def remove_permission(request):
data = json_from_request(request)
expected_keys = ["user_id"]
check_keys(expected_keys, data)
if "permission_id" not in data.keys() and "all" not in data.keys():
raise MissingKeyError("permission_id or all")
# Check user specified is in the correct school
user = get_record_by_id(data['user_id'], User, CustomError(409, message="Invalid user_id."))
if "all" in data.keys() and data['all'] is True:
user.permissions = []
else:
# Check the permission specified is in the correct school
permission = get_permission_by_id(data['permission_id'], CustomError(409, message="Invalid permission_id."))
# Check the user has the permission
if permission.id not in [p.id for p in user.permissions]:
raise CustomError(
409,
message="User with id: {} does not have permission with id: {}".format(data['user_id'],
data['permission_id'])
)
user.permissions.remove(permission)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 200
def remove_role(request):
data = json_from_request(request)
expected_keys = ["user_id", "role_id"]
check_keys(expected_keys, data)
user = get_user_by_id(data['user_id'],
custom_not_found_error=CustomError(
409, message="Invalid user_id."))
role = get_role_by_id(data['role_id'],
custom_not_found_error=CustomError(
409, message="Invalid role_id."))
# Check the user has the role
if data['role_id'] not in [r.id for r in user.roles]:
raise CustomError(
409,
message="User with id: {} does not have role with id: {}".format(
data['user_id'], data['role_id']))
user.roles.remove(role)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 200
def grant_role(request):
data = json_from_request(request)
expected_keys = ["user_id", "role_id"]
check_keys(expected_keys, data)
user = get_user_by_id(data['user_id'],
custom_not_found_error=CustomError(
409, message="Invalid user_id"))
role = get_role_by_id(data['role_id'],
custom_not_found_error=CustomError(
409, message="Invalid role_id"))
# Check that the user does not have the permission
for inner_role in user.roles:
if inner_role.id == data['role_id']:
raise CustomError(
409,
message="User with id: {} already has role with id: {}".format(
data['user_id'], data['role_id']))
user.roles.append(role)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 201
def set_default_permissions(request):
"""
Create default roles and permissions for school.
Uses the currently logged in user as the initial admin.
Only works if permissions do not exist yet.
"""
school_id = g.user.school_id
# Check permissions not created yet.
if Permission.query.filter_by(school_id=school_id).first() is not None:
raise CustomError(401, message='Permissions already setup.')
# Create permissions
for permission in Permission.default_permissions(school_id):
db.session.add(permission)
db.session.commit()
# Create roles
for role in Role.default_roles(school_id):
db.session.add(role)
db.session.commit()
# Assign user to admin role
role = Role.query.filter_by(name="ADMINISTRATOR", school_id=school_id).first()
g.user.roles.append(role)
db.session.add(g.user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 201
def role_create(request):
# Create a new role
data = json_from_request(request)
expected_keys = ["name", "permissions"]
check_keys(expected_keys, data)
# Check name not in use
if Role.query.filter_by(name=data['name'],
school_id=g.user.school_id).first() is not None:
raise FieldInUseError("name")
# Check all permissions are valid
permissions = Permission.query.filter(
Permission.id.in_(data['permissions']),
Permission.school_id == g.user.school_id)
if permissions.count() != len(data['permissions']):
raise CustomError(409, message="Invalid Permission.")
role = Role(name=data['name'], school_id=g.user.school_id)
[role.permissions.append(p) for p in permissions]
db.session.add(role)
db.session.commit()
return jsonify({'success': True, 'role': role.to_dict()}), 201
def grant_permission(request):
data = json_from_request(request)
expected_keys = ["user_id", "permission_id"]
check_keys(expected_keys, data)
# Check user specified is in the correct school
user = get_record_by_id(data['user_id'], User, CustomError(409, message="Invalid user_id."))
# Check the permission specified is in the correct school
permission = get_permission_by_id(data['permission_id'], CustomError(409, message="Invalid permission_id."))
# Check user does not have the permission
for p in user.permissions:
if p.id == data['permission_id']:
raise CustomError(409, message="User with id: {} already has permission with id: {}".format(
data['user_id'], data['permission_id']))
user.permissions.append(permission)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 201
def role_update(request, role_id):
role = get_role_by_id(role_id)
data = json_from_request(request)
if "name" in data.keys():
role.name = data['name']
if "permissions" in data.keys():
# Check all permissions are valid
permissions = Permission.query.filter(
Permission.id.in_(data['permissions']),
Permission.school_id == g.user.school_id)
if permissions.count() != len(data['permissions']):
raise CustomError(409, message="Invalid Permission.")
role.permissions = [p for p in permissions]
db.session.add(role)
db.session.commit()
return jsonify({'success': True, "message": "Updated."})