TiagoRG
/
sio-2425
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sio-2425/delivery2/server/services/roles.py

199 lines
7.0 KiB
Python
Raw Blame History

from flask import jsonify
from database import db
from models import Organization, User, File
from sqlalchemy.orm.attributes import flag_modified
from utils import Perm, PermOperation
class RoleService:
@staticmethod
def create_role(org: Organization, role: str, perms: list[Perm]) -> dict | tuple:
if role in org.roles:
return jsonify({"error": f"Role {role} already exists in organization {org.name}"}), 400
roles = org.roles.copy()
roles[role] = {
"permissions": Perm.get_int(perms),
"users": [],
"status": "active"
}
org.roles = roles
flag_modified(org, "roles")
db.commit()
db.refresh(org)
return org.roles[role]
@staticmethod
def delete_role(org: Organization, role: str) -> dict:
roles = org.roles.copy()
del roles[role]
org.roles = roles
flag_modified(org, "roles")
db.commit()
db.refresh(org)
return roles
@staticmethod
def change_role_status(org: Organization, role: str, status: str) -> Organization | tuple:
if role not in org.roles:
return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 400
if org.roles[role]["status"] == status:
return jsonify({"error": f"Role {role} is already {status} in organization {org.name}"}), 400
roles = org.roles.copy()
roles[role]["status"] = status
org.roles = roles
flag_modified(org, "roles")
db.commit()
db.refresh(org)
return org
@staticmethod
def get_role(org: Organization, role: str) -> dict | None:
if role not in org.roles:
return None
return org.roles[role]
@staticmethod
def check_role_permission(org: Organization, role: str, perm: Perm, doc_handle=None) -> bool | tuple:
from services import FileService
if doc_handle:
file = FileService.get_file_by_document_handle(doc_handle)
if not file:
return jsonify({"error": "File not found"}), 404
if not Perm.check_perm(file.acl[role], perm.value):
return False
return True
if role not in org.roles:
return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 400
role_perms = org.roles[role]["permissions"]
return Perm.check_perm(role_perms, perm.value)
@staticmethod
def check_user_permission(user: User, org: Organization, perm: Perm) -> bool:
for role in user.roles[org.id]:
if RoleService.check_role_permission(org, role, perm):
return True
return False
@staticmethod
def get_roles(org: Organization) -> dict:
return org.roles
@staticmethod
def get_users_in_role(org: Organization, role: str) -> list | tuple:
if role not in org.roles:
return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 400
return org.roles[role]["users"]
@staticmethod
def get_roles_for_user(user: User, org: Organization) -> list:
return [role for role in org.roles if user.id in org.roles[role]["users"]]
@staticmethod
def get_perms_for_role(org: Organization, role: str, return_str=False) -> list[Perm | str]:
return Perm.get_perms(org.roles[role]["permissions"], return_str)
@staticmethod
def get_roles_for_perm(org: Organization, perm: Perm) -> list:
roles = []
for role in org.roles:
if RoleService.check_role_permission(org, role, perm):
roles.append(role)
return roles
@staticmethod
def add_user_to_role(role: str, org: Organization, user: User) -> User | tuple:
if role not in org.roles:
return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 400
if user.id in org.roles[role]["users"]:
return jsonify({"error": f"User {user.username} already has role {role} in organization {org.name}"}), 400
if org.roles[role]["status"] != "active":
return jsonify({"error": f"Role {role} is not active in organization {org.name}"}), 400
roles = user.roles.copy()
roles[org.id] = role
user.roles = roles
flag_modified(user, "roles")
db.commit()
db.refresh(user)
roles = org.roles.copy()
roles[role]["users"].append(user.id)
org.roles = roles
flag_modified(org, "roles")
db.commit()
db.refresh(org)
return user
@staticmethod
def remove_user_from_role(role: str, org: Organization, user: User) -> User | tuple:
if role not in org.roles:
return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 400
if user.id not in org.roles[role]["users"]:
return jsonify({"error": f"User {user.username} does not have role {role} in organization {org.name}"}), 400
if org.roles[role]["status"] != "active":
return jsonify({"error": f"Role {role} is not active in organization {org.name}"}), 400
roles = user.roles.copy()
roles.pop(org.id)
user.roles = roles
flag_modified(user, "roles")
db.commit()
db.refresh(user)
roles = org.roles.copy()
roles[role]["users"].remove(user.id)
org.roles = roles
flag_modified(org, "roles")
db.commit()
db.refresh(org)
return user
@staticmethod
def change_perm_on_role(org: Organization, role: str, perm: Perm, operation: PermOperation) -> dict | tuple:
if Perm.get_int([perm]) <= 0b111:
return jsonify({"error": f"Permission {perm} is not allowed for organization's roles"}), 400
if role not in org.roles:
return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 400
if org.roles[role]["status"] != "active":
return jsonify({"error": f"Role {role} is not active in organization {org.name}"}), 400
roles = org.roles.copy()
roles[role]["permissions"] = PermOperation.calc(roles[role]["permissions"], perm, operation)
org.roles = roles
flag_modified(org, "roles")
db.commit()
db.refresh(org)
return org.roles[role]
@staticmethod
def change_perm_on_role_in_file(file: File, role: str, perm: Perm, operation: PermOperation) -> dict | tuple:
if Perm.get_int([perm]) > 0b111:
return jsonify({"error": f"Permission {perm} is not allowed for files' roles"}), 400
if role not in file.acl:
file.acl[role] = 0
if file.acl[role] & perm.value != 0:
return jsonify({"error": f"Role {role} already has permission {perm} in file {file.document_handle}"}), 400
file.acl[role] = PermOperation.calc(file.acl[role], perm, operation)
flag_modified(file, "acl")
db.commit()
db.refresh(file)
return file.acl
Reference in New Issue View Git Blame Copy Permalink