added access control model and more stuff around access mgmt
This commit is contained in:
@@ -8,6 +8,7 @@ from sqlalchemy.orm import relation
|
||||
from sqlalchemy import MetaData
|
||||
|
||||
from backend import db, app, login_manager
|
||||
from backend.config import Config
|
||||
from backend.models.post_model import Post
|
||||
from backend.models.example_model import ExampleDataItem
|
||||
import re
|
||||
@@ -18,7 +19,6 @@ from datetime import datetime, timedelta
|
||||
from passlib.hash import sha256_crypt
|
||||
from hashlib import md5
|
||||
|
||||
|
||||
metadata = MetaData()
|
||||
|
||||
followers = db.Table('followers',
|
||||
@@ -34,31 +34,30 @@ acquaintances = db.Table('acquaintances',
|
||||
# This is the association table for the many-to-many relationship between
|
||||
# groups and members - this is, the memberships.
|
||||
user_group_table = db.Table('user_group',
|
||||
db.Column('user_id', db.Integer,
|
||||
db.ForeignKey('user.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True),
|
||||
db.Column('group_id', db.Integer,
|
||||
db.ForeignKey('group.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True))
|
||||
|
||||
db.Column('user_id', db.Integer,
|
||||
db.ForeignKey('user.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True),
|
||||
db.Column('group_id', db.Integer,
|
||||
db.ForeignKey('group.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True))
|
||||
|
||||
# This is the association table for the many-to-many relationship between
|
||||
# groups and permissions.
|
||||
group_permission_table = db.Table('group_permission',
|
||||
db.Column('group_id', db.Integer,
|
||||
db.ForeignKey('group.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True),
|
||||
db.Column('permission_id', db.Integer,
|
||||
db.ForeignKey('permission.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True))
|
||||
db.Column('group_id', db.Integer,
|
||||
db.ForeignKey('group.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True),
|
||||
db.Column('permission_id', db.Integer,
|
||||
db.ForeignKey('permission.id',
|
||||
onupdate="CASCADE",
|
||||
ondelete="CASCADE"),
|
||||
primary_key=True))
|
||||
|
||||
|
||||
class User(UserMixin, db.Model):
|
||||
@@ -213,6 +212,16 @@ class User(UserMixin, db.Model):
|
||||
# TODO: implement correctly
|
||||
return True
|
||||
|
||||
@property
|
||||
def effective_permissions(self):
|
||||
permissions = Config.ROLE_PERMISSION_MAPPINGS.get(self.role, [])
|
||||
for g in self.groups:
|
||||
print(g)
|
||||
for p in g.permissions:
|
||||
print(p)
|
||||
permissions.append(p)
|
||||
return permissions
|
||||
|
||||
@staticmethod
|
||||
def decode_auth_token(auth_token):
|
||||
"""
|
||||
@@ -370,7 +379,7 @@ class User(UserMixin, db.Model):
|
||||
followers.c.follower_id == self.id).order_by(Post.timestamp.desc())
|
||||
|
||||
def to_dict(self):
|
||||
#return self.__dict__
|
||||
# return self.__dict__
|
||||
return dict(id=self.id, email=self.email, groups=[g.to_dict() for g in self.groups])
|
||||
|
||||
def toJSON(self):
|
||||
@@ -426,7 +435,6 @@ class Group(db.Model):
|
||||
def __init__(self, **kwargs):
|
||||
super(Group, self).__init__(**kwargs)
|
||||
|
||||
|
||||
@staticmethod
|
||||
def get_by_name(name):
|
||||
"""
|
||||
@@ -461,7 +469,8 @@ class Permission(db.Model):
|
||||
name = db.Column(db.Unicode(63), unique=True, nullable=False)
|
||||
description = db.Column(db.Unicode(511))
|
||||
groups = db.relationship(Group, secondary=group_permission_table,
|
||||
back_populates='permissions')
|
||||
back_populates='permissions')
|
||||
access_control_entry = db.relationship('AccessControlEntry', back_populates='required_permission')
|
||||
|
||||
|
||||
@event.listens_for(User.__table__, 'after_create')
|
||||
|
||||
Reference in New Issue
Block a user