Rename group to role

Author: mekanix

freenit/api/__init__.py

@@ -1,5 +1,5 @@
 import freenit.api.auth
-import freenit.api.group
+import freenit.api.role
 import freenit.api.user
 
 from .router import api

freenit/api/auth.py

@@ -6,7 +6,8 @@
 from freenit.api.router import api
 from freenit.auth import authorize, decode, encode, encrypt
 from freenit.config import getConfig
-from freenit.models.user import User, UserSafe
+from freenit.models.safe import UserSafe
+from freenit.models.user import User
 
 config = getConfig()
 

freenit/api/group.py

@@ -0,0 +1,80 @@
+from typing import List, NewType
+
+import ormar
+import ormar.exceptions
+from fastapi import Depends, HTTPException
+
+from freenit.api.router import route
+from freenit.decorators import description
+from freenit.models.role import Role, RoleOptional
+from freenit.models.safe import RoleSafe, UserSafe
+from freenit.models.user import User
+from freenit.permissions import role_perms
+
+tags = ["role"]
+
+
+@route("/roles", tags=tags)
+class RoleListAPI:
+    @staticmethod
+    @description("Get roles")
+    async def get(_: User = Depends(role_perms)) -> List[RoleSafe]:
+        return await Role.objects.select_all().exclude_fields(["password"]).all()
+
+    @staticmethod
+    async def post(role: Role, _: User = Depends(role_perms)) -> RoleSafe:
+        await role.save()
+        return role
+
+
+@route("/roles/{id}", tags=tags)
+class RoleDetailAPI:
+    @staticmethod
+    async def get(id: int, _: User = Depends(role_perms)) -> RoleSafe:
+        try:
+            role = await Role.objects.select_all().get(pk=id)
+        except ormar.exceptions.NoMatch:
+            raise HTTPException(status_code=404, detail="No such role")
+        return role
+
+    @staticmethod
+    async def patch(
+        id: int, role_data: RoleOptional, _: User = Depends(role_perms)
+    ) -> RoleSafe:
+        try:
+            role = await Role.objects.select_all().get(pk=id)
+        except ormar.exceptions.NoMatch:
+            raise HTTPException(status_code=404, detail="No such role")
+        await role.patch(role_data)
+        return role
+
+    @staticmethod
+    async def delete(id: int, _: User = Depends(role_perms)) -> RoleSafe:
+        try:
+            role = await Role.objects.select_all().get(pk=id)
+        except ormar.exceptions.NoMatch:
+            raise HTTPException(status_code=404, detail="No such role")
+        await role.delete()
+        return role
+
+
+@route("/roles/{role_id}/{user_id}", tags=tags)
+class RoleUserAPI:
+    @staticmethod
+    @description("Assign user to role")
+    async def post(
+        role_id: int, user_id: int, _: User = Depends(role_perms)
+    ) -> UserSafe:
+        try:
+            user = await User.objects.select_all().get(pk=user_id)
+        except ormar.exceptions.NoMatch:
+            raise HTTPException(status_code=404, detail="No such user")
+        for role in user.roles:
+            if role.id == role_id:
+                raise HTTPException(status_code=409, detail="User already assigned")
+        try:
+            role = await Role.objects.get(pk=role_id)
+        except ormar.exceptions.NoMatch:
+            raise HTTPException(status_code=404, detail="No such role")
+        await user.roles.add(role)
+        return user

freenit/api/role.py

@@ -7,32 +7,35 @@
 from freenit.api.router import route
 from freenit.auth import encrypt
 from freenit.decorators import description
-from freenit.models.user import User, UserOptional, UserSafe
+from freenit.models.safe import UserSafe
+from freenit.models.user import User, UserOptional
 from freenit.permissions import profile_perms, user_perms
 
+tags = ["user"]
 
-@route("/users", tags=["user"])
+
+@route("/users", tags=tags)
 class UserListAPI:
     @staticmethod
     @description("Get users")
     async def get(_: User = Depends(user_perms)) -> List[UserSafe]:
-        return await User.objects.all()
+        return await User.objects.select_all().all()
 
 
-@route("/users/{id}", tags=["user"])
+@route("/users/{id}", tags=tags)
 class UserDetailAPI:
     @staticmethod
     async def get(id: int, _: User = Depends(user_perms)) -> UserSafe:
         try:
-            user = await User.objects.get(pk=id)
+            user = await User.objects.select_all().get(pk=id)
         except ormar.exceptions.NoMatch:
             raise HTTPException(status_code=404, detail="No such user")
         return user
 
     @staticmethod
     async def delete(id: int, _: User = Depends(user_perms)) -> UserSafe:
         try:
-            user = await User.objects.get(pk=id)
+            user = await User.objects.select_all().get(pk=id)
         except ormar.exceptions.NoMatch:
             raise HTTPException(status_code=404, detail="No such user")
         await user.delete()
@@ -42,16 +45,18 @@ async def delete(id: int, _: User = Depends(user_perms)) -> UserSafe:
 @route("/profile", tags=["profile"])
 class ProfileDetailAPI:
     @staticmethod
-    @description("Get my user")
+    @description("Get my profile")
     async def get(user: User = Depends(profile_perms)) -> UserSafe:
+        await user.load_all()
         return user
 
     @staticmethod
-    @description("Edit my user")
+    @description("Edit my profile")
     async def patch(
         data: UserOptional, user: User = Depends(profile_perms)
     ) -> UserSafe:
         if data.password:
             data.password = encrypt(data.password)
         await user.patch(data)
+        await user.load_all()
         return user

freenit/api/user.py

@@ -30,29 +30,32 @@ def encode(user):
     return jwt.encode(payload, config.secret, algorithm="HS256")
 
 
-async def authorize(request: Request, groups=[], allof=[], cookie="access"):
+async def authorize(request: Request, roles=[], allof=[], cookie="access"):
     token = request.cookies.get(cookie)
     if not token:
         raise HTTPException(status_code=403, detail="Unauthorized")
     user = await decode(token)
+    await user.load_all()
     if not user.active:
         raise HTTPException(status_code=403, detail="Permission denied")
     if user.admin:
         return user
-    if user.groupusers is None:
-        if len(groups) > 0 or len(allof) > 0:
+    if len(user.roles) == 0:
+        if len(roles) > 0 or len(allof) > 0:
             raise HTTPException(status_code=403, detail="Permission denied")
     else:
-        found = False
-        for groupuser in user.groupusers:
-            if groupuser.group.name in groups:
-                found = True
-                break
-        if not found:
-            raise HTTPException(status_code=403, detail="Permission denied")
-        for groupuser in user.groupusers:
-            if groupuser.group.name not in allof:
+        if len(roles) > 0:
+            found = False
+            for role in user.roles:
+                if role.name in roles:
+                    found = True
+                    break
+            if not found:
                 raise HTTPException(status_code=403, detail="Permission denied")
+        if len(allof) > 0:
+            for role in user.roles:
+                if role.name not in allof:
+                    raise HTTPException(status_code=403, detail="Permission denied")
     return user
 
 
@@ -66,9 +69,9 @@ def encrypt(password):
     return pbkdf2_sha256.hash(f"{config.secret}{password}")
 
 
-def permissions(groups=[], allof=[]):
+def permissions(roles=[], allof=[]):
     async def handler(request: Request):
-        user = await authorize(request, groups, allof)
+        user = await authorize(request, roles, allof)
         return user
 
     return handler

freenit/auth.py

@@ -19,7 +19,7 @@ def __init__(self, secure=True, expire=hour, refresh_expire=year):
 
 
 class BaseConfig:
-    name = "App Name"
+    name = "Freenit"
     version = "0.0.1"
     api_root = "/api/v1"
     hostname = socket.gethostname()
@@ -31,7 +31,7 @@ class BaseConfig:
     engine = None
     secret = "SECRET"
     user = "freenit.models.ormar.user"
-    group = "freenit.models.ormar.group"
+    role = "freenit.models.ormar.role"
     meta = None
     auth = Auth()
 
@@ -53,8 +53,8 @@ def __repr__(self):
     def get_user(self):
         return import_module(self.user)
 
-    def get_group(self):
-        return import_module(self.group)
+    def get_role(self):
+        return import_module(self.role)
 
     @classmethod
     def envname(cls):

freenit/base_config.py

@@ -24,6 +24,6 @@ class OrmarUserMixin:
     admin: bool = ormar.Boolean(default=False)
 
 
-class OrmarGroupMixin:
+class OrmarRoleMixin:
     id: int = ormar.Integer(primary_key=True)
     name: str = ormar.Text()

freenit/models/group.py

@@ -0,0 +1,15 @@
+from freenit.config import getConfig
+
+from ..metaclass import AllOptional
+from .base import OrmarBaseModel, OrmarRoleMixin
+
+config = getConfig()
+
+
+class Role(OrmarBaseModel, OrmarRoleMixin):
+    class Meta(config.meta):
+        pass
+
+
+class RoleOptional(Role, metaclass=AllOptional):
+    pass