User.is_admin property

This commit is contained in:
Jörn-Michael Miehe 2022-04-01 06:20:20 +00:00
parent 3b79efaa80
commit b291c20ed6
2 changed files with 18 additions and 10 deletions

View file

@ -143,8 +143,7 @@ class User(UserBase, table=True):
# password hash mismatch # password hash mismatch
return None return None
if not (user.has_tag(TagValue.login) if not (user.has_tag(TagValue.login) or user.is_admin):
or user.has_tag(TagValue.admin)):
# no login permission # no login permission
return None return None
@ -169,7 +168,8 @@ class User(UserBase, table=True):
db.delete(self) db.delete(self)
db.commit() db.commit()
def _get_tags(self) -> Iterable[TagValue]: @property
def __tags(self) -> Iterable[TagValue]:
""" """
Return the tags of this user. Return the tags of this user.
""" """
@ -184,7 +184,15 @@ class User(UserBase, table=True):
Check if this user has a tag. Check if this user has a tag.
""" """
return tag in self._get_tags() return tag in self.__tags
@property
def is_admin(self) -> bool:
"""
Shorthand for checking if this user has the `admin` tag.
"""
return TagValue.admin in self.__tags
def add_tags( def add_tags(
self, self,
@ -196,7 +204,7 @@ class User(UserBase, table=True):
self.tags = [ self.tags = [
tag._(self) tag._(self)
for tag in (set(self._get_tags()) | set(tags)) for tag in (set(self.__tags) | set(tags))
] ]
def remove_tags( def remove_tags(
@ -209,7 +217,7 @@ class User(UserBase, table=True):
self.tags = [ self.tags = [
tag._(self) tag._(self)
for tag in (set(self._get_tags()) - set(tags)) for tag in (set(self.__tags) - set(tags))
] ]
def can_edit( def can_edit(
@ -221,7 +229,7 @@ class User(UserBase, table=True):
""" """
# admin can "edit" everything # admin can "edit" everything
if self.has_tag(TagValue.admin): if self.is_admin:
return True return True
# user can "edit" itself # user can "edit" itself
@ -240,7 +248,7 @@ class User(UserBase, table=True):
""" """
# only admin can "admin" anything # only admin can "admin" anything
if not self.has_tag(TagValue.admin): if not self.is_admin:
return False return False
# admin canot "admin itself"! # admin canot "admin itself"!
@ -264,7 +272,7 @@ class User(UserBase, table=True):
return False return False
# admin can "create" everything # admin can "create" everything
if self.has_tag(TagValue.admin): if self.is_admin:
return True return True
# user can only create devices for itself # user can only create devices for itself

View file

@ -83,7 +83,7 @@ async def set_config(
""" """
# check permissions # check permissions
if not current_user.has_tag(TagValue.admin): if not current_user.is_admin:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
# update config file, reconnect to database # update config file, reconnect to database