143 lines
3.8 KiB
Python
143 lines
3.8 KiB
Python
"""Roles plugin
|
|
|
|
Provides routes used to configure roles and permissions of users / roles.
|
|
"""
|
|
|
|
from werkzeug.exceptions import BadRequest
|
|
from flask import Blueprint, request, jsonify
|
|
from http.client import NO_CONTENT
|
|
|
|
from flaschengeist.plugins import Plugin
|
|
from flaschengeist.utils.decorators import login_required
|
|
from flaschengeist.controller import roleController
|
|
from flaschengeist.utils.HTTP import created
|
|
|
|
roles_bp = Blueprint("roles", __name__)
|
|
_permission_edit = "roles_edit"
|
|
_permission_delete = "roles_delete"
|
|
|
|
|
|
class RolesPlugin(Plugin):
|
|
def __init__(self, config):
|
|
super().__init__(config, roles_bp, permissions=[_permission_edit, _permission_delete])
|
|
|
|
|
|
@roles_bp.route("/roles", methods=["GET"])
|
|
@login_required()
|
|
def list_roles(current_session):
|
|
"""List all existing roles
|
|
|
|
Route: ``/roles`` | Method: ``GET``
|
|
|
|
Args:
|
|
current_session: Session sent with Authorization Header
|
|
|
|
Returns:
|
|
JSON encoded array of `flaschengeist.models.user.Role`
|
|
"""
|
|
roles = roleController.get_all()
|
|
return jsonify(roles)
|
|
|
|
|
|
@roles_bp.route("/roles", methods=["POST"])
|
|
@login_required(permission=_permission_edit)
|
|
def create_role(current_session):
|
|
"""Create new role
|
|
|
|
Route: ``/roles`` | Method: ``POST``
|
|
|
|
POST-data: ``{name: string, permissions?: string[]}``
|
|
|
|
Args:
|
|
current_session: Session sent with Authorization Header
|
|
|
|
Returns:
|
|
HTTP-201 and json encoded created Role or HTTP error
|
|
"""
|
|
data = request.get_json()
|
|
if not data or "name" not in data:
|
|
raise BadRequest
|
|
if "permissions" in data:
|
|
permissions = data["permissions"]
|
|
return created(roleController.create_role(data["name"], permissions))
|
|
|
|
|
|
@roles_bp.route("/roles/permissions", methods=["GET"])
|
|
@login_required()
|
|
def list_permissions(current_session):
|
|
"""List all existing permissions
|
|
|
|
Route: ``/roles/permissions`` | Method: ``GET``
|
|
|
|
Args:
|
|
current_session: Session sent with Authorization Header
|
|
|
|
Returns:
|
|
JSON encoded list of `flaschengeist.models.user.Permission`
|
|
"""
|
|
permissions = roleController.get_permissions()
|
|
return jsonify(permissions)
|
|
|
|
|
|
@roles_bp.route("/roles/<role_name>", methods=["GET"])
|
|
@login_required()
|
|
def get_role(role_name, current_session):
|
|
"""Get role by name
|
|
|
|
Route: ``/roles/<role_name>`` | Method: ``GET``
|
|
|
|
Args:
|
|
role_name: Name of role to retrieve
|
|
current_session: Session sent with Authorization Header
|
|
|
|
Returns:
|
|
JSON encoded `flaschengeist.models.user.Role` or HTTP error
|
|
"""
|
|
role = roleController.get(role_name)
|
|
return jsonify(role)
|
|
|
|
|
|
@roles_bp.route("/roles/<int:role_id>", methods=["PUT"])
|
|
@login_required(permission=_permission_edit)
|
|
def edit_role(role_id, current_session):
|
|
"""Edit role, rename and / or set permissions
|
|
|
|
Route: ``/roles/<role_id>`` | Method: ``PUT``
|
|
|
|
POST-data: ``{name?: string, permissions?: string[]}``
|
|
|
|
Args:
|
|
role_id: Identifier of the role
|
|
current_session: Session sent with Authorization Header
|
|
|
|
Returns:
|
|
HTTP-200 or HTTP error
|
|
"""
|
|
role = roleController.get(role_id)
|
|
|
|
data = request.get_json()
|
|
if "permissions" in data:
|
|
roleController.set_permissions(role, data["permissions"])
|
|
if "name" in data:
|
|
roleController.update_role(role, data["name"])
|
|
return "", NO_CONTENT
|
|
|
|
|
|
@roles_bp.route("/roles/<int:role_id>", methods=["DELETE"])
|
|
@login_required(permission=_permission_delete)
|
|
def delete_role(role_id, current_session):
|
|
"""Delete role
|
|
|
|
Route: ``/roles/<role_id>`` | Method: ``DELETE``
|
|
|
|
Args:
|
|
role_id: Identifier of the role
|
|
current_session: Session sent with Authorization Header
|
|
|
|
Returns:
|
|
HTTP-204 or HTTP error
|
|
"""
|
|
role = roleController.get(role_id)
|
|
roleController.delete(role)
|
|
return "", NO_CONTENT
|