(db.Integer, db.ForeignKey("balance_transaction.id"))
|
reversal_id: Optional[int] = db.Column(db.Integer, db.ForeignKey("balance_transaction.id"))
|
||||||
|
|
||||||
# Dummy properties used for JSON serialization (userid instead of full user)
|
# Dummy properties used for JSON serialization (userid instead of full user)
|
||||||
sender_id: Optional[str] = ""
|
author_id: Optional[str] = None
|
||||||
receiver_id: Optional[str] = ""
|
sender_id: Optional[str] = None
|
||||||
author_id: Optional[str] = ""
|
original_id: Optional[int] = None
|
||||||
original_id: Optional[int] = -1
|
receiver_id: Optional[str] = None
|
||||||
|
|
||||||
# Not exported relationships just in backend only
|
# Not exported relationships just in backend only
|
||||||
sender_: User = db.relationship("User", foreign_keys=[_sender_id])
|
sender_: User = db.relationship("User", foreign_keys=[_sender_id])
|
||||||
|
|
@ -40,7 +40,7 @@ class Transaction(db.Model, ModelSerializeMixin):
|
||||||
|
|
||||||
@sender_id.expression
|
@sender_id.expression
|
||||||
def sender_id(cls):
|
def sender_id(cls):
|
||||||
return db.select([User.userid]).where(cls._sender_id == User._id).as_scalar()
|
return db.select([User.userid]).where(cls._sender_id == User.id_).as_scalar()
|
||||||
|
|
||||||
@hybrid_property
|
@hybrid_property
|
||||||
def receiver_id(self):
|
def receiver_id(self):
|
||||||
|
|
@ -48,7 +48,7 @@ class Transaction(db.Model, ModelSerializeMixin):
|
||||||
|
|
||||||
@receiver_id.expression
|
@receiver_id.expression
|
||||||
def receiver_id(cls):
|
def receiver_id(cls):
|
||||||
return db.select([User.userid]).where(cls._receiver_id == User._id).as_scalar()
|
return db.select([User.userid]).where(cls._receiver_id == User.id_).as_scalar()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def author_id(self):
|
def author_id(self):
|
||||||
|
|
|
||||||
|
|
@ -241,7 +241,7 @@ def get_columns(userid, current_session: Session):
|
||||||
GET: JSON object containing the shortcuts as float array or HTTP error
|
GET: JSON object containing the shortcuts as float array or HTTP error
|
||||||
PUT: HTTP-created or HTTP error
|
PUT: HTTP-created or HTTP error
|
||||||
"""
|
"""
|
||||||
if userid != current_session._user.userid:
|
if userid != current_session.user_.userid:
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
user = userController.get_user(userid)
|
user = userController.get_user(userid)
|
||||||
|
|
|
||||||
|
|
@ -388,15 +388,15 @@ def update_job(event_id, job_id, current_session: Session):
|
||||||
if not data:
|
if not data:
|
||||||
raise BadRequest
|
raise BadRequest
|
||||||
|
|
||||||
if ("user" not in data or len(data) > 1) and not current_session._user.has_permission(permissions.EDIT):
|
if ("user" not in data or len(data) > 1) and not current_session.user_.has_permission(permissions.EDIT):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
if "user" in data:
|
if "user" in data:
|
||||||
try:
|
try:
|
||||||
user = userController.get_user(data["user"]["userid"])
|
user = userController.get_user(data["user"]["userid"])
|
||||||
value = data["user"]["value"]
|
value = data["user"]["value"]
|
||||||
if (user == current_session._user and not user.has_permission(permissions.ASSIGN)) or (
|
if (user == current_session.user_ and not user.has_permission(permissions.ASSIGN)) or (
|
||||||
user != current_session._user and not current_session._user.has_permission(permissions.ASSIGN_OTHER)
|
user != current_session.user_ and not current_session.user_.has_permission(permissions.ASSIGN_OTHER)
|
||||||
):
|
):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
event_controller.assign_to_job(job, user, value)
|
event_controller.assign_to_job(job, user, value)
|
||||||
|
|
|
||||||
|
|
@ -92,7 +92,7 @@ def get_user(userid, current_session):
|
||||||
logger.debug("Get information of user {{ {} }}".format(userid))
|
logger.debug("Get information of user {{ {} }}".format(userid))
|
||||||
user: User = userController.get_user(userid)
|
user: User = userController.get_user(userid)
|
||||||
serial = user.serialize()
|
serial = user.serialize()
|
||||||
if userid == current_session._user.userid:
|
if userid == current_session.user_.userid:
|
||||||
serial["permissions"] = user.get_permissions()
|
serial["permissions"] = user.get_permissions()
|
||||||
return jsonify(serial)
|
return jsonify(serial)
|
||||||
|
|
||||||
|
|
@ -113,7 +113,7 @@ def get_avatar(userid):
|
||||||
@login_required()
|
@login_required()
|
||||||
def set_avatar(userid, current_session):
|
def set_avatar(userid, current_session):
|
||||||
user = userController.get_user(userid)
|
user = userController.get_user(userid)
|
||||||
if userid != current_session._user.userid and not current_session._user.has_permission(permissions.EDIT):
|
if userid != current_session.user_.userid and not current_session.user_.has_permission(permissions.EDIT):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
|
||||||
file = request.files.get("file")
|
file = request.files.get("file")
|
||||||
|
|
@ -172,8 +172,8 @@ def edit_user(userid, current_session):
|
||||||
new_password = data["new_password"] if "new_password" in data else None
|
new_password = data["new_password"] if "new_password" in data else None
|
||||||
|
|
||||||
author = user
|
author = user
|
||||||
if userid != current_session._user.userid:
|
if userid != current_session.user_.userid:
|
||||||
author = current_session._user
|
author = current_session.user_
|
||||||
if not author.has_permission(permissions.EDIT):
|
if not author.has_permission(permissions.EDIT):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue