From 7e32f3198da099f4deb187b6591c98f951b6b797 Mon Sep 17 00:00:00 2001 From: "E. Almqvist" Date: Thu, 31 Mar 2022 17:10:30 +0200 Subject: [PATCH] Permissions & refactor --- src/app.rb | 5 +++++ src/const.rb | 26 +++++++++++++++++++--- src/db_init.rb | 6 +++++ src/db_models.rb | 52 ++++++++++++++++++++++++++++++++++++-------- src/views/admin.slim | 1 + 5 files changed, 78 insertions(+), 12 deletions(-) create mode 100644 src/views/admin.slim diff --git a/src/app.rb b/src/app.rb index c6322cd..2e82c4a 100755 --- a/src/app.rb +++ b/src/app.rb @@ -199,3 +199,8 @@ get "/auctions/:id" do end end + +# Admin panel +get "/admin" do + serve :admin, {flags: flags} +end diff --git a/src/const.rb b/src/const.rb index a4e83ab..a740428 100644 --- a/src/const.rb +++ b/src/const.rb @@ -7,9 +7,28 @@ MAX_REP = 100 PERM_LEVELS = { banned: 2**0, # denies the user everything - rmpost: 2**1, # allows the user to remove other peoples auctions - roleman: 2**2, # allows the user to manage other peoples roles + admin: 2**1, # admin role (gives all flags) + roleman: 2**2, # allows the user to manage roles cateman: 2**3, # allows the user to manage categories + rmpost: 2**4 # allows the user to remove other peoples auctions +} + +# Constant roles that will always exist +# IMPORTANT!: these ids are allocated for the specified roles. It is imperative that other roles have these ids! +ROLES = { + admin: { + id: 1, + name: "Admin", + color: "#4776C1", + flags: PERM_LEVELS[:admin] + }, + + banned: { + id: 2, + name: "Banned", + color: "#de2a1d", + flags: PERM_LEVELS[:banned] + } } # DB stuff @@ -44,4 +63,5 @@ TITLE_REGEX_STR = "{#{MIN_TITLE_LEN},#{MAX_TITLE_LEN}}" # Routes that needs auth -AUTH_ROUTES = %w[/settings /auction /user] +AUTH_ROUTES = %w[/settings /auction /user /admin] + diff --git a/src/db_init.rb b/src/db_init.rb index f1b29f7..b5e07ef 100644 --- a/src/db_init.rb +++ b/src/db_init.rb @@ -14,4 +14,10 @@ def db_init LOAD_MODELS.each do |model| model.init_table # init all tables end + + # Create all default roles + q = "INSERT OR IGNORE INTO Role (id, name, color, flags) VALUES (?, ?, ?, ?)" + ROLES.each do |id, role| + db.query(q, role[:id], role[:name], role[:color], role[:flags]) + end end diff --git a/src/db_models.rb b/src/db_models.rb index 23ca988..fb7a1d9 100644 --- a/src/db_models.rb +++ b/src/db_models.rb @@ -133,12 +133,27 @@ class User < EntityModel return true, user.id end - # Check if user has permission - # TODO: Make this work - def self.permitted?(id, perm) - user = self.find_by_id id - roles = user.roles - # check each role for flag + # Get a users flags + # Returns: bitmap int thingie + def flags + flags = 0 + self.roles.each do |role| + flags |= role.flags + end + return flags + end + + # Check if user has flags + # Returns: true or false depending whether the user has those flags + def permitted?(flag, *other_flags) + flags = self.get_flags(@id, self) + + flag_mask = flag + if other_flags then + other_flags.each do {|f| flag_mask |= f} + end + + return flags & flag_mask == flag_mask end end @@ -152,9 +167,17 @@ class Role < EntityModel @flags = data["flags"] end - # TODO: Check if role has specific flag - def has_flag?(flag) - # do bitwise ops + def has_flag?(flag, *other_flags) + flag_mask = PERM_LEVELS[flag] + + # Add other flags + if other_flags then + other_flags.each do |f| + flag_mask += PERM_LEVELS[f] + end + end + + return @flags & flag_mask == flag_mask # f AND m = m => flags exists end def self.find_by_name(name) @@ -178,6 +201,17 @@ end class User_Role_relation < EntityModel + def self.init_table + super + + # Add the "first user" to the admin role + search = self.get("role_id", "user_id=1") or [] + if search.length <= 0 then + q = "INSERT INTO #{self.name} (user_id, role_id) VALUES (?, ?)" + self.query(q, 1, 1) + end + end + def self.get_user_roles(user_id) roleids = self.get "role_id", "user_id = ?", user_id roles = roleids.map do |ent| diff --git a/src/views/admin.slim b/src/views/admin.slim new file mode 100644 index 0000000..7a3921f --- /dev/null +++ b/src/views/admin.slim @@ -0,0 +1 @@ +h1 Admin Panel