diff --git a/api/kiwi_vpn_api/db/user.py b/api/kiwi_vpn_api/db/user.py index 40ec9b2..f619b52 100644 --- a/api/kiwi_vpn_api/db/user.py +++ b/api/kiwi_vpn_api/db/user.py @@ -143,8 +143,7 @@ class User(UserBase, table=True): # password hash mismatch return None - if not (user.has_tag(TagValue.login) - or user.has_tag(TagValue.admin)): + if not (user.has_tag(TagValue.login) or user.is_admin): # no login permission return None @@ -169,7 +168,8 @@ class User(UserBase, table=True): db.delete(self) db.commit() - def _get_tags(self) -> Iterable[TagValue]: + @property + def __tags(self) -> Iterable[TagValue]: """ Return the tags of this user. """ @@ -184,7 +184,15 @@ class User(UserBase, table=True): Check if this user has a tag. """ - return tag in self._get_tags() + return tag in self.__tags + + @property + def is_admin(self) -> bool: + """ + Shorthand for checking if this user has the `admin` tag. + """ + + return TagValue.admin in self.__tags def add_tags( self, @@ -196,7 +204,7 @@ class User(UserBase, table=True): self.tags = [ tag._(self) - for tag in (set(self._get_tags()) | set(tags)) + for tag in (set(self.__tags) | set(tags)) ] def remove_tags( @@ -209,7 +217,7 @@ class User(UserBase, table=True): self.tags = [ tag._(self) - for tag in (set(self._get_tags()) - set(tags)) + for tag in (set(self.__tags) - set(tags)) ] def can_edit( @@ -221,7 +229,7 @@ class User(UserBase, table=True): """ # admin can "edit" everything - if self.has_tag(TagValue.admin): + if self.is_admin: return True # user can "edit" itself @@ -240,7 +248,7 @@ class User(UserBase, table=True): """ # only admin can "admin" anything - if not self.has_tag(TagValue.admin): + if not self.is_admin: return False # admin canot "admin itself"! @@ -264,7 +272,7 @@ class User(UserBase, table=True): return False # admin can "create" everything - if self.has_tag(TagValue.admin): + if self.is_admin: return True # user can only create devices for itself diff --git a/api/kiwi_vpn_api/routers/admin.py b/api/kiwi_vpn_api/routers/admin.py index 826a602..5463d23 100644 --- a/api/kiwi_vpn_api/routers/admin.py +++ b/api/kiwi_vpn_api/routers/admin.py @@ -83,7 +83,7 @@ async def set_config( """ # check permissions - if not current_user.has_tag(TagValue.admin): + if not current_user.is_admin: raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) # update config file, reconnect to database