User.is_admin property
This commit is contained in:
parent
3b79efaa80
commit
b291c20ed6
2 changed files with 18 additions and 10 deletions
|
@ -143,8 +143,7 @@ class User(UserBase, table=True):
|
||||||
# password hash mismatch
|
# password hash mismatch
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if not (user.has_tag(TagValue.login)
|
if not (user.has_tag(TagValue.login) or user.is_admin):
|
||||||
or user.has_tag(TagValue.admin)):
|
|
||||||
# no login permission
|
# no login permission
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@ -169,7 +168,8 @@ class User(UserBase, table=True):
|
||||||
db.delete(self)
|
db.delete(self)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
def _get_tags(self) -> Iterable[TagValue]:
|
@property
|
||||||
|
def __tags(self) -> Iterable[TagValue]:
|
||||||
"""
|
"""
|
||||||
Return the tags of this user.
|
Return the tags of this user.
|
||||||
"""
|
"""
|
||||||
|
@ -184,7 +184,15 @@ class User(UserBase, table=True):
|
||||||
Check if this user has a tag.
|
Check if this user has a tag.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return tag in self._get_tags()
|
return tag in self.__tags
|
||||||
|
|
||||||
|
@property
|
||||||
|
def is_admin(self) -> bool:
|
||||||
|
"""
|
||||||
|
Shorthand for checking if this user has the `admin` tag.
|
||||||
|
"""
|
||||||
|
|
||||||
|
return TagValue.admin in self.__tags
|
||||||
|
|
||||||
def add_tags(
|
def add_tags(
|
||||||
self,
|
self,
|
||||||
|
@ -196,7 +204,7 @@ class User(UserBase, table=True):
|
||||||
|
|
||||||
self.tags = [
|
self.tags = [
|
||||||
tag._(self)
|
tag._(self)
|
||||||
for tag in (set(self._get_tags()) | set(tags))
|
for tag in (set(self.__tags) | set(tags))
|
||||||
]
|
]
|
||||||
|
|
||||||
def remove_tags(
|
def remove_tags(
|
||||||
|
@ -209,7 +217,7 @@ class User(UserBase, table=True):
|
||||||
|
|
||||||
self.tags = [
|
self.tags = [
|
||||||
tag._(self)
|
tag._(self)
|
||||||
for tag in (set(self._get_tags()) - set(tags))
|
for tag in (set(self.__tags) - set(tags))
|
||||||
]
|
]
|
||||||
|
|
||||||
def can_edit(
|
def can_edit(
|
||||||
|
@ -221,7 +229,7 @@ class User(UserBase, table=True):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# admin can "edit" everything
|
# admin can "edit" everything
|
||||||
if self.has_tag(TagValue.admin):
|
if self.is_admin:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# user can "edit" itself
|
# user can "edit" itself
|
||||||
|
@ -240,7 +248,7 @@ class User(UserBase, table=True):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# only admin can "admin" anything
|
# only admin can "admin" anything
|
||||||
if not self.has_tag(TagValue.admin):
|
if not self.is_admin:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# admin canot "admin itself"!
|
# admin canot "admin itself"!
|
||||||
|
@ -264,7 +272,7 @@ class User(UserBase, table=True):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# admin can "create" everything
|
# admin can "create" everything
|
||||||
if self.has_tag(TagValue.admin):
|
if self.is_admin:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# user can only create devices for itself
|
# user can only create devices for itself
|
||||||
|
|
|
@ -83,7 +83,7 @@ async def set_config(
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# check permissions
|
# check permissions
|
||||||
if not current_user.has_tag(TagValue.admin):
|
if not current_user.is_admin:
|
||||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
||||||
|
|
||||||
# update config file, reconnect to database
|
# update config file, reconnect to database
|
||||||
|
|
Loading…
Reference in a new issue