Browse Source

core: introduce a master script and enable proper privilege checks

pull/32/head
Lephe 2 years ago
parent
commit
a3b867bab5
  1. 4
      V5.py
  2. 8
      app/models/users.py
  3. 56
      app/routes/admin/groups.py
  4. 21
      app/templates/admin/groups_privileges.html
  5. 2
      app/utils/priv_required.py
  6. 120
      master.py

4
V5.py

@ -1,8 +1,8 @@
from app import app, db
from app.models.users import User
from app.models.users import User, Guest, Member, Group, GroupPrivilege
# from app.models.models import Post
@app.shell_context_processor
def make_shell_context():
return {'db': db, 'User': User}
return globals()

8
app/models/users.py

@ -122,10 +122,10 @@ class Member(User, db.Model):
"""Check whether the member has the specified privilege."""
if SpecialPrivilege.query.filter_by(mid=self.id, priv=priv).first():
return True
return False
# return db.session.query(User, Group, GroupPrivilege).filter(
# Group.id.in_(User.groups), GroupPrivilege.gid==Group.id,
# GroupPrivilege.priv==priv).first() is not None
return db.session.query(Group, GroupPrivilege).filter(
Group.id.in_([ g.id for g in self.groups ]),
GroupPrivilege.gid==Group.id,
GroupPrivilege.priv==priv).first() is not None
def special_privileges(self):
"""List member's special privileges."""

56
app/routes/admin/groups.py

@ -12,61 +12,7 @@ import os
@app.route('/admin/groups', methods=['GET', 'POST'])
@priv_required('access-admin-panel')
def adm_groups():
class GroupRegenerationForm(FlaskForm):
submit = SubmitField(
'Régénérer les groupes, privilèges, et comptes communs')
form = GroupRegenerationForm()
if form.validate_on_submit():
# Clean up groups
for g in Group.query.all():
g.delete()
# Create base groups
groups = []
with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:
groups = yaml.load(fp.read())
for g in groups:
g["obj"] = Group(g["name"], g["css"], g["descr"])
db.session.add(g["obj"])
db.session.commit()
for g in groups:
for priv in g.get("privs", "").split():
db.session.add(GroupPrivilege(g["obj"], priv))
db.session.commit()
# Clean up test members
for name in "PlanèteCasio GLaDOS".split():
m = Member.query.filter_by(name=name).first()
if m is not None:
m.delete()
# Create template members
def addgroup(member, group):
g = Group.query.filter_by(name=group).first()
if g is not None:
member.groups.append(g)
m = Member('PlanèteCasio', 'contact@planet-casio.com', 'v5-forever')
addgroup(m, "Compte communautaire")
db.session.add(m)
m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')
m.xp = 1337
addgroup(m, "Robot")
db.session.add(m)
db.session.commit()
db.session.add(SpecialPrivilege(m, "edit-posts"))
db.session.add(SpecialPrivilege(m, "shoutbox-ban"))
db.session.commit()
users = Member.query.all()
groups = Group.query.all()
return render('admin/groups_privileges.html', users=users, groups=groups,
form=form)
return render('admin/groups_privileges.html', users=users, groups=groups)

21
app/templates/admin/groups_privileges.html

@ -49,26 +49,5 @@
</td></tr>
{% endfor %}
</table>
<h2>Restauration des groupes et privilèges</h2>
<p>Cette fonction régénère un ensemble minimal de groupes et membres
permettant de lancer le forum. Elle opère les modifications
suivantes :</p>
<ul>
<li>Suppression de tous les groupes.</li>
<li>Création des groupes Administrateur, Modérateur, Développeur,
Rédacteur, Responsable communauté, Partenaire, Compte communautaire,
Robot, Membre de CreativeCalc.</li>
<li>Attribution des privilèges associés à ces groupes.</li>
<li>Recréation des comptes communs : PlanèteCasio (compte communautaire),
GLaDOS (robot).</li>
</ul>
<form action='' method='POST'>
{{ form.hidden_tag() }}
{{ form.submit(class="bg-orange") }}
</form>
</section>
{% endblock %}

2
app/utils/priv_required.py

@ -26,8 +26,6 @@ def priv_required(*perms):
def wrapped(*args, **kwargs):
if request.method in EXEMPT_METHODS:
return func(*args, **kwargs)
elif app.config.get('LOGIN_DISABLED'):
return func(*args, **kwargs)
elif not current_user.is_authenticated:
return app.login_manager.unauthorized()
else:

120
master.py

@ -0,0 +1,120 @@
#! /usr/bin/python3
from app import app, db
from app.models.users import Member, Group, GroupPrivilege
from app.models.privs import SpecialPrivilege
import os
import sys
import yaml
help_msg = """
This is the Planète Casio master shell. Type 'exit' or C-D to leave.
Type 'members' to see a list of members and 'groups' to see a list of groups.
Type 'reset-groups-and-privs' to reset all groups and privileges to the
default. This function generates a minimal set of groups and members to prepare
the database.
1. Deletes all groups
2. Creates groups 'Administrateur', 'Modérateur', 'Développeur', 'Rédacteur',
'Responsable Communauté', 'Partenaire', 'Compte communautaire', 'Robot', and
'Membre de CreativeCalc'
3. Grants privileges related to these groups
4. Recreates common accounts: 'Planète Casio' (community account) and 'GLaDOS'
(robot)
Type 'add-group <member> #<group-id>' to add a new member to a group.
"""
def members():
for m in Member.query.all():
print(m.name)
def groups():
for g in Group.query.all():
print(f"#{g.id} {g.name}")
def reset_groups_and_privs():
# Clean up groups
for g in Group.query.all():
g.delete()
# Create base groups
groups = []
with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:
groups = yaml.load(fp.read())
for g in groups:
g["obj"] = Group(g["name"], g["css"], g["descr"])
db.session.add(g["obj"])
db.session.commit()
for g in groups:
for priv in g.get("privs", "").split():
db.session.add(GroupPrivilege(g["obj"], priv))
db.session.commit()
# Clean up test members
for name in "PlanèteCasio GLaDOS".split():
m = Member.query.filter_by(name=name).first()
if m is not None:
m.delete()
# Create template members
def addgroup(member, group):
g = Group.query.filter_by(name=group).first()
if g is not None:
member.groups.append(g)
m = Member('PlanèteCasio', 'contact@planet-casio.com', 'v5-forever')
addgroup(m, "Compte communautaire")
db.session.add(m)
m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')
m.xp = 1338
addgroup(m, "Robot")
db.session.add(m)
db.session.commit()
db.session.add(SpecialPrivilege(m, "edit-posts"))
db.session.add(SpecialPrivilege(m, "shoutbox-ban"))
db.session.commit()
def add_group(member, group):
if group[0] != '#':
print("error: group id should start with '#'.")
return
gid = int(group[1:])
g = Group.query.filter_by(id=gid).first()
m = Member.query.filter_by(name=member).first()
m.groups.append(g)
db.session.add(m)
db.session.commit()
print(help_msg)
commands = {
"exit": lambda: sys.exit(0),
"members": members,
"groups": groups,
"reset-groups-and-privs": reset_groups_and_privs,
"add-group": add_group,
}
while True:
try:
print('> ', end='')
cmd = input().split()
except EOFError:
sys.exit(0)
if not cmd: continue
if cmd[0] not in commands:
print("error: unknown command.")
else:
commands[cmd[0]](*cmd[1:])
Loading…
Cancel
Save