Browse Source

core: introduce a master script and enable proper privilege checks

master
Lephe 6 months ago
parent
commit
a3b867bab5
6 changed files with 127 additions and 84 deletions
  1. +2
    -2
      V5.py
  2. +4
    -4
      app/models/users.py
  3. +1
    -55
      app/routes/admin/groups.py
  4. +0
    -21
      app/templates/admin/groups_privileges.html
  5. +0
    -2
      app/utils/priv_required.py
  6. +120
    -0
      master.py

+ 2
- 2
V5.py View File

@@ -1,8 +1,8 @@
from app import app, db
from app.models.users import User
from app.models.users import User, Guest, Member, Group, GroupPrivilege
# from app.models.models import Post


@app.shell_context_processor
def make_shell_context():
return {'db': db, 'User': User}
return globals()

+ 4
- 4
app/models/users.py View File

@@ -122,10 +122,10 @@ class Member(User, db.Model):
"""Check whether the member has the specified privilege."""
if SpecialPrivilege.query.filter_by(mid=self.id, priv=priv).first():
return True
return False
# return db.session.query(User, Group, GroupPrivilege).filter(
# Group.id.in_(User.groups), GroupPrivilege.gid==Group.id,
# GroupPrivilege.priv==priv).first() is not None
return db.session.query(Group, GroupPrivilege).filter(
Group.id.in_([ g.id for g in self.groups ]),
GroupPrivilege.gid==Group.id,
GroupPrivilege.priv==priv).first() is not None

def special_privileges(self):
"""List member's special privileges."""

+ 1
- 55
app/routes/admin/groups.py View File

@@ -12,61 +12,7 @@ import os
@app.route('/admin/groups', methods=['GET', 'POST'])
@priv_required('access-admin-panel')
def adm_groups():
class GroupRegenerationForm(FlaskForm):
submit = SubmitField(
'Régénérer les groupes, privilèges, et comptes communs')

form = GroupRegenerationForm()
if form.validate_on_submit():
# Clean up groups
for g in Group.query.all():
g.delete()

# Create base groups
groups = []
with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:
groups = yaml.load(fp.read())

for g in groups:
g["obj"] = Group(g["name"], g["css"], g["descr"])
db.session.add(g["obj"])
db.session.commit()

for g in groups:
for priv in g.get("privs", "").split():
db.session.add(GroupPrivilege(g["obj"], priv))
db.session.commit()

# Clean up test members
for name in "PlanèteCasio GLaDOS".split():
m = Member.query.filter_by(name=name).first()
if m is not None:
m.delete()

# Create template members

def addgroup(member, group):
g = Group.query.filter_by(name=group).first()
if g is not None:
member.groups.append(g)

m = Member('PlanèteCasio', 'contact@planet-casio.com', 'v5-forever')
addgroup(m, "Compte communautaire")
db.session.add(m)

m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')
m.xp = 1337
addgroup(m, "Robot")
db.session.add(m)
db.session.commit()

db.session.add(SpecialPrivilege(m, "edit-posts"))
db.session.add(SpecialPrivilege(m, "shoutbox-ban"))

db.session.commit()

users = Member.query.all()
groups = Group.query.all()

return render('admin/groups_privileges.html', users=users, groups=groups,
form=form)
return render('admin/groups_privileges.html', users=users, groups=groups)

+ 0
- 21
app/templates/admin/groups_privileges.html View File

@@ -49,26 +49,5 @@
</td></tr>
{% endfor %}
</table>

<h2>Restauration des groupes et privilèges</h2>

<p>Cette fonction régénère un ensemble minimal de groupes et membres
permettant de lancer le forum. Elle opère les modifications
suivantes :</p>

<ul>
<li>Suppression de tous les groupes.</li>
<li>Création des groupes Administrateur, Modérateur, Développeur,
Rédacteur, Responsable communauté, Partenaire, Compte communautaire,
Robot, Membre de CreativeCalc.</li>
<li>Attribution des privilèges associés à ces groupes.</li>
<li>Recréation des comptes communs : PlanèteCasio (compte communautaire),
GLaDOS (robot).</li>
</ul>

<form action='' method='POST'>
{{ form.hidden_tag() }}
{{ form.submit(class="bg-orange") }}
</form>
</section>
{% endblock %}

+ 0
- 2
app/utils/priv_required.py View File

@@ -26,8 +26,6 @@ def priv_required(*perms):
def wrapped(*args, **kwargs):
if request.method in EXEMPT_METHODS:
return func(*args, **kwargs)
elif app.config.get('LOGIN_DISABLED'):
return func(*args, **kwargs)
elif not current_user.is_authenticated:
return app.login_manager.unauthorized()
else:

+ 120
- 0
master.py View File

@@ -0,0 +1,120 @@
#! /usr/bin/python3

from app import app, db
from app.models.users import Member, Group, GroupPrivilege
from app.models.privs import SpecialPrivilege
import os
import sys
import yaml

help_msg = """
This is the Planète Casio master shell. Type 'exit' or C-D to leave.

Type 'members' to see a list of members and 'groups' to see a list of groups.

Type 'reset-groups-and-privs' to reset all groups and privileges to the
default. This function generates a minimal set of groups and members to prepare
the database.
1. Deletes all groups
2. Creates groups 'Administrateur', 'Modérateur', 'Développeur', 'Rédacteur',
'Responsable Communauté', 'Partenaire', 'Compte communautaire', 'Robot', and
'Membre de CreativeCalc'
3. Grants privileges related to these groups
4. Recreates common accounts: 'Planète Casio' (community account) and 'GLaDOS'
(robot)

Type 'add-group <member> #<group-id>' to add a new member to a group.
"""

def members():
for m in Member.query.all():
print(m.name)

def groups():
for g in Group.query.all():
print(f"#{g.id} {g.name}")

def reset_groups_and_privs():
# Clean up groups
for g in Group.query.all():
g.delete()

# Create base groups
groups = []
with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:
groups = yaml.load(fp.read())

for g in groups:
g["obj"] = Group(g["name"], g["css"], g["descr"])
db.session.add(g["obj"])
db.session.commit()

for g in groups:
for priv in g.get("privs", "").split():
db.session.add(GroupPrivilege(g["obj"], priv))
db.session.commit()

# Clean up test members
for name in "PlanèteCasio GLaDOS".split():
m = Member.query.filter_by(name=name).first()
if m is not None:
m.delete()

# Create template members

def addgroup(member, group):
g = Group.query.filter_by(name=group).first()
if g is not None:
member.groups.append(g)

m = Member('PlanèteCasio', 'contact@planet-casio.com', 'v5-forever')
addgroup(m, "Compte communautaire")
db.session.add(m)

m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')
m.xp = 1338
addgroup(m, "Robot")
db.session.add(m)
db.session.commit()

db.session.add(SpecialPrivilege(m, "edit-posts"))
db.session.add(SpecialPrivilege(m, "shoutbox-ban"))

db.session.commit()


def add_group(member, group):
if group[0] != '#':
print("error: group id should start with '#'.")
return
gid = int(group[1:])

g = Group.query.filter_by(id=gid).first()
m = Member.query.filter_by(name=member).first()

m.groups.append(g)
db.session.add(m)
db.session.commit()

print(help_msg)

commands = {
"exit": lambda: sys.exit(0),
"members": members,
"groups": groups,
"reset-groups-and-privs": reset_groups_and_privs,
"add-group": add_group,
}

while True:
try:
print('> ', end='')
cmd = input().split()
except EOFError:
sys.exit(0)

if not cmd: continue
if cmd[0] not in commands:
print("error: unknown command.")
else:
commands[cmd[0]](*cmd[1:])

Loading…
Cancel
Save