mirror of https://github.com/logos-co/open-law.git
wait for refactor routes
This commit is contained in:
parent
face847c69
commit
1a48bba423
|
@ -9,19 +9,29 @@ from app.logger import log
|
|||
def check_permissions(
|
||||
entity_type: m.Permission.Entity,
|
||||
access: list[m.Permission.Access],
|
||||
model: m,
|
||||
entity_id_field: str,
|
||||
entities_data: list[dict] | dict,
|
||||
):
|
||||
request_args = (
|
||||
{**request.view_args, **request.args} if request.view_args else {**request.args}
|
||||
)
|
||||
if type(entities_data) == dict:
|
||||
entities_data = [entities_data]
|
||||
entity = None
|
||||
for entity_data in entities_data:
|
||||
model = entity_data.get("model")
|
||||
entity_id_field = entity_data.get("entity_id_field")
|
||||
if not model or entity_id_field is None:
|
||||
raise ValueError(
|
||||
"One of required arguments(model, entity_id_field) is missions"
|
||||
)
|
||||
|
||||
entity_id = request_args.get(entity_id_field)
|
||||
if entity_id is None:
|
||||
raise ValueError("entity_id not found")
|
||||
entity: m.Book | m.Collection | m.Section | m.Interpretation = db.session.get(
|
||||
model, entity_id
|
||||
)
|
||||
|
||||
entity_id = request_args.get(entity_id_field)
|
||||
if entity_id is None:
|
||||
raise ValueError("entity_id not found")
|
||||
entity: m.Book | m.Collection | m.Section | m.Interpretation = db.session.get(
|
||||
model, entity_id
|
||||
)
|
||||
if not entity or not entity.access_groups:
|
||||
flash("You do not have permission", "warning")
|
||||
return make_response(redirect(url_for("home.get_all")))
|
||||
|
@ -62,8 +72,7 @@ def check_permissions(
|
|||
def require_permission(
|
||||
entity_type: m.Permission.Entity,
|
||||
access: list[m.Permission.Access],
|
||||
model: m,
|
||||
entity_id_field: str,
|
||||
entities_data: list[dict] | dict,
|
||||
):
|
||||
def decorator(f):
|
||||
@functools.wraps(f)
|
||||
|
@ -71,8 +80,7 @@ def require_permission(
|
|||
if response := check_permissions(
|
||||
entity_type=entity_type,
|
||||
access=access,
|
||||
model=model,
|
||||
entity_id_field=entity_id_field,
|
||||
entities_data=entities_data,
|
||||
):
|
||||
return response
|
||||
return f(*args, **kwargs)
|
||||
|
|
|
@ -116,8 +116,10 @@ def create():
|
|||
@require_permission(
|
||||
entity_type=m.Permission.Entity.BOOK,
|
||||
access=[m.Permission.Access.U],
|
||||
model=m.Book,
|
||||
entity_id_field="book_id",
|
||||
entity_data={
|
||||
"model": m.Book,
|
||||
"entity_id_field": "book_id",
|
||||
},
|
||||
)
|
||||
@login_required
|
||||
def edit(book_id: int):
|
||||
|
@ -145,6 +147,16 @@ def edit(book_id: int):
|
|||
|
||||
|
||||
@bp.route("/<int:book_id>/delete", methods=["POST"])
|
||||
@require_permission(
|
||||
entity_type=m.Permission.Entity.BOOK,
|
||||
access=[m.Permission.Access.D],
|
||||
entities_data=[
|
||||
{
|
||||
"model": m.Book,
|
||||
"entity_id_field": "book_id",
|
||||
}
|
||||
],
|
||||
)
|
||||
@login_required
|
||||
def delete(book_id: int):
|
||||
book: m.Book = db.session.get(m.Book, book_id)
|
||||
|
|
|
@ -14,6 +14,7 @@ from app.controllers.delete_nested_book_entities import (
|
|||
delete_nested_collection_entities,
|
||||
)
|
||||
from app import models as m, db, forms as f
|
||||
from app.controllers.require_permission import require_permission
|
||||
from app.logger import log
|
||||
from .bp import bp
|
||||
|
||||
|
@ -61,6 +62,12 @@ def sub_collection_view(book_id: int, collection_id: int):
|
|||
@bp.route("/<int:book_id>/create_collection", methods=["POST"])
|
||||
@bp.route("/<int:book_id>/<int:collection_id>/create_sub_collection", methods=["POST"])
|
||||
@register_book_verify_route(bp.name)
|
||||
@require_permission(
|
||||
entity_type=m.Permission.Entity.COLLECTION,
|
||||
access=[m.Permission.Access.C],
|
||||
model=m.Collection,
|
||||
entity_id_field="collection_id",
|
||||
)
|
||||
@login_required
|
||||
def collection_create(book_id: int, collection_id: int | None = None):
|
||||
book: m.Book = db.session.get(m.Book, book_id)
|
||||
|
|
Loading…
Reference in New Issue