diff options
| author | rubenwardy <rw@rubenwardy.com> | 2019-11-22 14:33:22 +0000 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2019-11-27 01:06:58 +0000 |
| commit | 4ce388c8aa5d5502408609983535a9812d41d6d1 (patch) | |
| tree | 5ad9123949ca2068dfe975284d0f1b3acdf5b437 /app/models.py | |
| parent | cb5451fe5d49e0eda379e3cd636c54e8ea1a3f8e (diff) | |
| download | cheatdb-4ce388c8aa5d5502408609983535a9812d41d6d1.tar.xz | |
Add API Token creation
Diffstat (limited to 'app/models.py')
| -rw-r--r-- | app/models.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/app/models.py b/app/models.py index 9a80873..736a0dc 100644 --- a/app/models.py +++ b/app/models.py @@ -92,6 +92,7 @@ class Permission(enum.Enum): CREATE_THREAD = "CREATE_THREAD" UNAPPROVE_PACKAGE = "UNAPPROVE_PACKAGE" TOPIC_DISCARD = "TOPIC_DISCARD" + CREATE_TOKEN = "CREATE_TOKEN" # Only return true if the permission is valid for *all* contexts # See Package.checkPerm for package-specific contexts @@ -142,6 +143,7 @@ class User(db.Model, UserMixin): packages = db.relationship("Package", backref="author", lazy="dynamic") requests = db.relationship("EditRequest", backref="author", lazy="dynamic") threads = db.relationship("Thread", backref="author", lazy="dynamic") + tokens = db.relationship("APIToken", backref="owner", lazy="dynamic") replies = db.relationship("ThreadReply", backref="author", lazy="dynamic") def __init__(self, username, active=False, email=None, password=None): @@ -183,6 +185,11 @@ class User(db.Model, UserMixin): return user.rank.atLeast(UserRank.MODERATOR) elif perm == Permission.CHANGE_EMAIL: return user == self or (user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank)) + elif perm == Permission.CREATE_TOKEN: + if user == self: + return user.rank.atLeast(UserRank.MEMBER) + else: + return user.rank.atLeast(UserRank.MODERATOR) and user.rank.atLeast(self.rank) else: raise Exception("Permission {} is not related to users".format(perm.name)) @@ -776,6 +783,16 @@ class PackageScreenshot(db.Model): return self.url.replace("/uploads/", ("/thumbnails/{:d}/").format(level)) +class APIToken(db.Model): + id = db.Column(db.Integer, primary_key=True) + access_token = db.Column(db.String(34), unique=True) + name = db.Column(db.String(100), nullable=False) + owner_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False) + created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow) + + def canOperateOnPackage(self, package): + return packages.count() == 0 or package in packages + class EditRequest(db.Model): id = db.Column(db.Integer, primary_key=True) |