92 lines
3.6 KiB
Python
92 lines
3.6 KiB
Python
# Copyright (c) 2019. Tobias Kurze
|
|
"""
|
|
This module provides functions related to authentication through the API.
|
|
For example: listing of available auth providers or registration of users.
|
|
|
|
Login through API does not start a new session, but instead returns JWT.
|
|
"""
|
|
from flask_jwt_extended import jwt_required
|
|
from flask_restx import fields, Resource
|
|
|
|
from backend import db
|
|
from backend.api import api_permissions
|
|
from backend.models.user_model import Permission
|
|
|
|
permission_model = api_permissions.model('Permission', {
|
|
'id': fields.String(required=False, description='The permission\'s identifier'),
|
|
'name': fields.String(required=True, description='The permission\'s name'),
|
|
'description': fields.String(required=False, description='The permission\'s description'),
|
|
'groups': fields.List(fields.Nested(api_permissions.model('group_member',
|
|
{'id': fields.Integer(),
|
|
'name': fields.String(),
|
|
'description': fields.String()})),
|
|
required=False, description='Groups having the permission.'),
|
|
'access_control_entry': fields.Nested(api_permissions.model('group_member',
|
|
{'id': fields.Integer(),
|
|
'name': fields.String(),
|
|
'url': fields.String()}),
|
|
required=False, description="Access Control Entry"),
|
|
})
|
|
|
|
|
|
@api_permissions.route('/<int:id>')
|
|
@api_permissions.response(404, 'permission not found')
|
|
@api_permissions.param('id', 'The permission identifier')
|
|
class PermissionResource(Resource):
|
|
@jwt_required
|
|
@api_permissions.doc('get_permission')
|
|
@api_permissions.marshal_with(permission_model)
|
|
def get(self, id):
|
|
"""Fetch a user given its identifier"""
|
|
permission = Permission.get_by_id(id)
|
|
if permission is not None:
|
|
return permission
|
|
api_permissions.abort(404)
|
|
|
|
@jwt_required
|
|
@api_permissions.doc('delete_permission')
|
|
@api_permissions.response(204, 'permission deleted')
|
|
def delete(self, id):
|
|
"""Delete a permission given its identifier"""
|
|
permission = Permission.get_by_id(id)
|
|
if permission is not None:
|
|
permission.delete()
|
|
return '', 204
|
|
api_permissions.abort(404)
|
|
|
|
@jwt_required
|
|
@api_permissions.doc('update_permission')
|
|
@api_permissions.expect(permission_model)
|
|
@api_permissions.marshal_with(permission_model)
|
|
def put(self, id):
|
|
"""Update a task given its identifier"""
|
|
permission = Permission.get_by_id(id)
|
|
if permission is not None:
|
|
permission.name = api_permissions["name"]
|
|
db.session.commit()
|
|
return permission
|
|
api_permissions.abort(404)
|
|
|
|
|
|
@api_permissions.route('')
|
|
class PermissionList(Resource):
|
|
@jwt_required
|
|
@api_permissions.doc('permissions')
|
|
@api_permissions.marshal_list_with(permission_model)
|
|
def get(self):
|
|
"""
|
|
List all permissions
|
|
:return: permissions
|
|
"""
|
|
return Permission.get_all()
|
|
|
|
@jwt_required
|
|
@api_permissions.doc('create_permission')
|
|
@api_permissions.expect(permission_model)
|
|
@api_permissions.marshal_with(permission_model, code=201)
|
|
def post(self):
|
|
permission = Permission(**api_permissions.payload)
|
|
db.session.add(permission)
|
|
db.session.commit()
|
|
return permission
|