"""Roles plugin Provides routes used to configure roles and permissions of users / roles. """ from werkzeug.exceptions import BadRequest from flask import Blueprint, request, jsonify from http.client import NO_CONTENT from flaschengeist.plugins import Plugin from flaschengeist.utils.decorators import login_required from flaschengeist.controller import roleController from flaschengeist.utils.HTTP import created roles_bp = Blueprint("roles", __name__) _permission_edit = "roles_edit" _permission_delete = "roles_delete" class RolesPlugin(Plugin): def __init__(self, config): super().__init__(config, roles_bp, permissions=[_permission_edit, _permission_delete]) @roles_bp.route("/roles", methods=["GET"]) @login_required() def list_roles(current_session): """List all existing roles Route: ``/roles`` | Method: ``GET`` Args: current_session: Session sent with Authorization Header Returns: JSON encoded array of `flaschengeist.models.user.Role` """ roles = roleController.get_all() return jsonify(roles) @roles_bp.route("/roles", methods=["POST"]) @login_required(permission=_permission_edit) def create_role(current_session): """Create new role Route: ``/roles`` | Method: ``POST`` POST-data: ``{name: string, permissions?: string[]}`` Args: current_session: Session sent with Authorization Header Returns: HTTP-201 and json encoded created Role or HTTP error """ data = request.get_json() if not data or "name" not in data: raise BadRequest if "permissions" in data: permissions = data["permissions"] return created(roleController.create_role(data["name"], permissions)) @roles_bp.route("/roles/permissions", methods=["GET"]) @login_required() def list_permissions(current_session): """List all existing permissions Route: ``/roles/permissions`` | Method: ``GET`` Args: current_session: Session sent with Authorization Header Returns: JSON encoded list of `flaschengeist.models.user.Permission` """ permissions = roleController.get_permissions() return jsonify(permissions) @roles_bp.route("/roles/", methods=["GET"]) @login_required() def get_role(role_name, current_session): """Get role by name Route: ``/roles/`` | Method: ``GET`` Args: role_name: Name of role to retrieve current_session: Session sent with Authorization Header Returns: JSON encoded `flaschengeist.models.user.Role` or HTTP error """ role = roleController.get(role_name) return jsonify(role) @roles_bp.route("/roles/", methods=["PUT"]) @login_required(permission=_permission_edit) def edit_role(role_id, current_session): """Edit role, rename and / or set permissions Route: ``/roles/`` | Method: ``PUT`` POST-data: ``{name?: string, permissions?: string[]}`` Args: role_id: Identifier of the role current_session: Session sent with Authorization Header Returns: HTTP-200 or HTTP error """ role = roleController.get(role_id) data = request.get_json() if "permissions" in data: roleController.set_permissions(role, data["permissions"]) if "name" in data: roleController.update_role(role, data["name"]) return "", NO_CONTENT @roles_bp.route("/roles/", methods=["DELETE"]) @login_required(permission=_permission_delete) def delete_role(role_id, current_session): """Delete role Route: ``/roles/`` | Method: ``DELETE`` Args: role_id: Identifier of the role current_session: Session sent with Authorization Header Returns: HTTP-204 or HTTP error """ role = roleController.get(role_id) roleController.delete(role) return "", NO_CONTENT