User.is_admin property

2022-04-01 06:20:20 +00:00 · 2022-04-01 06:20:20 +00:00 · b291c20ed6
commit b291c20ed6
parent 3b79efaa80
2 changed files with 18 additions and 10 deletions
--- a/api/kiwi_vpn_api/db/user.py
+++ b/api/kiwi_vpn_api/db/user.py
@ -143,8 +143,7 @@ class User(UserBase, table=True):
            # password hash mismatch
            return None

-        if not (user.has_tag(TagValue.login)
-                or user.has_tag(TagValue.admin)):
+        if not (user.has_tag(TagValue.login) or user.is_admin):
            # no login permission
            return None

@ -169,7 +168,8 @@ class User(UserBase, table=True):
            db.delete(self)
            db.commit()

-    def _get_tags(self) -> Iterable[TagValue]:
+    @property
+    def __tags(self) -> Iterable[TagValue]:
        """
        Return the tags of this user.
        """
@ -184,7 +184,15 @@ class User(UserBase, table=True):
        Check if this user has a tag.
        """

-        return tag in self._get_tags()
+        return tag in self.__tags
+
+    @property
+    def is_admin(self) -> bool:
+        """
+        Shorthand for checking if this user has the `admin` tag.
+        """
+
+        return TagValue.admin in self.__tags

    def add_tags(
        self,
@ -196,7 +204,7 @@ class User(UserBase, table=True):

        self.tags = [
            tag._(self)
-            for tag in (set(self._get_tags()) | set(tags))
+            for tag in (set(self.__tags) | set(tags))
        ]

    def remove_tags(
@ -209,7 +217,7 @@ class User(UserBase, table=True):

        self.tags = [
            tag._(self)
-            for tag in (set(self._get_tags()) - set(tags))
+            for tag in (set(self.__tags) - set(tags))
        ]

    def can_edit(
@ -221,7 +229,7 @@ class User(UserBase, table=True):
        """

        # admin can "edit" everything
-        if self.has_tag(TagValue.admin):
+        if self.is_admin:
            return True

        # user can "edit" itself
@ -240,7 +248,7 @@ class User(UserBase, table=True):
        """

        # only admin can "admin" anything
-        if not self.has_tag(TagValue.admin):
+        if not self.is_admin:
            return False

        # admin canot "admin itself"!
@ -264,7 +272,7 @@ class User(UserBase, table=True):
            return False

        # admin can "create" everything
-        if self.has_tag(TagValue.admin):
+        if self.is_admin:
            return True

        # user can only create devices for itself
--- a/api/kiwi_vpn_api/routers/admin.py
+++ b/api/kiwi_vpn_api/routers/admin.py
@ -83,7 +83,7 @@ async def set_config(
    """

    # check permissions
-    if not current_user.has_tag(TagValue.admin):
+    if not current_user.is_admin:
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    # update config file, reconnect to database