async def has_perm(_: Response, user=Depends(current_user), perms=Body(...), superuser=Body(True)):
try:
return await user.has_perm(*listify(perms), superuser=superuser)
except BaseORMException:
raise x.ServiceError()
except Exception:
raise x.AppError()
async def update_permission(perm: UpdatePermissionVM,
user=Depends(current_user)):
if not await user.has_perm('permission.update'):
raise x.PermissionDenied()
try:
await Permission.update_permission(perm)
except BaseORMException:
raise x.ServiceError()
except Exception:
raise x.AppError()
async def create_group(res: Response,
group: CreateGroupVM,
user=Depends(current_user)):
if not await user.has_perm('group.create'):
raise x.PermissionDenied()
try:
if groupinst := await Group.create_group(**group.dict()):
res.status_code = 201
return groupinst.to_dict()
except (BaseORMException, RedisError):
raise x.ServiceError()
except Exception:
raise x.AppError()
async def delete_group(res: Response,
user=Depends(current_user),
group: str = Body(...)):
if not await user.has_perm('group.delete'):
raise x.PermissionDenied()
if not group:
raise x.FalsyDataError()
try:
if await Group.delete_group(group):
res.status_code = 204
except (BaseORMException, RedisError):
raise x.ServiceError()
except Exception:
raise x.AppError()
async def delete_permission(res: Response,
code: str = Body(..., min_length=3, max_length=20),
user=Depends(current_user)):
if not await user.has_perm('permission.delete'):
raise x.PermissionDenied()
try:
if perm := await Permission.get_or_none(code=code
).only('id', 'deleted_at'):
# TODO: Update group cache
# TODO: Find a place to rescan user permissions, maybe on /token?
await perm.soft_delete()
res.status_code = 204
except (BaseORMException, RedisError):
raise x.ServiceError()
except Exception:
raise x.AppError()
async def create_permission(res: Response,
perm: CreatePermissionVM,
user=Depends(current_user)):
if not await user.has_perm('permission.create'):
raise x.PermissionDenied()
if not perm.code:
raise x.FalsyDataError()
try:
perm.name = perm.name or ' '.join(i.capitalize()
for i in perm.code.split('.'))
if perm := await Permission.create(**perm.dict()):
res.status_code = 201
return perm.to_dict()
except BaseORMException:
raise x.ServiceError()
except Exception:
raise x.AppError()
async def detach_permission(res: Response, user=Depends(current_user), perms=Body(...)):
if not await user.has_perm('permission.detach'):
raise x.PermissionDenied()
if not perms:
raise x.FalsyDataError()
try:
usermod = await UserMod.get_or_none(email=user.email).only('id')
if not usermod:
raise x.NotFoundError('User')
await usermod.remove_permission(*listify(perms))
res.status_code = 204
except BaseORMException:
raise x.ServiceError()
except Exception:
raise x.AppError()
async def add_group(res: Response, user=Depends(current_user), group: str = Body(...)):
if not await user.has_perm('group.attach'):
raise x.PermissionDenied()
if not group:
raise x.FalsyDataError()
try:
usermod = await UserMod.get_or_none(email=user.email).only('id')
if not usermod:
raise x.NotFoundError('User')
if await usermod.add_group(group):
res.status_code = 204
except BaseORMException:
raise x.ServiceError()
except Exception:
raise x.AppError()
@permrouter.patch('/attach/group', summary='Attach a Permission to a Group')
async def assign_grouppermission(res: Response,
gp: GroupPermissionVM,
user=Depends(current_user)):
if not await user.has_perm('permission.attach'):
raise x.PermissionDenied()
try:
if group := await Group.get_or_none(name=gp.name).only('id'):
if permlist := await Permission.filter(code__in=listify(gp.codes)
).only('id'):
await group.permissions.add(*permlist)
res.status_code = 204
except (BaseORMException, RedisError):
raise x.ServiceError()
except Exception:
raise x.AppError()
@permrouter.delete('/detach/group', summary='Detach a Permission from a Group')
async def remove_grouppermission(res: Response,
gp: GroupPermissionVM,
user=Depends(current_user)):
if not await user.has_perm('permission.detach'):
raise x.PermissionDenied()
try:
if group := await Group.get_or_none(name=gp.name).only('id'):
if permlist := await Permission.filter(code__in=listify(gp.codes)
).only('id'):
await group.permissions.remove(*permlist)
