[System] Fixed usage of protected members
This commit is contained in:
parent
e14553651f
commit
c3b5721202
|
@ -22,19 +22,19 @@ def validate_token(token, user_agent, permissions):
|
||||||
A Session for this given Token or False.
|
A Session for this given Token or False.
|
||||||
"""
|
"""
|
||||||
logger.debug("check token {{ {} }} is valid".format(token))
|
logger.debug("check token {{ {} }} is valid".format(token))
|
||||||
access_token = Session.query.filter_by(token=token).one_or_none()
|
session = Session.query.filter_by(token=token).one_or_none()
|
||||||
if access_token:
|
if session:
|
||||||
logger.debug("token found, check if expired or invalid user agent differs")
|
logger.debug("token found, check if expired or invalid user agent differs")
|
||||||
if access_token.expires >= datetime.now(timezone.utc) and (
|
if session.expires >= datetime.now(timezone.utc) and (
|
||||||
access_token.browser == user_agent.browser and access_token.platform == user_agent.platform
|
session.browser == user_agent.browser and session.platform == user_agent.platform
|
||||||
):
|
):
|
||||||
if not permissions or access_token.user.has_permissions(permissions):
|
if not permissions or session._user.has_permissions(permissions):
|
||||||
access_token.refresh()
|
session.refresh()
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
return access_token
|
return session
|
||||||
else:
|
else:
|
||||||
logger.debug("access token is out of date or invalid client used")
|
logger.debug("access token is out of date or invalid client used")
|
||||||
delete_session(access_token)
|
delete_session(session)
|
||||||
logger.debug("no valid access token with token: {{ {} }} and permissions: {{ {} }}".format(token, permissions))
|
logger.debug("no valid access token with token: {{ {} }} and permissions: {{ {} }}".format(token, permissions))
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ def get_session(token, owner=None):
|
||||||
Session: Token object identified by given token string
|
Session: Token object identified by given token string
|
||||||
"""
|
"""
|
||||||
session = Session.query.filter(Session.token == token).one_or_none()
|
session = Session.query.filter(Session.token == token).one_or_none()
|
||||||
if session and (owner and owner != session.user):
|
if session and (owner and owner != session._user):
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
return session
|
return session
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ def update_user(user):
|
||||||
def set_roles(user: User, roles: [str]):
|
def set_roles(user: User, roles: [str]):
|
||||||
user.roles.clear()
|
user.roles.clear()
|
||||||
for role_name in roles:
|
for role_name in roles:
|
||||||
role = Role.query.filter(Role.name == role_name).one_or_one()
|
role = Role.query.filter(Role.name == role_name).one_or_none()
|
||||||
if not role:
|
if not role:
|
||||||
raise BadRequest("Role not found >{}<".format(role_name))
|
raise BadRequest("Role not found >{}<".format(role_name))
|
||||||
user.roles.append(role)
|
user.roles.append(role)
|
||||||
|
|
Loading…
Reference in New Issue