From c3b5721202cace4f91e9f8cff5771d25b0c24cf0 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <rpm@fthiessen.de>
Date: Tue, 27 Oct 2020 13:37:13 +0100
Subject: [PATCH] [System] Fixed usage of protected members

---
 .../system/controller/sessionController.py     | 18 +++++++++---------
 .../system/controller/userController.py        |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/flaschengeist/system/controller/sessionController.py b/flaschengeist/system/controller/sessionController.py
index 4be467b..e9699f7 100644
--- a/flaschengeist/system/controller/sessionController.py
+++ b/flaschengeist/system/controller/sessionController.py
@@ -22,19 +22,19 @@ def validate_token(token, user_agent, permissions):
         A Session for this given Token or False.
     """
     logger.debug("check token {{ {} }} is valid".format(token))
-    access_token = Session.query.filter_by(token=token).one_or_none()
-    if access_token:
+    session = Session.query.filter_by(token=token).one_or_none()
+    if session:
         logger.debug("token found, check if expired or invalid user agent differs")
-        if access_token.expires >= datetime.now(timezone.utc) and (
-            access_token.browser == user_agent.browser and access_token.platform == user_agent.platform
+        if session.expires >= datetime.now(timezone.utc) and (
+            session.browser == user_agent.browser and session.platform == user_agent.platform
         ):
-            if not permissions or access_token.user.has_permissions(permissions):
-                access_token.refresh()
+            if not permissions or session._user.has_permissions(permissions):
+                session.refresh()
                 db.session.commit()
-                return access_token
+                return session
         else:
             logger.debug("access token is out of date or invalid client used")
-            delete_session(access_token)
+            delete_session(session)
     logger.debug("no valid access token with token: {{ {} }} and permissions: {{ {} }}".format(token, permissions))
     return False
 
@@ -78,7 +78,7 @@ def get_session(token, owner=None):
         Session: Token object identified by given token string
     """
     session = Session.query.filter(Session.token == token).one_or_none()
-    if session and (owner and owner != session.user):
+    if session and (owner and owner != session._user):
         raise Forbidden
     return session
 
diff --git a/flaschengeist/system/controller/userController.py b/flaschengeist/system/controller/userController.py
index 9415bf6..15b7ab2 100644
--- a/flaschengeist/system/controller/userController.py
+++ b/flaschengeist/system/controller/userController.py
@@ -28,7 +28,7 @@ def update_user(user):
 def set_roles(user: User, roles: [str]):
     user.roles.clear()
     for role_name in roles:
-        role = Role.query.filter(Role.name == role_name).one_or_one()
+        role = Role.query.filter(Role.name == role_name).one_or_none()
         if not role:
             raise BadRequest("Role not found >{}<".format(role_name))
         user.roles.append(role)