start "permission" implementation
This commit is contained in:
parent
bb53bab0c0
commit
0d02c24b64
3 changed files with 41 additions and 3 deletions
|
@ -13,7 +13,8 @@ import uvicorn
|
||||||
from fastapi import FastAPI
|
from fastapi import FastAPI
|
||||||
|
|
||||||
from .config import Config, Settings
|
from .config import Config, Settings
|
||||||
from .db import Connection, User, UserRead
|
from .db import Connection, User
|
||||||
|
from .permission import Permission
|
||||||
from .routers import main_router
|
from .routers import main_router
|
||||||
|
|
||||||
app = FastAPI(
|
app = FastAPI(
|
||||||
|
@ -43,9 +44,11 @@ async def on_startup() -> None:
|
||||||
Connection.connect(current_config.db.uri)
|
Connection.connect(current_config.db.uri)
|
||||||
|
|
||||||
# some testing
|
# some testing
|
||||||
print(UserRead.from_orm(User.get("admin")))
|
print(admin := User.get("admin"))
|
||||||
print(User.get("nonexistent"))
|
print(User.get("nonexistent"))
|
||||||
|
|
||||||
|
print(Permission._(admin, admin))
|
||||||
|
|
||||||
|
|
||||||
def main() -> None:
|
def main() -> None:
|
||||||
uvicorn.run(
|
uvicorn.run(
|
||||||
|
|
35
api/kiwi_vpn_api/permission.py
Normal file
35
api/kiwi_vpn_api/permission.py
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
from enum import Enum, auto
|
||||||
|
|
||||||
|
from .db import User
|
||||||
|
|
||||||
|
|
||||||
|
class Permission(Enum):
|
||||||
|
tag = auto()
|
||||||
|
untag = auto()
|
||||||
|
edit = auto()
|
||||||
|
delete = auto()
|
||||||
|
|
||||||
|
def __repr__(self) -> str:
|
||||||
|
return self.name
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def _(
|
||||||
|
cls,
|
||||||
|
actor: User | None,
|
||||||
|
target: User,
|
||||||
|
) -> set[Permission]:
|
||||||
|
result = set()
|
||||||
|
|
||||||
|
if actor is None:
|
||||||
|
return result
|
||||||
|
|
||||||
|
if isinstance(target, User):
|
||||||
|
if actor.is_admin():
|
||||||
|
if target != actor:
|
||||||
|
result |= set([cls.tag, cls.untag, cls.delete])
|
||||||
|
|
||||||
|
result.add(cls.edit)
|
||||||
|
|
||||||
|
return result
|
|
@ -13,7 +13,7 @@
|
||||||
- custom DN parts: country, state, city, org, OU
|
- custom DN parts: country, state, city, org, OU
|
||||||
- email
|
- email
|
||||||
|
|
||||||
## User caps
|
## User tags
|
||||||
- admin: administrator
|
- admin: administrator
|
||||||
- login: can log into the web interface
|
- login: can log into the web interface
|
||||||
- issue: can certify own devices without approval
|
- issue: can certify own devices without approval
|
||||||
|
|
Loading…
Reference in a new issue