don't make everyone an admin :)

2022-03-19 19:24:43 +00:00 · 2022-03-19 19:24:43 +00:00 · 1c1ea694d1
commit 1c1ea694d1
parent 5eb9d4d113
2 changed files with 19 additions and 4 deletions
--- a/api/kiwi_vpn_api/db/schemas.py
+++ b/api/kiwi_vpn_api/db/schemas.py
@ -30,6 +30,9 @@ class Certificate(CertificateBase):
 class UserCapability(Enum):
    admin = "admin"

+    def __str__(self) -> str:
+        return self._value_
+

 class UserBase(BaseModel):
    name: str
@ -108,7 +111,7 @@ class User(UserBase):
            user = models.User(
                name=user.name,
                password=crypt_context.hash(user.password),
-                capabilities=[models.UserCapability(capability="admin")],
+                capabilities=[],
            )

            db.add(user)
@ -120,6 +123,15 @@ class User(UserBase):
        except IntegrityError:
            pass

+    def add_capabilities(
+        self,
+        db: Session,
+        capabilities: list[UserCapability],
+    ) -> bool:
+        # TODO
+
+        return True
+

 class DistinguishedNameBase(BaseModel):
    cn_only: bool
--- a/api/kiwi_vpn_api/routers/admin.py
+++ b/api/kiwi_vpn_api/routers/admin.py
@ -26,14 +26,17 @@ async def install(
    Connection.connect(await config.db.db_engine)

    async for db in Connection.get():
-        # user.capabilities.append("admin")
-
-        schemas.User.create(
+        admin_user = schemas.User.create(
            db=db,
            user=user,
            crypt_context=await config.crypto.crypt_context,
        )

+        admin_user.add_capabilities(
+            db=db,
+            capabilities=[schemas.UserCapability.admin],
+        )
+

@router.put(
    "/config",