discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity

context user fix

Browse Source
This commit is contained in:
Igor Lobanov
2022-12-01 15:45:19 +01:00
parent 8464398aaf
commit 25924ac136
13 changed files with 190 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
resolvers/create/collab.py
View File

@@ -1,4 +1,5 @@
from auth.authenticate import login_required
from auth.credentials import AuthCredentials
from base.orm import local_session
from base.resolvers import query, mutation
from base.exceptions import ObjectNotExist, BaseHttpException
@@ -10,26 +11,28 @@ from orm.user import User
@query.field("getCollabs")
@login_required
async def get_collabs(_, info):
user = info.context["request"].user
auth: AuthCredentials = info.context["request"].auth
with local_session() as session:
collabs = session.query(Collab).filter(user.slug in Collab.authors)
collabs = session.query(Collab).filter(auth.user_id in Collab.authors)
return collabs
@mutation.field("inviteCoauthor")
@login_required
async def invite_coauthor(_, info, author: str, shout: int):
user = info.context["request"].user
auth: AuthCredentials = info.context["request"].auth
with local_session() as session:
s = session.query(Shout).where(Shout.id == shout).one()
if not s:
raise ObjectNotExist("invalid shout id")
else:
c = session.query(Collab).where(Collab.shout == shout).one()
if user.slug not in c.authors:
if auth.user_id not in c.authors:
raise BaseHttpException("you are not in authors list")
else:
invited_user = session.query(User).where(User.slug == author).one()
invited_user = session.query(User).where(User.id == author).one()
c.invites.append(invited_user)
session.add(c)
session.commit()
@@ -41,16 +44,17 @@ async def invite_coauthor(_, info, author: str, shout: int):
@mutation.field("removeCoauthor")
@login_required
async def remove_coauthor(_, info, author: str, shout: int):
user = info.context["request"].user
auth: AuthCredentials = info.context["request"].auth
with local_session() as session:
s = session.query(Shout).where(Shout.id == shout).one()
if not s:
raise ObjectNotExist("invalid shout id")
if user.slug != s.createdBy.slug:
raise BaseHttpException("only onwer can remove coauthors")
if auth.user_id != s.createdBy:
raise BaseHttpException("only owner can remove coauthors")
else:
c = session.query(Collab).where(Collab.shout == shout).one()
ca = session.query(CollabAuthor).where(c.shout == shout, c.author == author).one()
ca = session.query(CollabAuthor).join(User).where(c.shout == shout, User.slug == author).one()
session.remve(ca)
c.invites = filter(lambda x: x.slug == author, c.invites)
c.authors = filter(lambda x: x.slug == author, c.authors)
@@ -64,14 +68,15 @@ async def remove_coauthor(_, info, author: str, shout: int):
@mutation.field("acceptCoauthor")
@login_required
async def accept_coauthor(_, info, shout: int):
user = info.context["request"].user
auth: AuthCredentials = info.context["request"].auth
with local_session() as session:
s = session.query(Shout).where(Shout.id == shout).one()
if not s:
raise ObjectNotExist("invalid shout id")
else:
c = session.query(Collab).where(Collab.shout == shout).one()
accepted = filter(lambda x: x.slug == user.slug, c.invites).pop()
accepted = filter(lambda x: x.id == auth.user_id, c.invites).pop()
if accepted:
c.authors.append(accepted)
s.authors.append(accepted)

36
resolvers/create/editor.py
View File

@@ -3,6 +3,7 @@ from datetime import datetime, timezone
from sqlalchemy import and_
from auth.authenticate import login_required
from auth.credentials import AuthCredentials
from base.orm import local_session
from base.resolvers import mutation
from orm.rbac import Resource
@@ -19,7 +20,7 @@ from orm.collab import Collab
@mutation.field("createShout")
@login_required
async def create_shout(_, info, inp):
user = info.context["request"].user
auth: AuthCredentials = info.context["request"].auth
topic_slugs = inp.get("topic_slugs", [])
if topic_slugs:
@@ -37,24 +38,24 @@ async def create_shout(_, info, inp):
"mainTopic": inp.get("topics", []).pop(),
"visibility": "authors"
})
authors.remove(user.slug)
authors.remove(auth.user_id)
if authors:
chat = create_chat(None, info, new_shout.title, members=authors)
# create a cooperative chatroom
MessagesStorage.register_chat(chat)
await MessagesStorage.register_chat(chat)
# now we should create a collab
new_collab = Collab.create({
"shout": new_shout.id,
"authors": [user.slug, ],
"authors": [auth.user_id, ],
"invites": authors
})
session.add(new_collab)
# NOTE: shout made by one first author
sa = ShoutAuthor.create(shout=new_shout.id, user=user.id)
sa = ShoutAuthor.create(shout=new_shout.id, user=auth.user_id)
session.add(sa)
reactions_follow(user, new_shout.slug, True)
reactions_follow(auth.user_id, new_shout.slug, True)
if "mainTopic" in inp:
topic_slugs.append(inp["mainTopic"])
@@ -65,11 +66,11 @@ async def create_shout(_, info, inp):
st = ShoutTopic.create(shout=new_shout.id, topic=topic.id)
session.add(st)
tf = session.query(TopicFollower).where(
and_(TopicFollower.follower == user.id, TopicFollower.topic == topic.id)
and_(TopicFollower.follower == auth.user_id, TopicFollower.topic == topic.id)
)
if not tf:
tf = TopicFollower.create(follower=user.id, topic=topic.id, auto=True)
tf = TopicFollower.create(follower=auth.user_id, topic=topic.id, auto=True)
session.add(tf)
new_shout.topic_slugs = topic_slugs
@@ -77,7 +78,8 @@ async def create_shout(_, info, inp):
session.commit()
GitTask(inp, user.username, user.email, "new shout %s" % new_shout.slug)
# TODO
# GitTask(inp, user.username, user.email, "new shout %s" % new_shout.slug)
return {"shout": new_shout}
@@ -85,18 +87,17 @@ async def create_shout(_, info, inp):
@mutation.field("updateShout")
@login_required
async def update_shout(_, info, inp):
auth = info.context["request"].auth
user_id = auth.user_id
auth: AuthCredentials = info.context["request"].auth
slug = inp["slug"]
with local_session() as session:
user = session.query(User).filter(User.id == user_id).first()
user = session.query(User).filter(User.id == auth.user_id).first()
shout = session.query(Shout).filter(Shout.slug == slug).first()
if not shout:
return {"error": "shout not found"}
authors = [author.id for author in shout.authors]
if user_id not in authors:
if auth.user_id not in authors:
scopes = auth.scopes
print(scopes)
if Resource.shout not in scopes:
@@ -115,7 +116,7 @@ async def update_shout(_, info, inp):
ShoutTopic.create(shout=slug, topic=topic)
session.commit()
GitTask(inp, user.username, user.email, "update shout %s" % (slug))
GitTask(inp, user.username, user.email, "update shout %s" % slug)
return {"shout": shout}
@@ -123,18 +124,17 @@ async def update_shout(_, info, inp):
@mutation.field("deleteShout")
@login_required
async def delete_shout(_, info, slug):
auth = info.context["request"].auth
user_id = auth.user_id
auth: AuthCredentials = info.context["request"].auth
with local_session() as session:
shout = session.query(Shout).filter(Shout.slug == slug).first()
authors = [a.id for a in shout.authors]
if not shout:
return {"error": "invalid shout slug"}
if user_id not in authors:
if auth.user_id not in authors:
return {"error": "access denied"}
for a in authors:
reactions_unfollow(a.slug, slug, True)
reactions_unfollow(a.id, slug)
shout.deletedAt = datetime.now(tz=timezone.utc)
session.add(shout)
session.commit()