aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/blueprints/api/tokens.py4
-rw-r--r--app/models.py11
-rw-r--r--app/templates/api/create_edit_token.html1
3 files changed, 15 insertions, 1 deletions
diff --git a/app/blueprints/api/tokens.py b/app/blueprints/api/tokens.py
index fcc22bb..b8da78d 100644
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -29,6 +29,8 @@ from wtforms.ext.sqlalchemy.fields import QuerySelectField
class CreateAPIToken(FlaskForm):
name = StringField("Name", [InputRequired(), Length(1, 30)])
+ package = QuerySelectField("Limit to package", allow_blank=True, \
+ get_pk=lambda a: a.id, get_label=lambda a: a.title)
submit = SubmitField("Save")
@@ -70,6 +72,8 @@ def create_edit_token(username, id=None):
access_token = session.pop("token_" + str(id), None)
form = CreateAPIToken(formdata=request.form, obj=token)
+ form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
+
if request.method == "POST" and form.validate():
if is_new:
token = APIToken()
diff --git a/app/models.py b/app/models.py
index 2e37758..1849075 100644
--- a/app/models.py
+++ b/app/models.py
@@ -864,12 +864,21 @@ class PackageScreenshot(db.Model):
class APIToken(db.Model):
id = db.Column(db.Integer, primary_key=True)
access_token = db.Column(db.String(34), unique=True)
+
name = db.Column(db.String(100), nullable=False)
owner_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
+ # owner is created using backref
+
created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
+ package_id = db.Column(db.Integer, db.ForeignKey("package.id"), nullable=True)
+ package = db.relationship("Package", foreign_keys=[package_id])
+
def canOperateOnPackage(self, package):
- return packages.count() == 0 or package in packages
+ if self.package and self.package != None:
+ return False
+
+ return package.owner == self.owner
class EditRequest(db.Model):
diff --git a/app/templates/api/create_edit_token.html b/app/templates/api/create_edit_token.html
index 582cb94..c56a097 100644
--- a/app/templates/api/create_edit_token.html
+++ b/app/templates/api/create_edit_token.html
@@ -47,6 +47,7 @@
{{ form.hidden_tag() }}
{{ render_field(form.name, placeholder="Human readable") }}
+ {{ render_field(form.package) }}
{{ render_submit_field(form.submit) }}
</form>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-19 02:12:50 +0000