Complete API documentation

clp-research · Jun 30, 2019 · 2147757 · 2147757
1 parent 002079f
commit 2147757
Show file tree

Hide file tree

Showing 13 changed files with 186 additions and 482 deletions.
diff --git a/app/__init__.py b/app/__init__.py
@@ -63,11 +63,6 @@ def before_request():
         if request.endpoint != 'login.index' and request.endpoint != "static":
             return login_manager.unauthorized()
 
-    if request.endpoint == 'admin.token' and not current_user.token.permissions.token_generate \
-            or request.endpoint == 'admin.task' and not current_user.token.permissions.task_create:
-        flash("Permission denied", "error")
-        return login_manager.unauthorized()
-
 
 if not Room.query.get("admin_room"):
     db.session.add(Room(name="admin_room",
@@ -78,11 +73,7 @@ def before_request():
                          id='00000000-0000-0000-0000-000000000000' if settings.debug else None,
                          permissions=Permissions(
                              user_query=True,
-                             user_log_query=True,
                              user_log_event=True,
-                             user_permissions_query=True,
-                             user_permissions_update=True,
-                             user_room_query=True,
                              user_room_join=True,
                              user_room_leave=True,
                              message_text=True,
@@ -93,7 +84,6 @@ def before_request():
                              room_log_query=True,
                              room_create=True,
                              room_update=True,
-                             room_close=True,
                              room_delete=True,
                              layout_query=True,
                              layout_create=True,

diff --git a/app/api/__init__.py b/app/api/__init__.py
@@ -127,7 +127,7 @@ def get_tokens():
 @api.route('/token/<string:id>', methods=['GET'])
 @auth.login_required
 def get_token(id):
-    if not g.current_permissions.token_query:
+    if not g.current_permissions.token_query and str(g.current_user.token) != id:
         return make_response(jsonify({'error': 'insufficient rights'}), 403)
 
     token = Token.query.get(id)
@@ -168,11 +168,7 @@ def post_token():
             source=data.get("source", None),
             permissions=Permissions(
                 user_query=data.get("user_query", False),
-                user_log_query=data.get("user_log_query", False),
                 user_log_event=data.get("user_log_event", False),
-                user_permissions_query=data.get("user_permissions_query", False),
-                user_permissions_update=data.get("user_permissions_update", False),
-                user_room_query=data.get("user_room_query", False),
                 user_room_join=data.get("user_room_join", False),
                 user_room_leave=data.get("user_room_leave", False),
                 message_text=data.get("message_text", False),
@@ -183,7 +179,6 @@ def post_token():
                 room_log_query=data.get("room_log_query", False),
                 room_create=data.get("room_create", False),
                 room_update=data.get("room_update", False),
-                room_close=data.get("room_close", False),
                 room_delete=data.get("room_delete", False),
                 layout_query=data.get("layout_query", False),
                 layout_create=data.get("layout_create", False),

diff --git a/app/api/task.py b/app/api/task.py
diff --git a/app/api/token.py b/app/api/token.py
diff --git a/app/api/user.py b/app/api/user.py
@@ -8,125 +8,6 @@
 from ..api.log import log_event
 
 
-@socketio.on('get_user')
-def _get_user(id):
-    current_id = current_user.get_id()
-    if not current_id:
-        return False, "invalid session id"
-
-    if id and not current_user.token.permissions.user_query:
-        return False, "insufficient rights"
-    user = User.query.get(id or current_id)
-    if user:
-        return True, user.as_dict()
-    else:
-        return False, "user does not exist"
-
-
-@socketio.on('get_user_task')
-def _get_user_task(id):
-    if not current_user.get_id():
-        return False, "invalid session id"
-    if id and not current_user.token.permissions.task_query:
-        return False, "insufficient rights"
-
-    if id:
-        user = User.query.get(id)
-    else:
-        user = current_user
-
-    if user:
-        return True, user.token.task.as_dict() if user.token and user.token.task else None
-    else:
-        return False, "user does not exist"
-
-
-@socketio.on('get_user_token')
-def _get_user_task(id):
-    if not current_user.get_id():
-        return False, "invalid session id"
-    if id and not current_user.token.permissions.token_query:
-        return False, "insufficient rights"
-
-    if id:
-        user = User.query.get(id)
-    else:
-        user = current_user
-
-    if user:
-        return True, user.token.as_dict() if user.token else None
-    else:
-        return False, "user does not exist"
-
-
-@socketio.on('get_user_permissions')
-def _get_user_permissions(id):
-    if not current_user.get_id():
-        return False, "invalid session id"
-    if id and not current_user.token.permissions.permissions_query:
-        return False, "insufficient rights"
-
-    if id:
-        user = User.query.get(id)
-    else:
-        user = current_user
-
-    if user:
-        return True, user.token.permissions.as_dict()
-    else:
-        return False, "user does not exist"
-
-
-@socketio.on('get_user_rooms')
-def _get_user_rooms(user_id):
-    if not current_user.get_id():
-        return False, "invalid session id"
-    if user_id and not current_user.token.permissions.user_room_query:
-        return False, "insufficient rights"
-
-    if user_id:
-        user = User.query.get(user_id)
-    else:
-        user = current_user
-
-    if user:
-        return True, [room.as_dict() for room in user.rooms]
-    else:
-        return False, "user does not exist"
-
-
-@socketio.on('get_user_rooms_logs')
-def _get_user_rooms_logs(user_id):
-    from ..models.user import User
-
-    if not current_user.get_id():
-        return False, "invalid session id"
-    if user_id and not current_user.token.permissions.user_log_query:
-        return False, "insufficient rights"
-
-    if user_id:
-        user = User.query.get(user_id)
-    else:
-        user = current_user
-
-    def filter_private_messages(logs, id):
-        for log in logs:
-            if log['event'] == "text_message" or log['event'] == "image_message":
-                # Filter only messages
-                if log['receiver']:
-                    # Private message
-                    if int(log['receiver']) != id and log['user']['id'] != id:
-                        # User not affected, continue the loop
-                        continue
-            yield log
-
-    if user:
-        return True, {room.name: list(filter_private_messages([log.as_dict() for log in room.logs], user.id))
-                      for room in user.rooms}
-    else:
-        return False, "user does not exist"
-
-
 @socketio.on('join_room')
 def _join_room(data):
     id = data.get('user')
@@ -159,7 +40,6 @@ def _join_room(data):
         log_event("join", user, room)
     db.session.commit()
 
-    print("join room:", room, user.session_id)
     join_room(room.name, user.session_id)
 
     return True
@@ -172,7 +52,7 @@ def _leave_room(data):
 
     if not current_user.get_id():
         return False, "invalid session id"
-    if id and not current_user.token.permissions.user_room_join:
+    if id and not current_user.token.permissions.user_room_leave:
         return False, "insufficient rights"
 
     if id:
@@ -186,14 +66,11 @@ def _leave_room(data):
     if not room:
         return False, "room does not exist"
 
-    print(user.as_dict())
-    print(room)
     user.rooms.remove(room)
     user.current_rooms.remove(room)
     socketio.emit('left_room', room.name, room=user.session_id)
     log_event("leave", user, room)
     db.session.commit()
-    print("leave room:", room, user.session_id)
     leave_room(room.name, user.session_id)
 
     return True
diff --git a/app/models/permission.py b/app/models/permission.py
@@ -7,11 +7,7 @@ class Permissions(Base):
     __tablename__ = 'Permissions'
 
     user_query = db.Column(db.Boolean, nullable=False, default=False)
-    user_log_query = db.Column(db.Boolean, nullable=False, default=False)
     user_log_event = db.Column(db.Boolean, nullable=False, default=False)
-    user_permissions_query = db.Column(db.Boolean, nullable=False, default=False)
-    user_permissions_update = db.Column(db.Boolean, nullable=False, default=False)
-    user_room_query = db.Column(db.Boolean, nullable=False, default=False)
     user_room_join = db.Column(db.Boolean, nullable=False, default=False)
     user_room_leave = db.Column(db.Boolean, nullable=False, default=False)
     message_text = db.Column(db.Boolean, nullable=False, default=False)
@@ -22,7 +18,6 @@ class Permissions(Base):
     room_log_query = db.Column(db.Boolean, nullable=False, default=False)
     room_create = db.Column(db.Boolean, nullable=False, default=False)
     room_update = db.Column(db.Boolean, nullable=False, default=False)
-    room_close = db.Column(db.Boolean, nullable=False, default=False)
     room_delete = db.Column(db.Boolean, nullable=False, default=False)
     layout_query = db.Column(db.Boolean, nullable=False, default=False)
     layout_create = db.Column(db.Boolean, nullable=False, default=False)
@@ -41,13 +36,8 @@ def as_dict(self):
             'user': {
                 'query': self.user_query,
                 'log': {
-                    'query': self.user_log_query,
                     'event': self.user_log_event,
                 },
-                'permissions': {
-                    'query': self.user_permissions_query,
-                    'update': self.user_permissions_update,
-                },
                 'room': {
                     'join': self.user_room_join,
                     'leave': self.user_room_leave,
@@ -63,7 +53,6 @@ def as_dict(self):
                 'query': self.room_query,
                 'create': self.room_create,
                 'update': self.room_update,
-                'close': self.room_close,
                 'delete': self.room_delete,
                 'log': {
                     'query': self.room_log_query,

diff --git a/app/models/token.py b/app/models/token.py
@@ -26,7 +26,7 @@ def as_dict(self):
             'user': self.user_id,
             'task': self.task_id,
             'room': self.room_name,
-            'permissions': self.permissions_id,
+            'permissions': self.permissions.as_dict(),
             'source': self.source,
             'valid': self.valid,
         }, **super(Token, self).as_dict())
diff --git a/app/static/js/connection.js b/app/static/js/connection.js
@@ -90,6 +90,7 @@ $(document).ready(() => {
 
         let user = await user_request;
         self_user = { id: user.id, name: user.name };
+        let token = $.get({ url: uri + "/token/" + user.token, beforeSend: headers });
 
         users = {};
         for (let user_id in room.current_users) {
@@ -104,21 +105,15 @@ $(document).ready(() => {
             print_history(history[room.name]);
         }
 
+        apply_user_permissions((await token).permissions);
+
     }
 
     async function left_room(data) {}
 
     socket.on('joined_room', joined_room);
     socket.on('left_room', left_room);
 
-    socket.on('connect', (data) => {
-        socket.emit("get_user_permissions", null, (success, permissions) => {
-            if (verify_query(success, permissions)) {
-                apply_user_permissions(permissions);
-            }
-        });
-    });
-
     socket.on('status', function (data) {
         if (typeof self_user === "undefined")
             return;