From 0cf87d73044f7dcfabc7e6a73b28f71d1bcd25d5 Mon Sep 17 00:00:00 2001 From: SvyatoslavArtymovych Date: Wed, 24 May 2023 14:48:47 +0300 Subject: [PATCH] permissions models --- app/models/__init__.py | 6 ++ app/models/permission.py | 79 ------------------- app/models/permission/__init__.py | 42 ++++++++++ app/models/permission/access_group.py | 18 +++++ app/models/permission/permission.py | 33 ++++++++ .../permission/permission_access_groups.py | 13 +++ app/models/permission/user_access_groups.py | 13 +++ app/models/user.py | 4 + 8 files changed, 129 insertions(+), 79 deletions(-) delete mode 100644 app/models/permission.py create mode 100644 app/models/permission/__init__.py create mode 100644 app/models/permission/access_group.py create mode 100644 app/models/permission/permission.py create mode 100644 app/models/permission/permission_access_groups.py create mode 100644 app/models/permission/user_access_groups.py diff --git a/app/models/__init__.py b/app/models/__init__.py index 10f72f8..62e385f 100644 --- a/app/models/__init__.py +++ b/app/models/__init__.py @@ -13,3 +13,9 @@ from .interpretation_vote import InterpretationVote from .tag import Tag from .interpretation_tag import InterpretationTag from .comment_tag import CommentTags +from .permission import ( + Permission, + AccessGroup, + UserAccessGroups, + PermissionAccessGroups, +) diff --git a/app/models/permission.py b/app/models/permission.py deleted file mode 100644 index b7f0b23..0000000 --- a/app/models/permission.py +++ /dev/null @@ -1,79 +0,0 @@ -from enum import IntEnum - -from app import db -from app.models.utils import BaseModel - -# access groups -# moderators(by default empty) -> root collection -> CRUD Interpretation, Comment -# editors(by default empty) -> root collection -> CRUD Collection, Section -# -# on create collection/section -> inherit parent's access groups -# - -# add to collection, sections, ... -# - access_groups -> access group table - -# access group: -# - name -# - users many-to-many = [] -# - permissions many-to-many = [] - -# permission: -# - access [Enum(CRUD)] -# - entity [Enum(collection, sections, ...)] -# - access_group -> access group table - -C = 1 -R = 2 -U = 4 -D = 8 - - -class _Permission(BaseModel): - __tablename__ = "permissions" - - # PAY ATTENTION ON SUB COLLECTIONS - - class Access(IntEnum): - UNKNOWN = 0 - C = 1 - R = 2 - CR = 3 - U = 4 - CU = 5 - RU = 6 - CRU = 7 - D = 8 - - access_to_entity = db.Column(db.Enum(AccessTo), default=AccessTo.UNKNOWN) - access_to_id = db.Column(db.Integer, nullable=False) - user_id = db.Column(db.Integer, db.ForeignKey("users.id")) - - # Relationships - user = db.relationship("User", viewonly=True) - - def __repr__(self): - return f"<{self.id}: u:{self.user_id} b:{self.book_id}>" - - -class Permission(BaseModel): - __tablename__ = "permissions" - - # PAY ATTENTION ON SUB COLLECTIONS - - class AccessTo(IntEnum): - UNKNOWN = 0 - BOOK = 1 - COLLECTION = 2 - SUB_COLLECTION = 3 - SECTION = 4 - - access_to_entity = db.Column(db.Enum(AccessTo), default=AccessTo.UNKNOWN) - access_to_id = db.Column(db.Integer, nullable=False) - user_id = db.Column(db.Integer, db.ForeignKey("users.id")) - - # Relationships - user = db.relationship("User", viewonly=True) - - def __repr__(self): - return f"<{self.id}: u:{self.user_id} b:{self.book_id}>" diff --git a/app/models/permission/__init__.py b/app/models/permission/__init__.py new file mode 100644 index 0000000..98c8b47 --- /dev/null +++ b/app/models/permission/__init__.py @@ -0,0 +1,42 @@ +# flake8: noqa F401 +from .access_group import AccessGroup +from .permission import Permission +from .user_access_groups import UserAccessGroups +from .permission_access_groups import PermissionAccessGroups + +# access groups +# moderators(by default empty) -> root collection -> CRUD Interpretation, Comment +# editors(by default empty) -> root collection -> CRUD Collection, Section +# +# on create collection/section -> inherit parent's access groups +# + +# add to collection, sections, ... +# - access_groups -> access group table + +# access group: +# - name +# - users many-to-many = [] +# - permissions many-to-many = [] + +# permission: +# - access [Enum(CRUD)] +# - entity [Enum(collection, sections, ...)] +# - access_group -> access group table + + +# Book +# Root Collection +# Collection A +# Section +# Section +# Collection B +# SubCollection B.1 +# Section +# Section +# SubCollection B.2 +# Section +# Section + +# If the user has CRUD access to Collection B it means that +# it has access to all nested entities(SubCollection B.1/B.2, Sections) diff --git a/app/models/permission/access_group.py b/app/models/permission/access_group.py new file mode 100644 index 0000000..1620e7d --- /dev/null +++ b/app/models/permission/access_group.py @@ -0,0 +1,18 @@ +from app import db +from app.models.utils import BaseModel + + +class AccessGroup(BaseModel): + __tablename__ = "access_groups" + + name = db.Column(db.String(32), unique=True, nullable=False) + + # Relationships + permissions = db.relationship( + "Permission", + secondary="permissions_access_groups", + back_populates="access_groups", + ) + users = db.relationship( + "User", secondary="users_access_groups", back_populates="permissions" + ) diff --git a/app/models/permission/permission.py b/app/models/permission/permission.py new file mode 100644 index 0000000..43a637d --- /dev/null +++ b/app/models/permission/permission.py @@ -0,0 +1,33 @@ +from enum import IntEnum + +from app import db +from app.models.utils import BaseModel + + +class Permission(BaseModel): + __tablename__ = "permissions" + + class Access(IntEnum): + C = 1 # 0b0001 + R = 2 # 0b0010 + U = 4 # 0b0100 + D = 8 # 0b1000 + # sum = 0b1111 + + class Entity(IntEnum): + UNKNOWN = 0 + BOOK = 1 + COLLECTION = 2 + SECTION = 3 + INTERPRETATION = 4 + COMMENT = 5 + + access = db.Column(db.Integer(), default=Access.C | Access.R | Access.U | Access.D) + entity = db.Column(db.Enum(Entity), default=Entity.UNKNOWN) + + # Relationships + access_groups = db.relationship( + "AccessGroup", + secondary="permissions_access_groups", + back_populates="permissions", + ) diff --git a/app/models/permission/permission_access_groups.py b/app/models/permission/permission_access_groups.py new file mode 100644 index 0000000..02f339c --- /dev/null +++ b/app/models/permission/permission_access_groups.py @@ -0,0 +1,13 @@ +from app import db +from app.models.utils import BaseModel + + +class PermissionAccessGroups(BaseModel): + __tablename__ = "permissions_access_groups" + + # Foreign keys + permission_id = db.Column(db.Integer, db.ForeignKey("permissions.id")) + access_group_id = db.Column(db.Integer, db.ForeignKey("access_groups.id")) + + def __repr__(self): + return f"