def delete(self, request: 'th_Request') -> responses.Response:
validator = validation.Dict({
"room_id": validation.Integer(),
"user_id": validation.Integer()
}, allow_undefined_keys=not self._strict_requests)
try:
# Validation
try: validator.validate(request.body)
except validation.Error as ve: return responses.Unprocessable(ve.errors)
room_id = request.body["room_id"]
user_id = request.body["user_id"]
# Query for authorization
try:
orm_room = self._m_rooms.get(room_id)
except NoResultFound: return responses.NotFoundByID("room_id")
# Authorization
auth_response = self._s_auth.authorize(Action.ROOMS_USERS_DELETE, request.user, orm_room.user_id)
if not isinstance(auth_response, responses.OKEmpty): return auth_response
# Query
try:
self._m_rooms_users.delete(room_id, user_id)
return responses.OKEmpty()
except NoResultFound: return responses.NotFoundByID("user_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)
def delete_self(self, request: 'th_Request'):
validator = validation.Dict(
{},
allow_none=True,
allow_empty=True,
allow_all_defined_keys_missing=True,
allow_undefined_keys=not self._strict_requests)
try:
# Validation
try:
validator.validate(request.body)
except validation.Error as ve:
return responses.Unprocessable(ve.errors)
# Authorization
auth_response = self._s_auth.authorize(Action.USERS_DELETE_SELF,
request.user)
if not isinstance(auth_response, responses.OKEmpty):
return auth_response
# Get the user's ID from request (Which gets it's user info from a token)
if not isinstance(request.user, Registered):
return responses.UnauthorizedNotLoggedIn()
user: Registered = request.user
# Query
try:
self._m_users.delete(user.user_id)
return responses.OKEmpty()
except NoResultFound:
return responses.NotFoundByID("user_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response:
validator = validation.Dict({
"user_id": validation.Integer(),
"reason": validation.String(length_min=orm.UsersBans.REASON_LEN_MIN, length_max=orm.UsersBans.REASON_LEN_MAX)
}, allow_undefined_keys=not self._strict_requests)
try:
# Validation
try: validator.validate(request.body)
except validation.Error as ve: return responses.Unprocessable(ve.errors)
user_id = request.body["user_id"]
# Query for authorization
try: orm_user_ban = self._m_users_bans.get(user_id)
except NoResultFound: return responses.NotFoundByID("user_id")
# Authorization
auth_response = self._s_auth.authorize(Action.USERS_BANS_UPDATE, request.user, orm_user_ban.banner_id)
if not isinstance(auth_response, responses.OKEmpty): return auth_response
# Query
try:
self._m_users_bans.update(user_id, request.body["reason"])
return responses.OKEmpty()
except NoResultFound: return responses.NotFoundByID("user_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response:
validator = validation.Dict({
"room_id": validation.Integer(),
"title": validation.String(length_min=orm.Rooms.TITLE_LEN_MIN, length_max=orm.Rooms.TITLE_LEN_MAX),
})
try:
# Validation
try: validator.validate(request.body)
except validation.Error as ve: return responses.Unprocessable(ve.errors)
room_id = request.body["room_id"]
# Query for authorization
try: orm_room = self._m_rooms.get(room_id)
except NoResultFound: return responses.NotFoundByID("room_id")
# Authorization
auth_response = self._s_auth.authorize(Action.ROOMS_UPDATE_TITLE, request.user, orm_room.user_id)
if not isinstance(auth_response, responses.OKEmpty): return auth_response
try:
self._m_rooms.update(room_id, request.body["title"])
return responses.OKEmpty()
except NoResultFound: return responses.NotFoundByID("room_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)
def authorize( self, actions: typing.Union['th_Action', typing.List['th_Action']], user: '******', allowed_ids: typing.Union[int, typing.List[int]] = None ) -> responses.Response: if not isinstance(actions, list): actions = [actions] # Can the user execute the given actions? if all([action in user.role.actions for action in actions]): return responses.OKEmpty() # The action can now be only executed by allowed user ids # Does this user have a user id? if not isinstance(user, Registered): return responses.UnauthorizedNotLoggedIn() # Are there any ids allowed? if allowed_ids is not None: if not isinstance(allowed_ids, list): allowed_ids = [allowed_ids] # Is user one of them? if user.user_id in allowed_ids: return responses.OKEmpty() return responses.Forbidden()
def update(self, request: 'th_Request') -> responses.Response:
validator = validation.Dict(
{
"post_id":
validation.Integer(),
"content":
validation.String(length_min=orm.Posts.CONTENT_LEN_MIN,
length_max=orm.Posts.CONTENT_LEN_MAX)
},
allow_undefined_keys=not self._strict_requests)
try:
# Validation
try:
validator.validate(request.body)
except validation.Error as ve:
return responses.Unprocessable(ve.errors)
post_id = request.body["post_id"]
# Query for authorization
try:
orm_post = self._m_posts.get(post_id)
except NoResultFound:
return responses.NotFoundByID("post_id")
# Authorization
auth_response = self._s_auth.authorize(Action.POSTS_UPDATE,
request.user,
orm_post.user_id)
if not isinstance(auth_response, responses.OKEmpty):
return auth_response
# TODO
# Also possible to revoke update access to the user on lost access to the room
# What about banned room checks
try:
self._m_posts.update(post_id, request.body["content"])
return responses.OKEmpty()
except NoResultFound:
return responses.NotFoundByID("post_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)
def delete(self, request: 'th_Request') -> responses.Response:
validator = validation.Dict(
{
"post_id": validation.Integer(),
},
allow_undefined_keys=not self._strict_requests)
try:
# Validation
try:
validator.validate(request.body)
except validation.Error as ve:
return responses.Unprocessable(ve.errors)
post_id = request.body["post_id"]
# Query for authorization
try:
orm_post = self._m_posts.get(post_id)
except NoResultFound:
return responses.NotFoundByID("post_id")
# Authorization
auth_response = self._s_auth.authorize(Action.POSTS_DELETE,
request.user,
orm_post.user_id)
if not isinstance(auth_response, responses.OKEmpty):
return auth_response
# Also possible to revoke delete access to the user on lost access to the room
# what about bans
try:
self._m_posts.delete(post_id)
return responses.OKEmpty()
except NoResultFound:
return responses.NotFoundByID("post_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response:
validator = validation.Dict(
{
"user_id":
validation.Integer(),
"role":
validation.Integer(allow_none=True),
"login":
validation.String(allow_none=True,
length_min=orm.Users.LOGIN_LEN_MIN,
length_max=orm.Users.LOGIN_LEN_MAX),
"name":
validation.String(allow_none=True,
length_min=orm.Users.NAME_LEN_MIN,
length_max=orm.Users.NAME_LEN_MAX),
"password":
validation.String(allow_none=True,
length_min=orm.Users.PASSWORD_LEN_MIN,
length_max=orm.Users.PASSWORD_LEN_MAX)
},
allow_undefined_keys=not self._strict_requests)
try:
# Validation
try:
validator.validate(request.body)
except validation.Error as ve:
return responses.Unprocessable(ve.errors)
user_id = request.body["user_id"]
# Authorization (certain attributes)
if "name" in request.body:
# Authorize name change
auth_response = self._s_auth.authorize(
Action.USERS_UPDATE_NAME, request.user, user_id)
if not isinstance(auth_response, responses.OKEmpty):
return auth_response
if "role" in request.body:
# Authorize role change
auth_response = self._s_auth.authorize(
Action.USERS_UPDATE_ROLE, request.user, None)
if not isinstance(auth_response, responses.OKEmpty):
return auth_response
if "login" in request.body or "password" in request.body:
# Authorize credential change
auth_response = self._s_auth.authorize(
Action.USERS_UPDATE_CRED, request.user, user_id)
if not isinstance(auth_response, responses.OKEmpty):
return auth_response
# Hash password
try:
passhash = None if "password" not in request.body else self._password_hasher.hash(
request.body["password"])
except HashingError as he:
return responses.InternalException(
he, {"password": ["Could not be hashed"]})
# Query
try:
self._m_users.update(user_id, request.body.get("role"),
request.body.get("login"),
request.body.get("name"), passhash)
return responses.OKEmpty()
except IntegrityError:
return responses.ConflictID("login")
except NoResultFound:
return responses.NotFoundByID("user_id")
except SQLAlchemyError as sqlae:
return responses.DatabaseException(sqlae)