rework User methods
This commit is contained in:
parent
03d3a86668
commit
9b5a98e0c0
6 changed files with 56 additions and 26 deletions
|
@ -2,6 +2,8 @@
|
||||||
Python representation of `tag` table.
|
Python representation of `tag` table.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
from enum import Enum
|
from enum import Enum
|
||||||
from typing import TYPE_CHECKING
|
from typing import TYPE_CHECKING
|
||||||
|
|
||||||
|
@ -24,6 +26,16 @@ class TagValue(Enum):
|
||||||
def __repr__(self) -> str:
|
def __repr__(self) -> str:
|
||||||
return self.value
|
return self.value
|
||||||
|
|
||||||
|
def _(self, user: User) -> Tag:
|
||||||
|
"""
|
||||||
|
Transform into a `Tag`.
|
||||||
|
"""
|
||||||
|
|
||||||
|
return Tag(
|
||||||
|
user=user,
|
||||||
|
tag_value=self.value,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class TagBase(SQLModel):
|
class TagBase(SQLModel):
|
||||||
"""
|
"""
|
||||||
|
@ -51,6 +63,6 @@ class Tag(TagBase, table=True):
|
||||||
|
|
||||||
user_name: str = Field(primary_key=True, foreign_key="user.name")
|
user_name: str = Field(primary_key=True, foreign_key="user.name")
|
||||||
|
|
||||||
user: "User" = Relationship(
|
user: User = Relationship(
|
||||||
back_populates="tags",
|
back_populates="tags",
|
||||||
)
|
)
|
||||||
|
|
|
@ -4,7 +4,7 @@ Python representation of `user` table.
|
||||||
|
|
||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
from typing import Any, Sequence
|
from typing import Any, Iterable, Sequence
|
||||||
|
|
||||||
from pydantic import root_validator
|
from pydantic import root_validator
|
||||||
from sqlalchemy.exc import IntegrityError
|
from sqlalchemy.exc import IntegrityError
|
||||||
|
@ -143,7 +143,7 @@ class User(UserBase, table=True):
|
||||||
# password hash mismatch
|
# password hash mismatch
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if TagValue.login in user.get_tags():
|
if user.has_tag(TagValue.login):
|
||||||
# no login permission
|
# no login permission
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@ -168,32 +168,50 @@ class User(UserBase, table=True):
|
||||||
db.delete(self)
|
db.delete(self)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
def get_tags(self) -> set[TagValue]:
|
def _get_tags(self) -> Iterable[TagValue]:
|
||||||
"""
|
"""
|
||||||
Return the tags of this user.
|
Return the tags of this user.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return set(
|
return (
|
||||||
tag._
|
tag._
|
||||||
for tag in self.tags
|
for tag in self.tags
|
||||||
)
|
)
|
||||||
|
|
||||||
def set_tags(
|
def has_tag(self, tag: TagValue) -> bool:
|
||||||
|
"""
|
||||||
|
Check if this user has a tag.
|
||||||
|
"""
|
||||||
|
|
||||||
|
return tag in self._get_tags
|
||||||
|
|
||||||
|
def add_tags(
|
||||||
self,
|
self,
|
||||||
tags: Sequence[TagValue],
|
tags: Sequence[TagValue],
|
||||||
) -> None:
|
) -> None:
|
||||||
"""
|
"""
|
||||||
Change the tags of this user.
|
Add tags to this user.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.tags = [
|
self.tags = [
|
||||||
Tag(
|
tag._(self)
|
||||||
user_name=self.name,
|
for tag in (set(self._get_tags()) | set(tags))
|
||||||
tag_value=tag.value,
|
|
||||||
) for tag in tags
|
|
||||||
]
|
]
|
||||||
|
|
||||||
def may_edit(
|
def remove_tags(
|
||||||
|
self,
|
||||||
|
tags: Sequence[TagValue],
|
||||||
|
) -> None:
|
||||||
|
"""
|
||||||
|
remove tags from this user.
|
||||||
|
"""
|
||||||
|
|
||||||
|
self.tags = [
|
||||||
|
tag._(self)
|
||||||
|
for tag in (set(self._get_tags()) - set(tags))
|
||||||
|
]
|
||||||
|
|
||||||
|
def can_edit(
|
||||||
self,
|
self,
|
||||||
target: User | Device,
|
target: User | Device,
|
||||||
) -> bool:
|
) -> bool:
|
||||||
|
@ -202,7 +220,7 @@ class User(UserBase, table=True):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# admin can "edit" everything
|
# admin can "edit" everything
|
||||||
if TagValue.admin in self.get_tags():
|
if self.has_tag(TagValue.admin):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# user can "edit" itself
|
# user can "edit" itself
|
||||||
|
@ -212,7 +230,7 @@ class User(UserBase, table=True):
|
||||||
# user can edit its owned devices
|
# user can edit its owned devices
|
||||||
return target.owner == self
|
return target.owner == self
|
||||||
|
|
||||||
def may_admin(
|
def can_admin(
|
||||||
self,
|
self,
|
||||||
target: User | Device,
|
target: User | Device,
|
||||||
) -> bool:
|
) -> bool:
|
||||||
|
@ -221,7 +239,7 @@ class User(UserBase, table=True):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# only admin can "admin" anything
|
# only admin can "admin" anything
|
||||||
if TagValue.admin not in self.get_tags():
|
if not self.has_tag(TagValue.admin):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# admin canot "admin itself"!
|
# admin canot "admin itself"!
|
||||||
|
@ -231,7 +249,7 @@ class User(UserBase, table=True):
|
||||||
# admin can "admin" everything else
|
# admin can "admin" everything else
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def may_create(
|
def can_create(
|
||||||
self,
|
self,
|
||||||
target: type,
|
target: type,
|
||||||
owner: User | None = None,
|
owner: User | None = None,
|
||||||
|
@ -245,7 +263,7 @@ class User(UserBase, table=True):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# admin can "create" everything
|
# admin can "create" everything
|
||||||
if TagValue.admin in self.get_tags():
|
if self.has_tag(TagValue.admin):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# user can only create devices for itself
|
# user can only create devices for itself
|
||||||
|
|
|
@ -88,7 +88,7 @@ async def get_current_user_if_admin(
|
||||||
Fail if the currently logged-in user is not an admin.
|
Fail if the currently logged-in user is not an admin.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if TagValue.admin not in current_user.get_tags():
|
if current_user.has_tag(TagValue.admin):
|
||||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
||||||
|
|
||||||
return current_user
|
return current_user
|
||||||
|
|
|
@ -64,7 +64,7 @@ async def create_initial_admin(
|
||||||
|
|
||||||
# create an administrative user
|
# create an administrative user
|
||||||
new_user = User.create(user=admin_user)
|
new_user = User.create(user=admin_user)
|
||||||
new_user.set_tags([TagValue.admin])
|
new_user.add_tags([TagValue.admin])
|
||||||
new_user.update()
|
new_user.update()
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ async def add_device(
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# check permission
|
# check permission
|
||||||
if not current_user.may_create(Device, owner):
|
if not current_user.can_create(Device, owner):
|
||||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
||||||
|
|
||||||
# create the new device
|
# create the new device
|
||||||
|
@ -70,7 +70,7 @@ async def remove_device(
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# check permission
|
# check permission
|
||||||
if not current_user.may_edit(device):
|
if not current_user.can_edit(device):
|
||||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
||||||
|
|
||||||
# delete device
|
# delete device
|
||||||
|
|
|
@ -8,8 +8,8 @@ from pydantic import BaseModel
|
||||||
|
|
||||||
from ..config import Config
|
from ..config import Config
|
||||||
from ..db import TagValue, User, UserCreate, UserRead
|
from ..db import TagValue, User, UserCreate, UserRead
|
||||||
from ._common import (Responses, get_current_user_if_admin,
|
from ._common import (Responses, get_current_user, get_current_user_if_admin,
|
||||||
get_current_user, get_user_by_name)
|
get_user_by_name)
|
||||||
|
|
||||||
router = APIRouter(prefix="/user", tags=["user"])
|
router = APIRouter(prefix="/user", tags=["user"])
|
||||||
|
|
||||||
|
@ -90,7 +90,7 @@ async def add_user(
|
||||||
if new_user is None:
|
if new_user is None:
|
||||||
raise HTTPException(status_code=status.HTTP_409_CONFLICT)
|
raise HTTPException(status_code=status.HTTP_409_CONFLICT)
|
||||||
|
|
||||||
new_user.set_tags([TagValue.login])
|
new_user.add_tags([TagValue.login])
|
||||||
new_user.update()
|
new_user.update()
|
||||||
|
|
||||||
# return the created user on success
|
# return the created user on success
|
||||||
|
@ -143,7 +143,7 @@ async def extend_tags(
|
||||||
POST ./{user_name}/tags: Add tags to a user.
|
POST ./{user_name}/tags: Add tags to a user.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
user.set_tags(user.get_tags() | set(tags))
|
user.add_tags(tags)
|
||||||
|
|
||||||
user.update()
|
user.update()
|
||||||
|
|
||||||
|
@ -166,6 +166,6 @@ async def remove_tags(
|
||||||
DELETE ./{user_name}/tags: Remove tags from a user.
|
DELETE ./{user_name}/tags: Remove tags from a user.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
user.set_tags(user.get_tags() - set(tags))
|
user.remove_tags(tags)
|
||||||
|
|
||||||
user.update()
|
user.update()
|
||||||
|
|
Loading…
Reference in a new issue