decorators.py 2.92 KB
Newer Older
Robin Sonnabend's avatar
Robin Sonnabend committed
1
from flask import flash
Robin Sonnabend's avatar
Robin Sonnabend committed
2
3
4

from functools import wraps

Robin Sonnabend's avatar
Robin Sonnabend committed
5
from models.database import ALL_MODELS
Robin Sonnabend's avatar
Robin Sonnabend committed
6
from shared import current_user
7
import back
Robin Sonnabend's avatar
Robin Sonnabend committed
8

Robin Sonnabend's avatar
Robin Sonnabend committed
9
10
11
12
ID_KEY = "id"
KEY_NOT_PRESENT_MESSAGE = "Missing {}_id."
OBJECT_DOES_NOT_EXIST_MESSAGE = "There is no {} with id {}."

Robin Sonnabend's avatar
Robin Sonnabend committed
13
14
MISSING_VIEW_RIGHT = "Dir fehlenden die nötigen Zugriffsrechte."

Robin Sonnabend's avatar
Robin Sonnabend committed
15

Robin Sonnabend's avatar
Robin Sonnabend committed
16
def default_redirect():
17
    return back.redirect()
Robin Sonnabend's avatar
Robin Sonnabend committed
18

Robin Sonnabend's avatar
Robin Sonnabend committed
19

Robin Sonnabend's avatar
Robin Sonnabend committed
20
def login_redirect():
21
    return back.redirect("login")
Robin Sonnabend's avatar
Robin Sonnabend committed
22

Robin Sonnabend's avatar
Robin Sonnabend committed
23

Robin Sonnabend's avatar
Robin Sonnabend committed
24
25
26
27
28
def db_lookup(*models, check_exists=True):
    def _decorator(function):
        @wraps(function)
        def _decorated_function(*args, **kwargs):
            for model in models:
Robin Sonnabend's avatar
Robin Sonnabend committed
29
                key = model.__model_name__
Robin Sonnabend's avatar
Robin Sonnabend committed
30
31
32
33
34
35
36
37
                id_key = "{}_{}".format(key, ID_KEY)
                if id_key not in kwargs:
                    flash(KEY_NOT_PRESENT_MESSAGE.format(key), "alert-error")
                    return default_redirect()
                obj_id = kwargs[id_key]
                obj = model.query.filter_by(id=obj_id).first()
                if check_exists and obj is None:
                    model_name = model.__class__.__name__
Robin Sonnabend's avatar
Robin Sonnabend committed
38
39
                    flash(OBJECT_DOES_NOT_EXIST_MESSAGE.format(
                        model_name, obj_id),
Robin Sonnabend's avatar
Robin Sonnabend committed
40
41
42
43
44
45
46
                        "alert-error")
                    return default_redirect()
                kwargs[key] = obj
                kwargs.pop(id_key)
            return function(*args, **kwargs)
        return _decorated_function
    return _decorator
Robin Sonnabend's avatar
Robin Sonnabend committed
47

Robin Sonnabend's avatar
Robin Sonnabend committed
48

Robin Sonnabend's avatar
Robin Sonnabend committed
49
50
def require_right(right, require_exist):
    necessary_right_name = "has_{}_right".format(right)
Robin Sonnabend's avatar
Robin Sonnabend committed
51

Robin Sonnabend's avatar
Robin Sonnabend committed
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
    def _decorator(function):
        @wraps(function)
        def _decorated_function(*args, **kwargs):
            user = current_user()
            for model in ALL_MODELS:
                model_name = model.__model_name__
                if model_name in kwargs:
                    model = kwargs[model_name]
                    if model is None:
                        if require_exist:
                            flash(MISSING_VIEW_RIGHT, "alert-error")
                            return login_redirect()
                        else:
                            continue
                    necessary_right = getattr(model, necessary_right_name)
                    if not necessary_right(user):
                        flash(MISSING_VIEW_RIGHT, "alert-error")
                        return login_redirect()
            return function(*args, **kwargs)
        return _decorated_function
    return _decorator

Robin Sonnabend's avatar
Robin Sonnabend committed
74

Robin Sonnabend's avatar
Robin Sonnabend committed
75
76
77
def require_public_view_right(require_exist=True):
    return require_right("public_view", require_exist)

Robin Sonnabend's avatar
Robin Sonnabend committed
78

Robin Sonnabend's avatar
Robin Sonnabend committed
79
80
81
def require_private_view_right(require_exist=True):
    return require_right("private_view", require_exist)

Robin Sonnabend's avatar
Robin Sonnabend committed
82

Robin Sonnabend's avatar
Robin Sonnabend committed
83
84
85
def require_modify_right(require_exist=True):
    return require_right("modify", require_exist)

Robin Sonnabend's avatar
Robin Sonnabend committed
86

Robin Sonnabend's avatar
Robin Sonnabend committed
87
88
89
def require_publish_right(require_exist=True):
    return require_right("publish", require_exist)

Robin Sonnabend's avatar
Robin Sonnabend committed
90

Robin Sonnabend's avatar
Robin Sonnabend committed
91
92
def require_admin_right(require_exist=True):
    return require_right("admin", require_exist)