start "permission" implementation

This commit is contained in:
Jörn-Michael Miehe 2022-03-29 20:46:40 +00:00
parent bb53bab0c0
commit 0d02c24b64
3 changed files with 41 additions and 3 deletions

View file

@ -13,7 +13,8 @@ import uvicorn
from fastapi import FastAPI from fastapi import FastAPI
from .config import Config, Settings from .config import Config, Settings
from .db import Connection, User, UserRead from .db import Connection, User
from .permission import Permission
from .routers import main_router from .routers import main_router
app = FastAPI( app = FastAPI(
@ -43,9 +44,11 @@ async def on_startup() -> None:
Connection.connect(current_config.db.uri) Connection.connect(current_config.db.uri)
# some testing # some testing
print(UserRead.from_orm(User.get("admin"))) print(admin := User.get("admin"))
print(User.get("nonexistent")) print(User.get("nonexistent"))
print(Permission._(admin, admin))
def main() -> None: def main() -> None:
uvicorn.run( uvicorn.run(

View file

@ -0,0 +1,35 @@
from __future__ import annotations
from enum import Enum, auto
from .db import User
class Permission(Enum):
tag = auto()
untag = auto()
edit = auto()
delete = auto()
def __repr__(self) -> str:
return self.name
@classmethod
def _(
cls,
actor: User | None,
target: User,
) -> set[Permission]:
result = set()
if actor is None:
return result
if isinstance(target, User):
if actor.is_admin():
if target != actor:
result |= set([cls.tag, cls.untag, cls.delete])
result.add(cls.edit)
return result

View file

@ -13,7 +13,7 @@
- custom DN parts: country, state, city, org, OU - custom DN parts: country, state, city, org, OU
- email - email
## User caps ## User tags
- admin: administrator - admin: administrator
- login: can log into the web interface - login: can log into the web interface
- issue: can certify own devices without approval - issue: can certify own devices without approval