tobias/lrc-backend
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added permission checks to user and recorder API

Browse Source
This commit is contained in:
Tobias Kurze
2020-08-06 15:23:14 +02:00
parent 82b3e78488
commit 437cec38e0
6 changed files with 59 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/api/recorder_api.py
View File

@@ -9,9 +9,10 @@ from pprint import pprint
from flask_jwt_extended import jwt_required
from flask_restx import fields, Resource, inputs
from backend import db, app, LrcException
from backend import db, app, LrcException, Config
from backend.api import api_recorder
from backend.api.models import recorder_model, recorder_model_model, recorder_command_model
from backend.auth.utils import requires_permission_level
from backend.models.recorder_model import Recorder, RecorderModel, RecorderCommand
from backend.models.room_model import Room
import backend.recorder_adapters as r_a
@@ -25,6 +26,7 @@ logger = logging.getLogger("lrc.api.recorder")
@api_recorder.param('id', 'The recorder identifier')
class RecorderResource(Resource):
@jwt_required
@requires_permission_level(Config.Permissions.RECODER_SHOW)
@api_recorder.doc('get_recorder')
@api_recorder.marshal_with(recorder_model, skip_none=False)
def get(self, id):
@@ -35,6 +37,7 @@ class RecorderResource(Resource):
api_recorder.abort(404)
@jwt_required
@requires_permission_level(Config.Permissions.RECORDER_DELETE)
@api_recorder.doc('delete_todo')
@api_recorder.response(204, 'Todo deleted')
def delete(self, id):
@@ -65,6 +68,7 @@ class RecorderResource(Resource):
required=False, store_missing=False)
@jwt_required
@requires_permission_level(Config.Permissions.RECORDER_EDIT)
@api_recorder.doc('update_recorder')
@api_recorder.expect(recorder_model)
def put(self, id):
@@ -85,6 +89,7 @@ class RecorderResource(Resource):
@api_recorder.route('')
class RecorderList(Resource):
@jwt_required
@requires_permission_level(Config.Permissions.RECORDERS_LIST)
@api_recorder.doc('recorders')
@api_recorder.marshal_list_with(recorder_model, skip_none=False)
def get(self):
@@ -95,6 +100,7 @@ class RecorderList(Resource):
return Recorder.get_all()
@jwt_required
@requires_permission_level(Config.Permissions.RECODER_NEW)
@api_recorder.doc('create_recorder')
@api_recorder.expect(recorder_model)
@api_recorder.marshal_with(recorder_model, skip_none=False, code=201)
@@ -161,6 +167,7 @@ class RecorderModelResource(Resource):
@api_recorder.route('/model')
class RecorderModelList(Resource):
@jwt_required
@requires_permission_level(Config.Permissions.RECODER_MODELS_LIST)
@api_recorder.doc('recorders')
@api_recorder.marshal_list_with(recorder_model_model)
def get(self):
@@ -172,6 +179,7 @@ class RecorderModelList(Resource):
@api_recorder.param('id', 'The recorder command identifier')
class RecorderCommandResource(Resource):
@jwt_required
@requires_permission_level(Config.Permissions.RECORDER_COMMAND_SHOW)
@api_recorder.doc('get_recorder_command')
@api_recorder.marshal_with(recorder_command_model)
def get(self, id):
@@ -186,6 +194,7 @@ class RecorderCommandResource(Resource):
recorder_command_model_parser.add_argument('alternative_name', type=str, required=False)
@jwt_required
@requires_permission_level(Config.Permissions.RECORDER_COMMAND_EDIT)
@api_recorder.doc('update_recorder_command')
@api_recorder.expect(recorder_command_model_parser)
@api_recorder.marshal_with(recorder_command_model)
@@ -201,6 +210,7 @@ class RecorderCommandResource(Resource):
@api_recorder.route('/command')
class RecorderCommandList(Resource):
@jwt_required
@requires_permission_level(Config.Permissions.RECORDER_COMMANDS_LIST)
@api_recorder.doc('recorder_commands')
@api_recorder.marshal_list_with(recorder_command_model)
def get(self):