lrc-backend/backend/api/permission_api.py

#  Copyright (c) 2019. Tobias Kurze
"""
This module provides functions related to authentication through the API.
For example: listing of available auth providers or registration of users.

Login through API does not start a new session, but instead returns JWT.
"""
from flask_jwt_extended import jwt_required
from flask_restplus import fields, Resource

from backend import db
from backend.api import api_permissions
from backend.models.user_model import Permission

permission_model = api_permissions.model('Permission', {
    'id': fields.String(required=False, description='The permission\'s identifier'),
    'name': fields.String(required=True, description='The permission\'s name'),
    'description': fields.String(required=False, description='The permission\'s description'),
    'groups': fields.List(fields.Nested(api_permissions.model('group_member',
                                                              {'id': fields.Integer(),
                                                               'name': fields.String(),
                                                               'description': fields.String()})),
                          required=False, description='Groups having the permission.'),
    'access_control_entry': fields.Nested(api_permissions.model('group_member',
                                                                {'id': fields.Integer(),
                                                                 'name': fields.String(),
                                                                 'url': fields.String()}),
                                          required=False, description="Access Control Entry"),
})


@api_permissions.route('/<int:id>')
@api_permissions.response(404, 'permission not found')
@api_permissions.param('id', 'The permission identifier')
class PermissionResource(Resource):
    @jwt_required
    @api_permissions.doc('get_permission')
    @api_permissions.marshal_with(permission_model)
    def get(self, id):
        """Fetch a user given its identifier"""
        permission = Permission.get_by_id(id)
        if permission is not None:
            return permission
        api_permissions.abort(404)

    @jwt_required
    @api_permissions.doc('delete_permission')
    @api_permissions.response(204, 'permission deleted')
    def delete(self, id):
        """Delete a permission given its identifier"""
        permission = Permission.get_by_id(id)
        if permission is not None:
            permission.delete()
            return '', 204
        api_permissions.abort(404)

    @jwt_required
    @api_permissions.doc('update_permission')
    @api_permissions.expect(permission_model)
    @api_permissions.marshal_with(permission_model)
    def put(self, id):
        """Update a task given its identifier"""
        permission = Permission.get_by_id(id)
        if permission is not None:
            permission.name = api_permissions["name"]
            db.session.commit()
            return permission
        api_permissions.abort(404)


@api_permissions.route('')
class PermissionList(Resource):
    @jwt_required
    @api_permissions.doc('permissions')
    @api_permissions.marshal_list_with(permission_model)
    def get(self):
        """
        List all permissions
        :return: permissions
        """
        return Permission.get_all()

    @jwt_required
    @api_permissions.doc('create_permission')
    @api_permissions.expect(permission_model)
    @api_permissions.marshal_with(permission_model, code=201)
    def post(self):
        permission = Permission(**api_permissions.payload)
        db.session.add(permission)
        db.session.commit()
        return permission