sio-2425/delivery2/server/services/sessions.py

import secrets

from sqlalchemy.orm.attributes import flag_modified

from database import db
from models import Session, User, Organization
from flask import jsonify

from utils import Perm


class SessionService:
    @staticmethod
    def create_session(user: User, org: Organization) -> Session:
        session = Session(
            user_id=user.id,
            org_id=org.id,
            token=secrets.token_hex(128),
            roles=[]
        )
        db.add(session)
        db.commit()
        db.refresh(session)
        return session

    @staticmethod
    def get_session(token: str) -> Session | None:
        return db.query(Session).filter(Session.token == token).first()

    @staticmethod
    def delete_session(session: Session) -> None:
        db.delete(session)
        db.commit()

    @staticmethod
    def validate_session(token: str, required_perms: list[Perm] = None) -> tuple | Session:
        from services import OrganizationService

        if "Bearer" in token:
            token = token.split(" ")[1]

        session = SessionService.get_session(token)
        if not session:
            return jsonify({"error": "Not authenticated"}), 401

        org = OrganizationService.get_organization(session.org_id)
        if not org:
            return jsonify({"error": "Organization not found"}), 404

        status = OrganizationService.get_user_status(org, session.user_id)
        if status != "active":
            return jsonify({"error": "User is not active"}), 403

        if required_perms:
            for perm in required_perms:
                if not SessionService.check_permission(session, perm):
                    return jsonify({"error": f"Permission denied, missing required permission: {perm}"}), 403

        return session

    @staticmethod
    def assume_role(session: Session, role: str) -> bool:
        from services import OrganizationService

        org = OrganizationService.get_organization(session.org_id)
        if not org:
            return False

        user = User.query.get(session.user_id)
        if not user:
            return False

        if role not in user.roles[org.id]:
            return False

        if role in session.roles:
            return False

        session.roles.append(role)
        flag_modified(session, "roles")
        db.commit()
        db.refresh(session)
        return True

    @staticmethod
    def drop_role(session: Session, role: str) -> bool:
        from services import OrganizationService

        org = OrganizationService.get_organization(session.org_id)
        if not org:
            return False

        user = User.query.get(session.user_id)
        if not user:
            return False

        if role not in user.roles[org.id]:
            return False

        if role not in session.roles:
            return False

        session.roles.remove(role)
        flag_modified(session, "roles")
        db.commit()
        db.refresh(session)
        return True

    @staticmethod
    def list_roles(session: Session) -> list:
        return session.roles

    @staticmethod
    def check_permission(session: Session, perm: Perm) -> bool:
        from services import OrganizationService, RoleService

        org = OrganizationService.get_organization(session.org_id)
        if not org:
            return False

        user = User.query.get(session.user_id)
        if not user:
            return False

        for role in session.roles:
            if RoleService.check_role_permission(org, role, perm):
                return True

        return False
Init delivery2 Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-11 16:18:12 +00:00			`import secrets`
Roles/perms services implemented Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-14 17:54:01 +00:00
			`from sqlalchemy.orm.attributes import flag_modified`

Init delivery2 Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-11 16:18:12 +00:00			`from database import db`
			`from models import Session, User, Organization`
			`from flask import jsonify`

Roles/perms services implemented Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-14 17:54:01 +00:00			`from utils import Perm`

Init delivery2 Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-11 16:18:12 +00:00
			`class SessionService:`
			`@staticmethod`
			`def create_session(user: User, org: Organization) -> Session:`
			`session = Session(`
			`user_id=user.id,`
			`org_id=org.id,`
Roles/perms services implemented Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-14 17:54:01 +00:00			`token=secrets.token_hex(128),`
			`roles=[]`
Init delivery2 Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-11 16:18:12 +00:00			`)`
			`db.add(session)`
			`db.commit()`
			`db.refresh(session)`
			`return session`

			`@staticmethod`
			`def get_session(token: str) -> Session \| None:`
			`return db.query(Session).filter(Session.token == token).first()`

			`@staticmethod`
			`def delete_session(session: Session) -> None:`
			`db.delete(session)`
			`db.commit()`

			`@staticmethod`
Permission check for already implemented functions Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-15 02:20:26 +00:00			`def validate_session(token: str, required_perms: list[Perm] = None) -> tuple \| Session:`
Init delivery2 Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-11 16:18:12 +00:00			`from services import OrganizationService`

			`if "Bearer" in token:`
			`token = token.split(" ")[1]`

			`session = SessionService.get_session(token)`
			`if not session:`
			`return jsonify({"error": "Not authenticated"}), 401`

			`org = OrganizationService.get_organization(session.org_id)`
			`if not org:`
			`return jsonify({"error": "Organization not found"}), 404`

			`status = OrganizationService.get_user_status(org, session.user_id)`
			`if status != "active":`
			`return jsonify({"error": "User is not active"}), 403`

Permission check for already implemented functions Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-15 02:20:26 +00:00			`if required_perms:`
			`for perm in required_perms:`
			`if not SessionService.check_permission(session, perm):`
			`return jsonify({"error": f"Permission denied, missing required permission: {perm}"}), 403`

Init delivery2 Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-11 16:18:12 +00:00			`return session`
Roles/perms services implemented Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-12-14 17:54:01 +00:00
			`@staticmethod`
			`def assume_role(session: Session, role: str) -> bool:`
			`from services import OrganizationService`

			`org = OrganizationService.get_organization(session.org_id)`
			`if not org:`
			`return False`

			`user = User.query.get(session.user_id)`
			`if not user:`
			`return False`

			`if role not in user.roles[org.id]:`
			`return False`

			`if role in session.roles:`
			`return False`

			`session.roles.append(role)`
			`flag_modified(session, "roles")`
			`db.commit()`
			`db.refresh(session)`
			`return True`

			`@staticmethod`
			`def drop_role(session: Session, role: str) -> bool:`
			`from services import OrganizationService`

			`org = OrganizationService.get_organization(session.org_id)`
			`if not org:`
			`return False`

			`user = User.query.get(session.user_id)`
			`if not user:`
			`return False`

			`if role not in user.roles[org.id]:`
			`return False`

			`if role not in session.roles:`
			`return False`

			`session.roles.remove(role)`
			`flag_modified(session, "roles")`
			`db.commit()`
			`db.refresh(session)`
			`return True`

			`@staticmethod`
			`def list_roles(session: Session) -> list:`
			`return session.roles`

			`@staticmethod`
			`def check_permission(session: Session, perm: Perm) -> bool:`
			`from services import OrganizationService, RoleService`

			`org = OrganizationService.get_organization(session.org_id)`
			`if not org:`
			`return False`

			`user = User.query.get(session.user_id)`
			`if not user:`
			`return False`

			`for role in session.roles:`
			`if RoleService.check_role_permission(org, role, perm):`
			`return True`

			`return False`