Permissions & refactor

3 years ago · 7e32f3198d
parent a2d0989bda
commit 7e32f3198d
5 changed files with 78 additions and 12 deletions
--- a/src/app.rb
+++ b/src/app.rb
@ -199,3 +199,8 @@ get "/auctions/:id" do
 	end
 end

+
+# Admin panel
+get "/admin" do
+	serve :admin, {flags: flags}
+end
--- a/src/const.rb
+++ b/src/const.rb
@ -7,9 +7,28 @@ MAX_REP 	= 100

 PERM_LEVELS = {
 	banned: 2**0, # denies the user everything
-	rmpost: 2**1, # allows the user to remove other peoples auctions
-	roleman: 2**2, # allows the user to manage other peoples roles
+	admin: 2**1, # admin role (gives all flags)
+	roleman: 2**2, # allows the user to manage roles
 	cateman: 2**3, # allows the user to manage categories
+	rmpost: 2**4 # allows the user to remove other peoples auctions
+}
+
+# Constant roles that will always exist
+# IMPORTANT!: these ids are allocated for the specified roles. It is imperative that other roles have these ids!
+ROLES = {
+	admin: {
+		id: 1, 		
+		name: "Admin",
+		color: "#4776C1",
+		flags: PERM_LEVELS[:admin]
+	},
+
+	banned: {
+		id: 2,
+		name: "Banned",
+		color: "#de2a1d",
+		flags: PERM_LEVELS[:banned]
+	}
 }

 # DB stuff
@ -44,4 +63,5 @@ TITLE_REGEX_STR = "{#{MIN_TITLE_LEN},#{MAX_TITLE_LEN}}"


 # Routes that needs auth
-AUTH_ROUTES = %w[/settings /auction /user]
+AUTH_ROUTES = %w[/settings /auction /user /admin]
+
--- a/src/db_init.rb
+++ b/src/db_init.rb
@ -14,4 +14,10 @@ def db_init
 	LOAD_MODELS.each do |model|
 		model.init_table # init all tables
 	end
+
+	# Create all default roles
+	q = "INSERT OR IGNORE INTO Role (id, name, color, flags) VALUES (?, ?, ?, ?)"
+	ROLES.each do |id, role|
+		db.query(q, role[:id], role[:name], role[:color], role[:flags])
+	end
 end
--- a/src/db_models.rb
+++ b/src/db_models.rb
@ -133,12 +133,27 @@ class User < EntityModel
 		return true, user.id
 	end

-	# Check if user has permission
-	# TODO: Make this work
-	def self.permitted?(id, perm)
-		user = self.find_by_id id
-		roles = user.roles
-		# check each role for flag
+	# Get a users flags
+	# Returns: bitmap int thingie
+	def flags
+		flags = 0
+		self.roles.each do |role|
+			flags |= role.flags
+		end
+		return flags
+	end
+
+	# Check if user has flags
+	# Returns: true or false depending whether the user has those flags
+	def permitted?(flag, *other_flags)
+		flags = self.get_flags(@id, self)
+
+		flag_mask = flag
+		if other_flags then
+			other_flags.each do {|f| flag_mask |= f}
+		end
+
+		return flags & flag_mask == flag_mask
 	end
 end

@ -152,9 +167,17 @@ class Role < EntityModel
 		@flags = data["flags"]
 	end

-	# TODO: Check if role has specific flag
-	def has_flag?(flag)
-		# do bitwise ops	
+	def has_flag?(flag, *other_flags)
+		flag_mask = PERM_LEVELS[flag]
+
+		# Add other flags
+		if other_flags then
+			other_flags.each do |f|
+				flag_mask += PERM_LEVELS[f]
+			end
+		end
+
+		return @flags & flag_mask == flag_mask # f AND m = m => flags exists
 	end

 	def self.find_by_name(name)
@ -178,6 +201,17 @@ end


 class User_Role_relation < EntityModel
+	def self.init_table
+		super
+		
+		# Add the "first user" to the admin role
+		search = self.get("role_id", "user_id=1") or []
+		if search.length <= 0 then
+			q = "INSERT INTO #{self.name} (user_id, role_id) VALUES (?, ?)"
+			self.query(q, 1, 1)
+		end
+	end
+
 	def self.get_user_roles(user_id)
 		roleids = self.get "role_id", "user_id = ?", user_id
 		roles = roleids.map do |ent| 
--- a/src/views/admin.slim
+++ b/src/views/admin.slim
@ -0,0 +1 @@
+h1 Admin Panel