add RoleStorage; add mutations for community

orm/__init__.py

@@ -1,4 +1,4 @@
-from orm.rbac import Operation, Resource, Permission, Role
+from orm.rbac import Operation, Resource, Permission, Role, RoleStorage
 from orm.community import Community
 from orm.user import User, UserRating, UserRole, UserStorage
 from orm.message import Message
@@ -18,4 +18,5 @@ Resource.init_table()
 with local_session() as session:
 	ShoutRatingStorage.init(session)
 	ShoutViewStorage.init(session)
+	RoleStorage.init(session)
 	UserStorage.init(session)

orm/rbac.py

@@ -1,9 +1,10 @@
 import warnings
 
 from typing import Type
+import asyncio
 
 from sqlalchemy import String, Integer, Column, ForeignKey, UniqueConstraint, TypeDecorator
-from sqlalchemy.orm import relationship
+from sqlalchemy.orm import relationship, selectinload
 
 from orm.base import Base, REGISTRY, engine, local_session
 
@@ -72,6 +73,34 @@ class Permission(Base):
 	operation_id: int = Column(ForeignKey("operation.id", ondelete="CASCADE"), nullable=False, comment="Operation")
 	resource_id: int = Column(ForeignKey("resource.id", ondelete="CASCADE"), nullable=False, comment="Resource")
 
+class RoleStorage:
+	roles = {}
+	lock = asyncio.Lock()
+
+	@staticmethod
+	def init(session):
+		self = RoleStorage
+		roles = session.query(Role).\
+			options(selectinload(Role.permissions)).all()
+		self.roles = dict([(role.id, role) for role in roles])
+
+	@staticmethod
+	async def get_role(id):
+		self = RoleStorage
+		async with self.lock:
+			return self.roles.get(id)
+
+	@staticmethod
+	async def add_role(role):
+		self = RoleStorage
+		async with self.lock:
+			self.roles[id] = role
+
+	@staticmethod
+	async def del_role(id):
+		self = RoleStorage
+		async with self.lock:
+			del self.roles[id]
 
 if __name__ == '__main__':
 	Base.metadata.create_all(engine)

orm/user.py

@@ -4,7 +4,7 @@ from datetime import datetime
 from sqlalchemy import Table, Column, Integer, String, ForeignKey, Boolean, DateTime, JSON as JSONType
 from sqlalchemy.orm import relationship, selectinload
 
-from orm import Permission
+from orm import RoleStorage
 from orm.base import Base, local_session
 from orm.rbac import Role
 from orm.topic import Topic
@@ -63,15 +63,14 @@ class User(Base):
 	topics = relationship(lambda: Topic, secondary=UserTopics)
 	old_id: str = Column(String, nullable = True)
 
-	@classmethod
-	def get_permission(self):
+	async def get_permission(self):
 		scope = {}
-		#TODO implement RoleStorage
-		#for role in self.roles:
-			# for p in role.permissions:
-				# if not p.resource_id in scope:
-					# scope[p.resource_id] = set()
-				# scope[p.resource_id].add(p.operation_id)
+		for user_role in self.roles:
+			role = await RoleStorage.get_role(user_role.id)
+			for p in role.permissions:
+				if not p.resource_id in scope:
+					scope[p.resource_id] = set()
+				scope[p.resource_id].add(p.operation_id)
 		return scope
 
 class UserStorage:
@@ -98,7 +97,7 @@ class UserStorage:
 			self.users[id] = user
 
 	@staticmethod
-	async def del_user(user):
+	async def del_user(id):
 		self = UserStorage
 		async with self.lock:
 			del self.users[id]