From 1c1ea694d1e08e091787d700196a1accafc28890 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Sat, 19 Mar 2022 19:24:43 +0000 Subject: [PATCH] don't make everyone an admin :) --- api/kiwi_vpn_api/db/schemas.py | 14 +++++++++++++- api/kiwi_vpn_api/routers/admin.py | 9 ++++++--- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/api/kiwi_vpn_api/db/schemas.py b/api/kiwi_vpn_api/db/schemas.py index 6c3dbed..2663e72 100644 --- a/api/kiwi_vpn_api/db/schemas.py +++ b/api/kiwi_vpn_api/db/schemas.py @@ -30,6 +30,9 @@ class Certificate(CertificateBase): class UserCapability(Enum): admin = "admin" + def __str__(self) -> str: + return self._value_ + class UserBase(BaseModel): name: str @@ -108,7 +111,7 @@ class User(UserBase): user = models.User( name=user.name, password=crypt_context.hash(user.password), - capabilities=[models.UserCapability(capability="admin")], + capabilities=[], ) db.add(user) @@ -120,6 +123,15 @@ class User(UserBase): except IntegrityError: pass + def add_capabilities( + self, + db: Session, + capabilities: list[UserCapability], + ) -> bool: + # TODO + + return True + class DistinguishedNameBase(BaseModel): cn_only: bool diff --git a/api/kiwi_vpn_api/routers/admin.py b/api/kiwi_vpn_api/routers/admin.py index 0c80e3d..6143038 100644 --- a/api/kiwi_vpn_api/routers/admin.py +++ b/api/kiwi_vpn_api/routers/admin.py @@ -26,14 +26,17 @@ async def install( Connection.connect(await config.db.db_engine) async for db in Connection.get(): - # user.capabilities.append("admin") - - schemas.User.create( + admin_user = schemas.User.create( db=db, user=user, crypt_context=await config.crypto.crypt_context, ) + admin_user.add_capabilities( + db=db, + capabilities=[schemas.UserCapability.admin], + ) + @router.put( "/config",