discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity

init

Browse Source
This commit is contained in:
tonyrewin 2022-11-24 11:27:01 +03:00
parent 97ee88aff3
commit 786bd20275
6 changed files with 91 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
auth/authenticate.py
View File

@ -89,3 +89,18 @@ def login_required(func):
return await func(parent, info, *args, **kwargs) return await func(parent, info, *args, **kwargs)
return wrap return wrap
def permission_required(resource, operation, func):
@wraps(func)
async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
# print('[auth.authenticate] login required for %r with info %r' % (func, info)) # debug only
auth: AuthCredentials = info.context["request"].auth
if not auth.logged_in:
return {"error": auth.error_message or "Please login"}
# TODO: add check permission logix
return await func(parent, info, *args, **kwargs)
return wrap

1
migration/tables/replacements.json
View File

@ -420,6 +420,7 @@
"marketing": "marketing", "marketing": "marketing",
"marksizm": "marxism", "marksizm": "marxism",
"marsel-dyushan": "marchel-duchamp", "marsel-dyushan": "marchel-duchamp",
"marsel-prust": "marcel-proust",
"martin-haydegger": "martin-hidegger", "martin-haydegger": "martin-hidegger",
"matematika": "maths", "matematika": "maths",
"mayakovskiy": "vladimir-mayakovsky", "mayakovskiy": "vladimir-mayakovsky",

2
orm/__init__.py
View File

@ -32,8 +32,8 @@ def init_tables():
Resource.init_table() Resource.init_table()
User.init_table() User.init_table()
Community.init_table() Community.init_table()
Role.init_table()
UserRating.init_table() UserRating.init_table()
Shout.init_table() Shout.init_table()
Role.init_table()
ViewedEntry.init_table() ViewedEntry.init_table()
print("[orm] tables initialized") print("[orm] tables initialized")

12
orm/community.py
View File

@ -1,7 +1,6 @@
from datetime import datetime from datetime import datetime
from sqlalchemy import Column, String, ForeignKey, DateTime, Boolean from sqlalchemy import Column, String, ForeignKey, DateTime
from base.orm import Base, local_session from base.orm import Base, local_session
@ -11,10 +10,10 @@ class CommunityFollower(Base):
id = None # type: ignore id = None # type: ignore
follower = Column(ForeignKey("user.slug"), primary_key=True) follower = Column(ForeignKey("user.slug"), primary_key=True)
community = Column(ForeignKey("community.slug"), primary_key=True) community = Column(ForeignKey("community.slug"), primary_key=True)
createdAt = Column( joinedAt = Column(
DateTime, nullable=False, default=datetime.now, comment="Created at" DateTime, nullable=False, default=datetime.now, comment="Created at"
) )
auto = Column(Boolean, nullable=False, default=False) # role = Column(ForeignKey(Role.id), nullable=False, comment="Role for member")
class Community(Base): class Community(Base):
@ -27,7 +26,6 @@ class Community(Base):
createdAt = Column( createdAt = Column(
DateTime, nullable=False, default=datetime.now, comment="Created at" DateTime, nullable=False, default=datetime.now, comment="Created at"
) )
createdBy = Column(ForeignKey("user.slug"), nullable=False, comment="Author")
@staticmethod @staticmethod
def init_table(): def init_table():
@ -36,9 +34,7 @@ class Community(Base):
session.query(Community).filter(Community.slug == "discours").first() session.query(Community).filter(Community.slug == "discours").first()
) )
if not d: if not d:
d = Community.create( d = Community.create(name="Дискурс", slug="discours")
name="Дискурс", slug="discours", createdBy="anonymous"
)
session.add(d) session.add(d)
session.commit() session.commit()
Community.default_community = d Community.default_community = d

82
orm/rbac.py
View File

@ -7,6 +7,8 @@ from base.orm import Base, REGISTRY, engine, local_session
from orm.community import Community from orm.community import Community
# Role Based Access Control #
class ClassType(TypeDecorator): class ClassType(TypeDecorator):
impl = String impl = String
@ -42,18 +44,44 @@ class Role(Base):
@staticmethod @staticmethod
def init_table(): def init_table():
with local_session() as session: with local_session() as session:
default = session.query(Role).filter(Role.name == "author").first() r = session.query(Role).filter(Role.name == "author").first()
if default: if r:
Role.default_role = default Role.default_role = r
return return
default = Role.create( r1 = Role.create(
name="author", name="author",
desc="Role for author", desc="Role for an author",
community=1, community=1,
) )
Role.default_role = default session.add(r1)
Role.default_role = r1
r2 = Role.create(
name="reader",
desc="Role for a reader",
community=1,
)
session.add(r2)
r3 = Role.create(
name="expert",
desc="Role for an expert",
community=1,
)
session.add(r3)
r4 = Role.create(
name="editor",
desc="Role for an editor",
community=1,
)
session.add(r4)
class Operation(Base): class Operation(Base):
@ -63,10 +91,33 @@ class Operation(Base):
@staticmethod @staticmethod
def init_table(): def init_table():
with local_session() as session: with local_session() as session:
edit_op = session.query(Operation).filter(Operation.name == "edit").first() for name in ["create", "update", "delete", "load"]:
if not edit_op: """
edit_op = Operation.create(name="edit") * everyone can:
Operation.edit_id = edit_op.id # type: ignore - load shouts
- load topics
- load reactions
- create an account to become a READER
* readers can:
- update and delete their account
- load chats
- load messages
- create reaction of some shout's author allowed kinds
- create shout to become an AUTHOR
* authors can:
- update and delete their shout
- invite other authors to edit shout and chat
- manage allowed reactions for their shout
* pros can:
- create/update/delete their community
- create/update/delete topics for their community
"""
op = session.query(Operation).filter(Operation.name == name).first()
if not op:
op = Operation.create(name=name)
session.add(op)
session.commit()
class Resource(Base): class Resource(Base):
@ -75,14 +126,17 @@ class Resource(Base):
String, nullable=False, unique=True, comment="Resource class" String, nullable=False, unique=True, comment="Resource class"
) )
name = Column(String, nullable=False, unique=True, comment="Resource name") name = Column(String, nullable=False, unique=True, comment="Resource name")
# TODO: community = Column(ForeignKey())
@staticmethod @staticmethod
def init_table(): def init_table():
with local_session() as session: with local_session() as session:
shout_res = session.query(Resource).filter(Resource.name == "shout").first() for res in ["shout", "topic", "reaction", "chat", "message", "invite", "community", "user"]:
if not shout_res: r = session.query(Resource).filter(Resource.name == res).first()
shout_res = Resource.create(name="shout", resource_class="shout") if not r:
Resource.shout_id = shout_res.id # type: ignore r = Resource.create(name=res, resource_class=res)
session.add(r)
session.commit()
class Permission(Base): class Permission(Base):

2
resolvers/auth.py
View File

@ -80,8 +80,8 @@ async def confirm_email_handler(request):
def create_user(user_dict): def create_user(user_dict):
user = User(**user_dict) user = User(**user_dict)
user.roles.append(Role.default_role)
with local_session() as session: with local_session() as session:
user.roles.append(session.query(Role).first())
session.add(user) session.add(user)
session.commit() session.commit()
return user return user