crafty-4/app/classes/models/server_permissions.py
2022-04-11 11:08:36 +01:00

268 lines
9.6 KiB
Python

from enum import Enum
import logging
from peewee import (
ForeignKeyField,
CharField,
CompositeKey,
JOIN,
)
from app.classes.models.base_model import BaseModel
from app.classes.models.servers import Servers
from app.classes.models.roles import Roles
from app.classes.models.users import User_Roles, helper_users, ApiKeys, Users
from app.classes.shared.permission_helper import PermissionHelper
logger = logging.getLogger(__name__)
# **********************************************************************************
# Role Servers Class
# **********************************************************************************
class Role_Servers(BaseModel):
role_id = ForeignKeyField(Roles, backref="role_server")
server_id = ForeignKeyField(Servers, backref="role_server")
permissions = CharField(default="00000000")
class Meta:
table_name = "role_servers"
primary_key = CompositeKey("role_id", "server_id")
# **********************************************************************************
# Servers Permissions Class
# **********************************************************************************
class Enum_Permissions_Server(Enum):
Commands = 0
Terminal = 1
Logs = 2
Schedule = 3
Backup = 4
Files = 5
Config = 6
Players = 7
class Permissions_Servers:
@staticmethod
def get_or_create(role_id, server, permissions_mask):
return Role_Servers.get_or_create(
role_id=role_id, server_id=server, permissions=permissions_mask
)
@staticmethod
def get_permissions_list():
permissions_list = []
for member in Enum_Permissions_Server.__members__.items():
permissions_list.append(member[1])
return permissions_list
@staticmethod
def get_permissions(permissions_mask):
permissions_list = []
for member in Enum_Permissions_Server.__members__.items():
if Permissions_Servers.has_permission(permissions_mask, member[1]):
permissions_list.append(member[1])
return permissions_list
@staticmethod
def has_permission(permission_mask, permission_tested: Enum_Permissions_Server):
return permission_mask[permission_tested.value] == "1"
@staticmethod
def set_permission(
permission_mask, permission_tested: Enum_Permissions_Server, value
):
list_perms = list(permission_mask)
list_perms[permission_tested.value] = str(value)
permission_mask = "".join(list_perms)
return permission_mask
@staticmethod
def get_permission(permission_mask, permission_tested: Enum_Permissions_Server):
return permission_mask[permission_tested.value]
@staticmethod
def get_token_permissions(permissions_mask, api_permissions_mask):
permissions_list = []
for member in Enum_Permissions_Server.__members__.items():
if PermissionHelper.both_have_perm(
permissions_mask, api_permissions_mask, member[1]
):
permissions_list.append(member[1])
return permissions_list
# **********************************************************************************
# Role_Servers Methods
# **********************************************************************************
@staticmethod
def get_role_servers_from_role_id(roleid):
return Role_Servers.select().where(Role_Servers.role_id == roleid)
@staticmethod
def get_servers_from_role(role_id):
return (
Role_Servers.select()
.join(Servers, JOIN.INNER)
.where(Role_Servers.role_id == role_id)
)
@staticmethod
def get_roles_from_server(server_id):
return (
Role_Servers.select()
.join(Roles, JOIN.INNER)
.where(Role_Servers.server_id == server_id)
)
@staticmethod
def add_role_server(server_id, role_id, rs_permissions="00000000"):
servers = Role_Servers.insert(
{
Role_Servers.server_id: server_id,
Role_Servers.role_id: role_id,
Role_Servers.permissions: rs_permissions,
}
).execute()
return servers
@staticmethod
def get_permissions_mask(role_id, server_id):
permissions_mask = ""
role_server = (
Role_Servers.select()
.where(Role_Servers.role_id == role_id)
.where(Role_Servers.server_id == server_id)
.get()
)
permissions_mask = role_server.permissions
return permissions_mask
@staticmethod
def get_server_roles(server_id):
role_list = []
roles = (
Role_Servers.select().where(Role_Servers.server_id == server_id).execute()
)
for role in roles:
role_list.append(role.role_id)
return role_list
@staticmethod
def get_role_permissions_list(role_id):
permissions_mask = "00000000"
role_server = Role_Servers.get_or_none(Role_Servers.role_id == role_id)
if role_server is not None:
permissions_mask = role_server.permissions
permissions_list = Permissions_Servers.get_permissions(permissions_mask)
return permissions_list
@staticmethod
def update_role_permission(role_id, server_id, permissions_mask):
role_server = (
Role_Servers.select()
.where(Role_Servers.role_id == role_id)
.where(Role_Servers.server_id == server_id)
.get()
)
role_server.permissions = permissions_mask
Role_Servers.save(role_server)
@staticmethod
def delete_roles_permissions(role_id, removed_servers=None):
if removed_servers is None:
removed_servers = {}
return (
Role_Servers.delete()
.where(Role_Servers.role_id == role_id)
.where(Role_Servers.server_id.in_(removed_servers))
.execute()
)
@staticmethod
def remove_roles_of_server(server_id):
return (
Role_Servers.delete().where(Role_Servers.server_id == server_id).execute()
)
@staticmethod
def get_user_id_permissions_mask(user_id, server_id: str):
user = helper_users.get_user_model(user_id)
return Permissions_Servers.get_user_permissions_mask(user, server_id)
@staticmethod
def get_user_permissions_mask(user: Users, server_id: str):
if user.superuser:
permissions_mask = "1" * len(Permissions_Servers.get_permissions_list())
else:
roles_list = helper_users.get_user_roles_id(user.user_id)
role_server = (
Role_Servers.select()
.where(Role_Servers.role_id.in_(roles_list))
.where(Role_Servers.server_id == server_id)
.execute()
)
try:
permissions_mask = role_server[0].permissions
except IndexError:
permissions_mask = "0" * len(Permissions_Servers.get_permissions_list())
return permissions_mask
@staticmethod
def get_server_user_list(server_id):
final_users = []
server_roles = Role_Servers.select().where(Role_Servers.server_id == server_id)
super_users = Users.select().where(
Users.superuser == True # pylint: disable=singleton-comparison
)
for role in server_roles:
users = User_Roles.select().where(User_Roles.role_id == role.role_id)
for user in users:
if user.user_id.user_id not in final_users:
final_users.append(user.user_id.user_id)
for suser in super_users:
if suser.user_id not in final_users:
final_users.append(suser.user_id)
return final_users
@staticmethod
def get_user_id_permissions_list(user_id, server_id: str):
user = helper_users.get_user_model(user_id)
return Permissions_Servers.get_user_permissions_list(user, server_id)
@staticmethod
def get_user_permissions_list(user: Users, server_id: str):
if user.superuser:
permissions_list = Permissions_Servers.get_permissions_list()
else:
permissions_mask = Permissions_Servers.get_user_permissions_mask(
user, server_id
)
permissions_list = Permissions_Servers.get_permissions(permissions_mask)
return permissions_list
@staticmethod
def get_api_key_id_permissions_list(key_id, server_id: str):
key = ApiKeys.get(ApiKeys.token_id == key_id)
return Permissions_Servers.get_api_key_permissions_list(key, server_id)
@staticmethod
def get_api_key_permissions_list(key: ApiKeys, server_id: str):
user = helper_users.get_user(key.user_id)
if user["superuser"] and key.superuser:
return Permissions_Servers.get_permissions_list()
else:
roles_list = helper_users.get_user_roles_id(user["user_id"])
role_server = (
Role_Servers.select()
.where(Role_Servers.role_id.in_(roles_list))
.where(Role_Servers.server_id == server_id)
.execute()
)
user_permissions_mask = role_server[0].permissions
key_permissions_mask = key.Permissions_Servers
permissions_mask = PermissionHelper.combine_masks(
user_permissions_mask, key_permissions_mask
)
permissions_list = Permissions_Servers.get_permissions(permissions_mask)
return permissions_list