From 499c97a28a6b387b28817f6bf46084389d1f37d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Mon, 28 Mar 2022 21:41:49 +0000 Subject: [PATCH] Capability -> UserCapabilityType --- api/kiwi_vpn_api/db/__init__.py | 15 ++++++++++++--- api/kiwi_vpn_api/db/user.py | 8 ++++---- api/kiwi_vpn_api/db/user_capability.py | 6 +++--- api/kiwi_vpn_api/routers/_common.py | 6 +++--- api/kiwi_vpn_api/routers/admin.py | 7 +++++-- api/kiwi_vpn_api/routers/user.py | 6 +++--- 6 files changed, 30 insertions(+), 18 deletions(-) diff --git a/api/kiwi_vpn_api/db/__init__.py b/api/kiwi_vpn_api/db/__init__.py index 099af9b..aa0cb3c 100644 --- a/api/kiwi_vpn_api/db/__init__.py +++ b/api/kiwi_vpn_api/db/__init__.py @@ -5,7 +5,16 @@ Package `db`: ORM and schemas for database content. from .connection import Connection from .device import Device, DeviceBase, DeviceCreate from .user import User, UserBase, UserCreate, UserRead -from .user_capability import Capability +from .user_capability import UserCapabilityType -__all__ = ["Capability", "Connection", "Device", "DeviceBase", "DeviceCreate", - "User", "UserBase", "UserCreate", "UserRead"] +__all__ = [ + "Connection", + "Device", + "DeviceBase", + "DeviceCreate", + "User", + "UserBase", + "UserCreate", + "UserRead", + "UserCapabilityType", +] diff --git a/api/kiwi_vpn_api/db/user.py b/api/kiwi_vpn_api/db/user.py index 71d3269..2058cd6 100644 --- a/api/kiwi_vpn_api/db/user.py +++ b/api/kiwi_vpn_api/db/user.py @@ -13,7 +13,7 @@ from sqlmodel import Field, Relationship, SQLModel from ..config import Config from .connection import Connection from .device import Device -from .user_capability import Capability, UserCapability +from .user_capability import UserCapabilityType, UserCapability class UserBase(SQLModel): @@ -162,7 +162,7 @@ class User(UserBase, table=True): db.delete(self) db.commit() - def get_capabilities(self) -> set[Capability]: + def get_capabilities(self) -> set[UserCapabilityType]: """ Return the capabilities of this user. """ @@ -172,14 +172,14 @@ class User(UserBase, table=True): for capability in self.capabilities ) - def can(self, capability: Capability) -> bool: + def can(self, capability: UserCapabilityType) -> bool: """ Check if this user has a capability. """ return capability in self.get_capabilities() - def set_capabilities(self, capabilities: set[Capability]) -> None: + def set_capabilities(self, capabilities: set[UserCapabilityType]) -> None: """ Change the capabilities of this user. """ diff --git a/api/kiwi_vpn_api/db/user_capability.py b/api/kiwi_vpn_api/db/user_capability.py index 9fd3cb1..e41a0e8 100644 --- a/api/kiwi_vpn_api/db/user_capability.py +++ b/api/kiwi_vpn_api/db/user_capability.py @@ -11,7 +11,7 @@ if TYPE_CHECKING: from .user import User -class Capability(Enum): +class UserCapabilityType(Enum): """ Allowed values for capabilities """ @@ -33,12 +33,12 @@ class UserCapabilityBase(SQLModel): capability_name: str = Field(primary_key=True) @property - def _(self) -> Capability: + def _(self) -> UserCapabilityType: """ Transform into a `Capability`. """ - return Capability(self.capability_name) + return UserCapabilityType(self.capability_name) def __repr__(self) -> str: return self.capability_name diff --git a/api/kiwi_vpn_api/routers/_common.py b/api/kiwi_vpn_api/routers/_common.py index dd49d41..3bb0768 100644 --- a/api/kiwi_vpn_api/routers/_common.py +++ b/api/kiwi_vpn_api/routers/_common.py @@ -7,7 +7,7 @@ from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from ..config import Config, Settings -from ..db import Capability, User +from ..db import UserCapabilityType, User oauth2_scheme = OAuth2PasswordBearer( tokenUrl=f"{Settings._.api_v1_prefix}/user/authenticate" @@ -93,7 +93,7 @@ async def get_current_user_if_admin( """ # fail if not requested by an admin - if not current_user.can(Capability.admin): + if not current_user.can(UserCapabilityType.admin): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) return current_user @@ -111,7 +111,7 @@ async def get_current_user_if_admin_or_self( """ # fail if not requested by an admin or self - if not (current_user.can(Capability.admin) + if not (current_user.can(UserCapabilityType.admin) or current_user.name == user_name): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) diff --git a/api/kiwi_vpn_api/routers/admin.py b/api/kiwi_vpn_api/routers/admin.py index 36b3332..ea4187d 100644 --- a/api/kiwi_vpn_api/routers/admin.py +++ b/api/kiwi_vpn_api/routers/admin.py @@ -7,7 +7,7 @@ from fastapi import APIRouter, Depends, HTTPException, status from sqlmodel import select from ..config import Config -from ..db import Capability, Connection, User, UserCreate +from ..db import Connection, User, UserCapabilityType, UserCreate from ._common import Responses, get_current_user_if_admin router = APIRouter(prefix="/admin", tags=["admin"]) @@ -63,7 +63,10 @@ async def create_initial_admin( # create an administrative user new_user = User.create(**admin_user.dict()) - new_user.set_capabilities([Capability.login, Capability.admin]) + new_user.set_capabilities([ + UserCapabilityType.login, + UserCapabilityType.admin, + ]) new_user.update() diff --git a/api/kiwi_vpn_api/routers/user.py b/api/kiwi_vpn_api/routers/user.py index abf8529..6815e23 100644 --- a/api/kiwi_vpn_api/routers/user.py +++ b/api/kiwi_vpn_api/routers/user.py @@ -7,7 +7,7 @@ from fastapi.security import OAuth2PasswordRequestForm from pydantic import BaseModel from ..config import Config -from ..db import Capability, User, UserCreate, UserRead +from ..db import UserCapabilityType, User, UserCreate, UserRead from ._common import Responses, get_current_user, get_current_user_if_admin router = APIRouter(prefix="/user", tags=["user"]) @@ -134,7 +134,7 @@ async def remove_user( ) async def extend_capabilities( user_name: str, - capabilities: list[Capability], + capabilities: list[UserCapabilityType], _: User = Depends(get_current_user_if_admin), ): """ @@ -162,7 +162,7 @@ async def extend_capabilities( ) async def remove_capabilities( user_name: str, - capabilities: list[Capability], + capabilities: list[UserCapabilityType], _: User = Depends(get_current_user_if_admin), ): """